Compuware Corporation (Nasdaq: CPWR), the technology performance company, today announced the results of a global* CIO survey on attitudes and practices relating to the use of customer data in outsourced mainframe application development and maintenance. The survey found that despite significant security risks, 20 percent of companies do not mask or protect their customer data before providing it to outsourcers for application testing purposes. On the other end of the spectrum, 82 percent of companies that do mask their customer data before providing it to outsourcers describe the process as being difficult; and 56 percent of those that mask claim that masking data negatively impacts the quality of their testing and QA processes. Notably, 30 percent of companies do not provide their outsourcer with customer data at all; despite the fact test data should reflect production data conditions as closely as possible.
“If applications are to be tested thoroughly, particularly in the complex world of the mainframe, test data conditions should reflect live data conditions as closely as possible or the application may not perform well in production,” said Kris Manery, Senior Vice President and General Manager, Mainframe Solutions, Compuware. “Because the mainframe is central to the functioning of many businesses, any application downtime or disruptions can be disastrous. This presents a challenge to companies working with third parties to develop and maintain such applications, as it means organizations have to hand over their customer data. Providing third parties with unprotected customer data not only increases the potential for data to be misused or stolen, but can also put companies in danger of violating data protection regulations. Either could seriously impact revenues and reputation should a breach occur.”
Data Privacy Concerns
The research highlights the fact that a number of companies are providing outsourcers with unprotected customer data to test applications. Most countries have strict data protection laws governing the use and sharing of customer data with third parties, but many companies appear unsure about the regulations in place and how they are affected by them:
- 43 percent of respondents that share customer data do not understand data protection laws and regulations
- 20 percent of companies do not mask customer data before providing it to outsourcers, as they fear doing so will impact the quality of their QA processes
- 87 percent of organisations that do not mask customer data before passing it to a third party rely on Non-Disclosure Agreements (NDAs) to protect their customer’s data.
Unreliable Test Data
To avoid issues relating to data privacy, a number of organisations mask customer data or select small amounts of data rather than a full production copy, but this is a difficult process. Some go even further and do not provide any customer data to use in the testing process, forcing the need to create test data for application testing. This method, however, can be very expensive and time-consuming. These practices are impacting the quality of outsourced application development, as systems can’t be thoroughly tested unless test data reflects current production data as closely as possible:
- 30 percent of companies do not use customer data when testing their mainframe applications
- 62 percent of companies that provide outsourcers with customer data use out-of-date data to test applications
- 82 percent of companies that mask their customer data before providing it to outsourcers describe the process as being difficult
- 56 percent of respondents that mask customer data believe the security measures they have in place to keep test data secure negatively impacts the quality of testing and QA processes.
“Companies appear to feel trapped between a rock and a hard place,” said Manery. “Without the proper tools, disguising data is difficult; similarly, using a full production copy results in higher than necessary resource consumption and increases the privacy risk. Both methods impact quality, because they do not use up-to-date and accurate production data. Yet providing third parties with customer data is equally unappealing, because companies have to rely on insecure NDAs, creating a risk of a data breach. What many don’t understand is that there are methods, such as test data optimization, that allows companies as well as outsourcers to more easily create test data that can be processed efficiently while guarding against costly data breaches.”
*Commissioned by Compuware and conducted by independent research company Vanson Bourne, the survey questioned 520 CIOs from large companies, covering a cross-section of vertical markets in Australia, Benelux, France, Germany, Italy, Japan, UK, and USA.
About the Compuware Mainframe Solutions
Compuware's Mainframe solutions help the world's leading organizations maximize developer productivity, minimize costs and deliver better service. The Solutions are available within the Compuware Workbench, an open development environment that features an intuitive and easy-to-use graphical user interface. Workbench makes common mainframe tasks faster and simpler to perform for both experienced mainframers as well those new to the mainframe, enabling companies to develop new services faster, more efficiently and with higher quality utilizing existing resources.
Compuware Corporation, the technology performance company, makes technology make a difference by providing software, experts and best practices to ensure technology works well and delivers value. Compuware solutions make the world's most important technologies perform at their best for leading organizations worldwide, including 46 of the top 50 Fortune 500 companies and 12 of the top 20 most visited U.S. web sites.