Risky Use of Real Data In Application Development and Testing Widespread

Over two-thirds of firms don't mask their live production data in application testing and development

Dark Reading Staff, Dark Reading

August 21, 2009

2 Min Read

Most organizations in the U.S. and U.K. put their sensitive customer and company data at risk during their application development and testing processes, according to a new study.

Although nearly 80 percent of the firms surveyed in the Ponemon Institute report say they have been hit by at least one data breach in the past 12 months, most of them use live customer records, employee records, credit cards, and other sensitive company information in their development and testing of applications. And 70 percent of them don't bother using any data-masking methods to protect that data, according to the report, which was commissioned by Micro Focus.

"These new survey findings strongly suggest that businesses are more concerned with completing application tests, even at the expense of sensitive customer and personal data," said Larry Ponemon, CEO of the Ponemon Institute. "It is understandable that organizations want to be efficient in this often time-consuming process, but cutting corners by not masking the data could cause irreparable damage to a company's database and reputation if a major breach were to happen."

Around 64 percent use this confidential data for development and testing purposes on a weekly basis, and 90 percent, on a monthly basis. And only 7 percent say data security in development and testing is more rigorous than in regular production. Two-thirds of the firms -- -- say they use test files bigger than one terabyte, with some using over 50 terabytes of live data in the tests.

Over 60 percent of UK firms and over 50 percent of U.S. firms use customer records in their application development and testing processes, and 45 percent of U.S. firms and 40 percent of UK firms use employee records. Over 40 percent of U.S. companies use credit card information in their testing, and 45 percent, confidential company information.

And all this while they admit to being uncomfortable with how their organization protects this data. Around 77 percent of U.S. respondents say they disagree or are unsure if their organization has sufficient protections for that data, and 70 percent of UK respondents said the same.

Meanwhile, insiders are the main source of their breaches. Nearly 60 percent of U.S. firms said their breaches came from negligent insiders; 35 percent from malicious insiders; and over 35 percent from third-party outsourcers. Around 75 percent of U.S. firms and 60 percent of UK firms send their live data to third parties for development and testing.

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.

About the Author(s)

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights