Financial Data At Serious Risk During Application Development

Informatica Corporation, the data integration software provider, has announced a financial services industry research report by the Ponemon Institute entitled Financial Data at Risk in Development: A Call for Data Masking. The report builds on previous research by Ponemon where 31% of surveyed customers indicated they would switch financial institutions should their personal information become compromised by a data breach. Ponemon's report reveals a pervasive use by financial institutions of real data in their application development and testing activities.

Key research findings, based on a survey of more than 430 financial services IT professionals, include:

  • Widespread exposure of sensitive data – 84% of respondents’ organisations use real customer information during software development and test, 70% use consumer data, and 51% use credit, debit or other payment information.

  • Data protection is far from pervasive– Despite the data’s sensitivity, 45% do not protect real data used in development and testing.

  • Breaches are commonplace– 38% have had a breach involving real data in a development and test environment and 12% are unsure if they have had a breach or not.

  • Consequences are high – 54% of those experiencing a breach said it resulted in disruption of operations, 39% experienced customer churn, and 35% lost revenues.

  • Most organisations wouldn’t know if data was lost or stolen– 75% are not confident or else are un-decided as to whether their organisation could even detect the theft or accidental loss of real data in development or test.

  • Outsourcing and cloud computing increase the security risk – Outsourcing development and test activities and/or using cloud-computing resources introduce additional risk factors, which frequently prevent financial organisations from turning to these potentially advantageous resources. Of those that outsource development or test, 51% share real data with third-parties, while 35% do not outsource due to security concerns. Meanwhile, 41% use cloud resources for development and test, but only 25% are confident or very confident about security in a cloud environment.

Given the high rates of real data used in financial industry development and test environments, Ponemon Institute recommends immediate actions to ensure customer privacy including:

  • Centralised executive oversight – Create a single point of executive-level responsibility coupled with policies and procedures for safeguarding your organisation’s real data in non-production environments.

  • Data masking – Invest in key technologies including tools to “transform or mask sensitive or confidential data without diminishing the richness of the data necessary for successful testing and development.”

  • Data masking helps safeguard sensitive, private or confidential data such as personally identifiable information (PII) or payment card information detailed in the Payment Card Industry Data Security Standards (PCI DSS) by masking it in-flight or in-place. As a result, fully functional, real data sets can be used safely in development, test and other non-production environments, as well as in outsourcing, offshore or cloud computing environments.

"Financial services organisations are among the most highly regulated and risk-aware enterprises in the world, yet a mere 34 percent of respondents believe that their organisation is successful at protecting customer privacy in application development and test environments," said Dr. Larry Ponemon, Chairman and founder of the Ponemon Institute. "It is our hope that Financial Data at Risk in Development: A Call for Data Masking will help alert the industry to the risks they are facing in using unprotected data in development, while pointing the way towards a set of fairly easily implemented procedural and technical solutions."

"Financial institutions are not alone in inadequately protecting sensitive data during their development and test activities, but they certainly face greater risks and tighter regulation than most types of organisations," said Adam Wilson, general manager, Application Information Lifecycle Management, Informatica. "To manage this risk and ensure on-going compliance, some of the largest financial services companies in the world have standardised on Informatica Data Masking to extend their data security program beyond their production applications. This ensures the ever exploding number of copies that are kept for development, testing, training, and for regulatory reporting are appropriately de-identified."

Your guide to the latest cricket World Cup stories, analysis, reports, opinions, live updates and scores on Follow us on Twitter and Instagram or like our Facebook page for updates throughout the ongoing event in England and Wales.

Updated Date: Feb 02, 2017 23:05:38 IST