Financial Data at Risk in Development: A Call for Data Masking


Click here to download now

Source: Informatica
Date: November 2010
Type: White Paper
Rating: (2)

Overview: This Informatica sponsored study, conducted by the Ponemon Institute, surveyed 437 senior IT professionals in the financial services industry whose organizations have been engaged in application testing and development in order to better understand if the risk of using real data in development is being addressed.

An overlooked privacy risk for financial services organizations is the vulnerability of personal and business information used for testing and application development. During the test and development phase of new software applications that real data – including financial records, transactional records, and other personally identifiable information (PII) – is being used by as many as 80 percent of organizations. Further, test environments are less secure because data is exposed to a variety of unauthorized sources, including in-house testing staff, consultants, partners and offshore development personnel.

The study findings suggests that security decision-making may be motivated more by achieving business objectives than by addressing data security risks through compliance and the application of best security practices. The study also suggests that the cost-saving advantages of these services may be taking precedence over security considerations.

Given the potential for heavy fines and penalties, customer churn, reputational damage, and the overall costs associated with a data breach, it is recommended that financial services organizations proceed with great caution before outsourcing to third parties. This should include a vigorous evaluation of any prospective partner’s security policies and procedures, and with detailed contractual provisions to further ensure information security remains a priority throughout the process.

Not what you're looking for? Search again
Go Advanced »

View All Categories

Business Intelligence : Analytics, Business Process Management, Content management, Dashboards, Data Mining, Data Quality, Databases, Datamarts/Data Warehouses, Information Management, Knowledge Management, Performance Management

Development : Architecture & Design, C/C++, Database, Development Tools, Embedded Systems, High Performance Computing, Java, Mobility, Security, Web Development, Windows/.NET, Open Source

Government : Cloud/SaaS, Enterprise Applications, Enterprise Architecture, Federal, Information Management, Leadership, Mobile & Wireless, Policy & Regulation, Security, State & Local

Hardware : Blades, Data centers, Desktops/PCs, Grid/Cluster Computing, Handhelds/PDAs, Macintosh, Peripherals, Processors, Supercomputers, Unix/Linux servers, Utility/On-demand Computing, Virtualization Hardware, Windows Servers

Healthcare : Policy & Regulation, Leadership, Security & Privacy, Mobile & Wireless, Electronic medical records, Clinical information systems, Administration systems, Interoperability, The Patient

Infrastructure : ATM, Ethernet/Gigabit Ethernet, Frame relay, IPv6, Traffic Management, Network/Systems Management, PBXs, Printers, Remote Access, Routers, Switches, UPS, VPNs, WAN Optimization/Acceleration, Wide Area File Services

Internet : B2B, B2C, Browsers, E-Business/E-Commerce, E-retail, Google, Internet Policy, Internet Security, Search, Social Networks, Traffic Reporting/Monitoring, Web 2.0, Web Development, Social Business

Management : Career Development, Executive Insights/Interviews, H-1B, Legal, Outsourcing, Personnel Management, Recruiting, Regulation/Compliance, ROI/TCO, Salary/Compensation, Small-Medium Business, Training, Workplace Trends

Mobility : 3G Wireless/Broadband, 802.11x, Fixed Mobile Convergence, Mobile Business, Mobile Messaging, Muni Wireless, RFID, Smartphones, Wi-Fi VOIP, Wi-Fi/WiMax, Wireless Security, WLAN

Personal Tech : Blackberry, Bluetooth, Bluray, Digital Cameras, Digital Music, Digital Rights Management, Global Positioning Systems, iPhone, iPod, Peripherals, Smartphones, TVs/Home Theater, Virtual worlds

Security : Antivirus, Application Security, Attacks/Breaches, Cyberterror, Encryption, End user/Client Security, Intrusion Prevention, NAC, Perimeter Security, Privacy, Security Administration, Storage Security, Vulnerabilities and Threats

Services : Business Process Outsourcing, Business Services, Disaster Recovery, Hosted Applications, Hosted Storage, Internet/Data Services, Outsourcing, Software as a Service, Systems Integration, Telecom/Voice Services

Software : Integration, Application Optimization, Business Systems Management, CRM, Database Applications, Databases, Development Tools, ERP, Hosted Software/Applications, Linux, Open Source, Operating Systems, Productivity Applications, Server Virtualization, Service Oriented Architecture, Web Services

Storage : Data protection, Disaster Recovery, Removable/Portable Storage, Security, Storage Fabrics, Storage Systems, Virtualization

Telecom : VOIP, Unified Communications, Voice services, PBXs, Call Centers, Presence, Collaboration Systems, Business, Regulation, Internet policy

Windows/Microsoft : Applications, Internet Explorer, Microsoft Company News, Office Suite, Open Source, Operating system, Security