I want to start out by introducing myself as this is my first of hopefully many entries to this blog. My name is Eric Naiburg and I am responsible for Product Marketing Strategy of the Optim solutions. I have recently celebrated my 1 year anniversary with the Optim group and rejoining IBM. Prior to this role, I spent more than 2 years away from IBM working for Dr. Ivar Jacobson as VP of Sales and Marketing for Ivar Jacobson Consulting and a brief stint at CAST Software as Director of Product Marketing.
In my previous role at IBM, I work for Rational Software actually spending 4 years at Rational pre-acquisition and 3 years as part of IBM. I held many roles at Rational including product manager for the modeling solutions, product marketing of solutions and desktop products just to name a few. Before joining Rational, I was the product manager for the ERwin data modeling tool with Logic Works which was acquired by Platinum Technologies and later CA.
I have also published 2 books with Addison Wesley. UML for Mere Mortals and UML for Database Design. Both of these books were fun to write and provided great learning experiences for me and my co-author Robert Maksimchuk.
So, now to the Blog….
Data Privacy - "The Untold Story"
Data protection and privacy continue to be a tremendous focus and risk for the IT community today. While organizations are making great strides to protect data privacy in production application environments, but the “untold story” of implementing similar strategies in non-production (testing, development and training) environments is often overlooked. When I talk to people at conferences and in meetings, I ask them the question, “how are you protecting the privacy of your data in development and test environments”. The scary result is often they look to the floor, have a nervous smile on their faces and say, “we know it is an issue and we know we need to do something, but it isn’t on the top of our priority list at this time”.
That is why I call it the “untold story”. We know of the threat, but don’t do much about it until it is too late and a breach or loss happens. There is significantly more non-production data floating around organizations than there is data in production. It is used for testing, development, training and more. Additionally, when the data is used, it may be copied into spreadsheets for use in automated testing tool or for manual testing inputs exposing the data outside of the database itself and now even a bigger risk.
Because the data is being used and moved, it needs to be protected. Since testers, developers and others can see the data, encryption just isn’t enough, the data must be de-identified or masked. Non-production data does not have to be real; it however does have to be realistic. The process of masking creates realistic data from your production data and if done correctly will ensure the referential integrity across a single database or entire system. Masking does not prevent the loss or theft of data, but it makes it of no value if that occurs.
So, to keep your organization from being the next negative headline of data theft, mask your non-production data making it realistic, but not real.