“Community College Student finds his Social Security Number through Google search.”
No, that isn’t a headline from The Onion — it actually happened. It happened when community college staff members tested a new online application that used files with sensitive unaltered data on an unsecure server.
While this case was especially egregious, use of unmasked production data in test and development environments is common because developers and testers need realistic datasets in order to work effectively. To prevent the risk of exposing Social Security numbers, payroll information, personal addresses, and other sensitive data to the wrong people, developers should perform data masking.
“Data masking” means altering data from its original state to protect it. The format remains the same, but the values change. Making detection or reverse engineering impossible is the name of the game. Various compliance legislation abound, with more coming every year, such as the newer California Consumer Privacy Act (CCPA). The general populous is becoming more aware of the ways in which personal data is transferred between systems.
There are a variety of methods that are commonly used to protect data in sandbox and testing environments. Let’s look at some examples.