By now you’re well aware of the requirements to protect customer data against loss. You know that you can’t allow personally identifiable information to be exposed. You also know that the …
By now you’re well aware of the requirements to protect customer data against loss. You know that you can’t allow personally identifiable information to be exposed. You also know that the costs of doing so are significant – you or your company can find yourselves under indictment, you can face lawsuits and the damage to your company’s reputation will be serious to the point that you might not recover.
So why do a third of businesses still use real data when testing their company’s software or production environments? That’s the question that was approached in a study Tonic, which bills itself as “The Fake Data Company.”
The study found that 29 percent of the companies responding used unprotected production data (this is real customer or personnel data) in testing environments or when troubleshooting their company’s software. The study also found that 45 percent of respondents faced a major data breach due at least in part insecure data handling. The cost of those data breaches included delays in the company’s ability to function, reported by 88 percent of respondents.
And unfortunately, the problem is growing. “With the rising popularity of remote work, increased data breaches and leaks are inevitable. Whether it be stolen work laptops, using real customer data in testing, or the incorrect cloud migration of data, there are a myriad of reasons why a breach can happen,” said Ian Coe, CEO of Tonic.ai. “What’s important to understand is that while a breach may happen, there are ways to safeguard the data to ensure companies are not putting their customers’ information at risk.”
One solution to this risk of a data breach is to not use real data in the first place. If all of the data you use for troubleshooting and testing is fake, then a data breach in those areas won’t matter. For this you need fake data. Fake data appears to your data systems to be real, it can be processed as if it were real, but it’s not real.
The idea of using fake data to protect against a breach that otherwise would reveal real protected data has probably occurred to most IT managers, but there’s a problem – how to get enough fake data to provide a meaningful test. It’s one thing to turn a couple hundred data entries into a fake representation of your data manually, but beyond that it’s too much manual work to be economically useful.
Tonic.ai solves this problem by being able to produce vast quantities of fake data that’s customized to look just like your real data, except for being fake.
“Fake data is designed to respect and protect the privacy of real customer data. Companies should be responsible about their data governance and being compliant when it comes to things like personal identifiable information,” said Coe.
While using fake data can’t do anything about a company’s insecure testing practices or the lack of protection against data breaches, it can at least eliminate the chance that your test will reveal protected data, which in turn help keep you out of the courts or jail.