Major Insurance Corporation

iOCO successfully partners with Micro Focus CyberRes to create a secure test data solution with Data Privacy Manager.

Move Towards Agile Development Demands More Stringent Data Security This organization maintains a business critical application that has been in place for decades. Among the massive volumes of data captured and consumed by the organization is sensitive data that, if stolen or breached, can result in regulatory fines, sanctions, reputational damage, and other significant consequences to the business. With a move towards agile practices and DevOps principles comes the requirement for continuous testing to ensure release velocity can be increased so that any new business requirements are met as quickly as possible.

“Deploying Data Privacy Manager provided a completely secure test environment that enhances the quality of the solution and speeds up release velocity. It has also future-proofed the solution as it is now cloud-ready should our client want to take this path at any point.” Steve Brooker Business Manager iOCO

However, with stringent data protection and privacy regulations, this organization, like all financial institutions, is worried about its data security in a test environment.

Because certain data combinations need to be tested, the team really needs to use the production data in a test environment. This preserves the critical data mass to execute performance tests as well as functional tests. Maintaining data integrity is a concern here, and with a newly introduced CI/CD continuous development and test processes, the team spent a lot of time and manual effort on searching through large volumes of production data and manually creating missing data combinations. They were also using homegrown scripts to mask data, but this still left risk of data exposure in the Quality Assurance environment. The data discovery effort alone was too much, given the long history of the solution. The organization needed effective data insight while maintaining full data privacy.”

Data Privacy Manager Automatically Discovers and Encrypts Complex Data The team contacted trusted partner iOCO with its test challenge. Steve Brooker, Business Manager for iOCO, picks up the story: “This was a scenario where we knew Voltage Data Privacy Manager could really shine. Data Privacy Manager integrates the well-established Voltage Structured Data Manager and Voltage SecureData solutions. It provides a comprehensive solution to address the privacy governance needs of enterprises with sensitive structured data. Data Privacy Manager is specifically designed to support agile development processes with automated secure provisioning of production data to test environments. This sophisticated approach will correctly discover and encrypt data in complex strings of data, leaving nothing to chance.”

Test data management with Data Privacy Manager enables data privacy and protection in non-production and production environments by anonymizing the application data during testing. This is a process of rendering completely new data sets that look and act like real-world data but ensures no real customer or sensitive data is present. The automated approach streamlines the pipeline between development, test, and production, driving greater efficiency inside the IT organization; just what was needed in this particular scenario. Data Privacy Manager provides an end-to-end data-centric approach for enterprise data protection. By leveraging Voltage Format-Preserving Encryption (FPE), it protects sensitive structured data over its entire lifecycle—from the point at which it is captured and throughout its movement across the extended enterprise, without gaps in security.

 

Great Teamwork Achieves
Flexible Secure Test Environment

A Micro Focus CyberRes Professional Services consultant took the technical lead in partnership with iOCO. Charl Behrens, Consultant, Security at iOCO is pleased with the collaboration: “I built the secure data platform while the Professional Services consultant focused on creating the business flows needed to encrypt sensitive database fields. We then worked together on the integration and test elements. Our client was kept in the loop throughout, and we ensured effective knowledge transfer so that iOCO can maintain and support the solution with Data Privacy Manager going forward. If and when there are changes in the database schemas that need to be reflected, we can easily do this by adapting the existing business flows through a user-friendly interface. Having this flexibility is important to our customer.”

When new releases can be fully tested against a production-sized encrypted database, deployment times and behavior become more predictable as each release is tested against the same data volume and variability.

A final word from Brooker: “Our client’s ultimate goal was to improve the time to market while never risking data integrity. Deploying Data Privacy Manager provided a completely secure test environment that enhances the quality of the solution and speeds up release velocity. It has also future-proofed the solution as it is now cloud-ready should our client want to take this path at any point.”