Using real customer data in testing environments creates unnecessary risk

A new study polling 1,000 software developers and startup employees found 29% of companies use unprotected production data (real customer data) in testing environments when testing and troubleshooting their company’s software — increasing the risk of exposure in the event of a data breach. Unprotected production data is defined as data that is not de-identified or generated synthetically, according to Tonic.ai.

The study found 45% of respondents said their companies have faced a major data breach within the past five years due in part to the use of data in insecure environments.

Sectors hit the hardest by data breaches in the past five years are financial services (60%), construction (57%), education (54%), food and beverage (53%) and law practices (53%).

According to respondents, data breaches occur most often as a result of internal theft (34%), accidental leaks (27%) and hacking incidents (24%) — all of which can take companies an average of four weeks to recover.

Data breaches open a Pandora’s box of risks for companies that experience them: respondents said their businesses came face-to-face with insurance premium increases (28%), civil lawsuits (27%), regulatory fines (22%) and media embarrassment (21%).

A majority of those who previously faced a data breach (88%) said it caused delays in the company’s ability to function. The study also found 74% use sensitive customer data every day for multiple purposes.

Industries found to use sensitive customer data the most were in education (83%), financial services (82%), food and beverage (80%) and construction (79%).

Seven in 10 (71%) said being hacked is a major concern at their company — a prime reason for 75% of businesses to make sure customer data security is a “top priority.”

“With the rising popularity of remote work, increased data breaches and leaks are inevitable. Whether it be stolen work laptops, using real customer data in testing, or the incorrect cloud migration of data, there are a myriad of reasons why a breach can happen,” said Ian Coe, CEO of Tonic.ai. “What’s important to understand is that while a breach may happen, there are ways to safeguard the data to ensure companies are not putting their customers’ information at risk.”
The survey revealed one way to avoid customer data breaches is to monitor and protect the data businesses use in software testing environments.

On a promising note, the study also found that 50% of businesses use data that has been de-identified or synthesized to look like customer data, in testing environments.

Three in four businesses even said they feel “ready and prepared” to deal with future data breach threats.

Seven in 10 believe it’s “necessary” to use synthetic data to keep customer data safe.

Many respondents considered their test data practices to be broken. Forty-two percent claimed their practices either aren’t secure or they don’t scale. Meanwhile, 20% said it’s difficult to generate and use their test data.

Nearly two in three (64%) don’t understand the reasons behind using synthetic data for testing.

“Fake data is designed to respect and protect the privacy of real customer data. Companies should be responsible about their data governance and being compliant when it comes to things like personal identifiable information,” said Coe.