Infosys experts share their views on how digital is significantly impacting enterprises and consumers by redefining experiences, simplifying processes and pushing collaborative innovation to new levels

« Designing data for deep learning in discovering images | Main | Infosys Nia Chatbot Platform and WCAG Compliance »

PrivacyNext - Privacy Experience for your Tester

Privacy Testing is an emerging area in Information security. The purpose of privacy testing is to build a preemptive step to ensure that the systems are built properly designed to protect Personally Identifiable Information. Failure to address privacy risks may lead to the termination of important programs or costly breaches that may bring harm to both individuals and enterprises.

Why do we need Privacy Testing ?

  • Discovering privacy issues prior to production that may not have been found in system design, which can reduce the cost of mitigating privacy issues by finding them early in development.
  • Establishing confidence with stakeholders by demonstrating due diligence.
  • Encouraging collaboration among privacy, security and business employees in an enterprise

This process is made to ensure that systems are properly designed to protect Personal Identifiable information(PII). It is similar to other types of testing performed on the system with a focus on privacy. Privacy testing focuses specifically on privacy areas that are different from security testing. Privacy testing brings focus on the concepts behind the Privacy by Design. It is a significant step to complete to ensure that system protects PII.

Test Data Privacy also provides data masking techniques to developers. Format-preserving encryption retains the original format of input data, thus making it more usable and realistic for testing purposes. The translation technique uses existing values stored within files as replacements for sensitive test data values.

Maintaining Integrity with Data Selection and Sub-setting - Test Data Privacy allows focused and relevant test data to be extracted while maintaining integrity, ensuring high quality test data. Test Data Privacy includes capabilities for desensitizing copies of primary data containing PII, which can be used for testing, QA or transmission to other business partners.

Two main areas that require teams to implement a test data privacy solution for more secure test data are:-

  • Data Breach Prevention - The customer information may be exposed to multiple stakeholders during the application testing process. Any compromise in test data can result in damage to the reputation. To prevent this, Test Data privacy supports Static data masking to reduce the risk of breaches and misuse of production data.
  • Compliance with Data Privacy Laws - Data used in test environments tends to be less secure. However, data privacy regulations require that all data should be secure. Enterprises can apply data techniques across all environments to protect PII throughout the testing process and comply with various data privacy laws.

DP.png

Below are the phases in Test Data Privacy that need our focus.

1) Analysis - It is the first phase of a test data privacy. It helps in identifying and documenting data model and functional model elements of an application. Data model analysis is useful in finding the sensitive data and in knowing about the data in the environment. Functional model analysis helps to know data validations and validations done against sensitive data elements.

2) Design - The test data privacy should be designed around the information  collected during Analysis phase. The Design phase contains disguise preprocessing and rules design. Focus should be on elucidating tables and key files in disguise preprocessing. Numerous disguise methods are present, such as encryption, translation, data generation and date aging.

3) Development - Development activities can be carefully evaluated in planning phase and assessed once Analysis and Design phase gets over. Below are the activities that need to be completed during the development phase:

  • Generation of data elements and source data identifiers
  • Make translate tables
  • Test and deploy custom functions and adapters
  • Make privacy rules
  • Examine rule coverage

4) Delivery - All activities - including creation of processes, automation execution, finishing of documentation assemble in the Delivery phase. It is important to get ready for delivering the solution created by ensuring proper documentation, obtainable human and technical resources.

The focus on data privacy is increasing as organizations move away from using production data for testing. They are increasingly using masking, sub-setting and test data generation to avoid data breaches.

iEDPS (Infosys Enterprise Data Privacy Suite) has all these capabilities to enable the right Tester experience for Privacy Engineering including key features like:

  •  Automated workflow for the Data Provisioning
  •  Simplified PII Repository and regulatory templates for Data Discovery
  • Secure Query for effective data mining through a secure tester query engine
  • Data Virtualization - Build smaller virtual copies of production data for testing and optimizing storage 

References: https://www.compuware.com/four-steps-towards-gdpr-compliance-with-better-test-data-privacy/

Written By : Avin Sharma

Post a comment

(If you haven't left a comment here before, you may need to be approved by the site owner before your comment will appear. Until then, it won't appear on the entry. Thanks for waiting.)

Please key in the two words you see in the box to validate your identity as an authentic user and reduce spam.