Most UK firms risk customer data breaches when testing apps

A majority of UK organisations risk customer data by using it to develop and test applications.

A majority of UK organisations risk customer data by using it to develop and test applications.

Research commissioned by Compuware found that 58% of British companies use actual customer data instead of disguised data to test applications during the development process.

Of those companies using actual customer data, 79% use customer files and 68% use customer lists.

The research was based on responses from 900 IT professionals. Examples of the live data used at firms included customer account numbers, credit card numbers, Social Security numbers, employee records, and other credit, debit or payment information.

Although organisations may think that test data is immune from privacy threats because testing occurs in a non-production environment, these environments are less secure than production environments, said Compuware.

Testing data may be exposed to a variety of unauthorised sources, including in-house testing staff, consultants, partners and offshore personnel. In fact, 35% of respondents outsourced their application testing, and 38% shared live data with the outsourced organisation.

Dr Larry Ponemon, chairman of the Ponemon Institute, which carried out the research for Compuware, said, "For many organisations, large customer data files represent an easy, cheap source of data to use when testing applications.

"But this process introduces a huge element of risk to the challenge of maintaining the integrity of sensitive information, particularly when third parties and offshore resources are involved."

Read more on IT risk management

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.