A majority of UK organisations risk customer data by
using it todevelop and test
applications.
Research commissioned by Compuware found that 58% of British
companies use actual customer data instead of disguised data to
test applications during the development process.
Of those companies using actual customer data, 79% use customer
files and 68% use customer lists.
The research was based on responses from 900 IT professionals.
Examples of the live data used at firms included customer account
numbers, credit card numbers, Social Security numbers, employee
records, and other credit, debit or payment information.
Although organisations may think that test data is immune from
privacy threats because testing occurs in a non-production
environment, these environments are less secure than production
environments, said Compuware.
Testing data may be exposed to a variety of unauthorised
sources, including in-house testing staff, consultants, partners
and offshore personnel. In fact, 35% of respondents outsourced
their
application testing, and 38% shared live data with the
outsourced organisation.
Dr Larry Ponemon, chairman of the Ponemon Institute, which
carried out the research for Compuware, said, "For many
organisations, large customer data files represent an easy, cheap
source of data to use when testing applications.
"But this process introduces a huge element of risk to the
challenge of maintaining the integrity of sensitive information,
particularly when third parties and offshore resources are
involved."