Data security and software testing

There is an interesting article here about what it calls the unseen privacy crisis. Software testing has a key part to play in this arena and it concludes:

What can organisations do about this pending crisis? The first step is to recognise that this is in fact a problem. All of the media attention that has resulted from the inappropriate and unlawful use of private consumer data has begun to increase awareness.

Second, IT needs to understand that they are also at risk and that they must research and adopt best practices and processes to ensure the data they use to test their applications remains confidential. For existing applications, this involves masking and disguising potentially sensitive data before releasing it for use in testing. In all situations, the processes need to be documented so that an organization can demonstrate compliance.

Third, companies need to mandate their development partners and outsourcers rigorously adhere to a set of policies that eliminate the use of live sensitive data during the testing process. More and more software testing is outsourced with many of the outsourcers located offshore. This serious risk is best managed by implementing documented processes and compliance auditing.

Finally, companies at risk need to consider technological answers to meet this challenge. Technology tools designed to transform or mask sensitive or confidential data for testing purposes can eliminate the organisation’s risk without inhibiting a thorough and accurate testing process.

Testing is a mandatory step for ensuring that today’s applications work as intended.

Software testing service provider