Our customer was using their real customer data in test environments. While this appeared to ensure high quality test data, test environments are often less secure than production ones. And, everywhere unencrypted PII resides is a potential data breach for any organization.
The use of customer data in non-production environments dramatically increased our customer’s exposure to data breach.
Working with our customer’s teams in development, test, and quality assurance we identified and removed, or masked, all customer PII from non-production environments. A major requirement was to ensure minimal reduction in test data quality. We used well-established approaches for creating test data that supported quality testing outcomes.
The project helped to maintain accountability, trustworthiness, confidentiality, and showed due diligence on the part of the organization. It brought them into closer alignment with their own internal policies, and brought them into closer alignment with the due diligence expectations of ISO 27001 and 27002.