| Share

29% of Companies That Use Customer Data When Testing Applications Put That at Risk by Passing it Unprotected to Outsourcers, According to Compuware Study



Research finds 71 percent of Australian companies believe their data security measures negatively impact the quality of their testing and QA efforts

Compuware Corporation (Nasdaq: CPWR), the technology performance company, today announced the results of an Australian CIO survey on attitudes and practices relating to the use of customer data in outsourced mainframe application development and maintenance. The survey found that despite significant security risks, 29 percent of Australian companies that provide outsourcers with customer data to test and maintain their mainframe applications do not mask or protect their customer data before supplying it to outsourcers. On the other end of the spectrum, 83 percent of companies that do mask their customer data before providing it to outsourcers describe the process as being difficult; and 71 percent of those that mask claim that masking data negatively impacts the quality of their testing and QA processes. Notably, 30 percent of companies do not provide their outsourcer with customer data at all; despite the fact test data should reflect production data conditions as closely as possible.

“If applications are to be tested thoroughly, particularly in the complex world of the mainframe, test data conditions should reflect live data conditions as closely as possible or the application may not perform well in production,” said Kris Manery, Senior Vice President and General Manager, Mainframe Solutions, Compuware. “Because the mainframe is central to the functioning of many businesses, any application downtime or disruptions can be disastrous. This presents a challenge to companies working with third parties to develop and maintain such applications, as it means organisations have to hand over their customer data. Providing third parties with unprotected customer data not only increases the potential for data to be misused or stolen, but can also put companies in danger of violating data protection regulations. Either could seriously impact revenues and reputation should a breach occur.”

Data Privacy Concerns

The research highlights the fact that a number of companies are providing outsourcers with unprotected customer data to test applications. Most countries have strict data protection laws governing the use and sharing of customer data with third parties, but many companies appear unsure about the regulations in place and how they are affected by them:

·      59 percent of respondents that share customer data do not understand data protection laws and regulations; with a further 12 percent believing data protection lies outside of their responsibility   
·      29 percent of companies that provide outsourcers with customer data do not mask this data before providing it to outsourcers, as they fear doing so will impact the quality of their QA processes
·      40 percent of organisations that do not mask customer data before passing it to a third party rely on Non-Disclosure Agreements (NDAs) to protect their customer’s data.

Unreliable Test Data

To avoid issues relating to data privacy, a number of organisations mask customer data or select small amounts of data rather than a full production copy, but this is a difficult process. Some go even further and do not provide any customer data to use in the testing process, forcing the need to create test data for application testing. This method, however, can be very expensive and time-consuming. These practices are impacting the quality of outsourced application development, as systems can’t be thoroughly tested unless test data reflects current production data as closely as possible:

·     30 percent of companies do not use customer data when testing their mainframe applications
·     59 percent of companies that provide outsourcers with customer data use out-of-date data to test applications
·     83 percent of companies that mask their customer data before providing it to outsourcers describe the process as being difficult
·     71 percent of respondents that mask customer data believe the security measures they have in place to keep test data secure negatively impacts the quality of testing and QA processes.

“Companies appear to feel trapped between a rock and a hard place,” said Manery. “Without the proper tools, disguising data is difficult; similarly, using a full production copy results in higher than necessary resource consumption and increases the privacy risk. Both methods impact quality, because they do not use up-to-date and accurate production data. Yet providing third parties with customer data is equally unappealing, because companies have to rely on insecure NDAs, creating a risk of a data breach. What many don’t understand is that there are methods, such as test data optimisation, that allows companies as well as outsourcers to more easily create test data that can be processed efficiently while guarding against costly data breaches.”

About the Compuware Mainframe Solutions
Compuware's Mainframe solutions help the world's leading organisations maximise developer productivity, minimise costs and deliver better service. The Solutions are available within the Compuware Workbench, an open development environment that features an intuitive and easy-to-use graphical user interface. Workbench makes common mainframe tasks faster and simpler to perform for both experienced mainframers as well those new to the mainframe, enabling companies to develop new services faster, more efficiently and with higher quality utilising existing resources.

Compuware Corporation
Compuware Corporation, the technology performance company, makes technology make a difference by providing software, experts and best practices to ensure technology works well and delivers value. Compuware solutions make the world's most important technologies perform at their best for leading organisations worldwide, including 46 of the top 50 Fortune 500 companies and 12 of the top 20 most visited U.S. web sites.