Certification - May 2008 - (Page 23) Safe Test Data Another important facet of data-centric protection is test data. When IT projects require data for populating test databases, outsourcing file or report formats, benchmarking new hardware or software or developing new applications, they need test data that reflects the appearance, content, volume and value ranges of their production data. Traditionally, snippets of real production data were used for testing. But production data is inherently unsafe since it may contain personally identifying details and other confidential information. And even if it’s not sensitive, data snippets may not be voluminous enough or contain value ranges sufficient to stress test application and operational prototypes. Creating custom test data by hand can take a very long time. For these reasons, a number of techniques and solutions should be evaluated for generating realistic test data. Suppose, for example, that you are prototyping a large infrastructure replication project where production and disaster recovery sites are located 120 kilometers apart. If your customer is a major bank, using real production data to feed the backup replica is prohibited because third-party testers and developers are involved. FlexITy Solutions in Ontario, Canada, was a contractor in such a case, and needed to populate multiple, large databases with safe, realistic test data. FlexITy chose IRI’s RowGen test data tool because, as IRI indicates, it could automatically parse the data model of every source database and automatically generate test data, complete with referential integrity. According to FlexITy quality assurance consultant Ilia Frankstein, RowGen formed 33 million rows of relational table data in fewer than three hours on a PC. “Without such a tool,” he said, “generating all that test data could take months because it would involve understanding the foreign key dependences in the database, plus the coding and debugging of many custom data generation scripts.” Certain databases and applications also contain built-in test data generation, randomization and masking functions, and there are a number of lowend or shareware data generators that may also suffice for specific requirements. RowGen however, “can produce and transform huge volumes of referentially correct test data and flat file struc- tures and make use of disparate data models and the metadata from existing applications,” Frankstein said. Niche Service Providers Most enterprises today do not have the resources to perform in-depth evaluations of how solutions for enhancing data protection will function when integrated with their existing production environment. To address this, FlexITy built the FlexITy Integration and Testing (FIT) Lab with enterprise hardware and software products from many leading manufacturers. According to Nolan Evans, FlexITy’s consulting solution architect, FIT “enables the prototyping of complex, heterogeneous infrastructure solutions in a way that is completely nonintrusive to ongoing production activities.” More to the point, however, is that FlexITy’s proofs of concept can reflect the actual behavior of a new service or solution in the context of a customer’s real data environment “without having to deal with the challenges of gaining access to potentially sensitive sample data,” he said. FlexITy is just one example of an IT company specializing in protecting data as it prototypes environments and develops applications. Another example is Micro Focus’ Application Portfolio Management (APM) suite that can survey an entire battery of legacy programs and their data elements to find operational inefficiencies and at-risk data. Other vendors provide tools and services around data governance and sensitive data discovery. For example, Exeros and GlobalIDs have solutions to monitor enterprise databases to identify at-risk data so appropriate security measures can be taken. Kevin Trosian, technology equity researcher at Wedbush Morgan Securities, said it best in a column for SearchSecurity.com about the journey of discovering data security problems and solutions: “The road will be bumpy for vendors and security buyers alike. We’re experiencing a wholesale shift in the technology landscape, which will eventually benefit enterprises with better integrated, less expensive secure infrastructure products.” 8 David Friedland is executive vice president of CoSort. He can be reached at editor@certmag.com. May 2008 CERTIFICATION MAGAZINE 23 http://SearchSecurity.com
For optimal viewing of this digital publication, please enable JavaScript and then refresh the page. If you would like to try to load the digital publication without using Flash Player detection, please click here.