>>> On 8/5/2009 at 7:46 PM, in message <[email protected]>, Rick Fochtman <[email protected]> wrote: > -----------------------------------<snip>------------------------------- > >>>In these days of HIPPA, Sarbanes-Oxley (in the US), PIPEDA (in Canada) >>>and various other privacy acts, do you want applications people able >>>to read production data? On the other hand how do you re-create >>>production problems in test when the obfuscation may also eliminate >>>the problem? >>> >>> >> >>There's the rub. I know there are many vendors out there who will be glad to > help you "scrub" production data for use in testing, but they all sound like > a royal pain in the *!&@# if you ask me. Until I am absolutely told I cannot > use (copies of) production data in test I will continue to do so. Once I am > told that I will say "sure, tell me how I can do my job without it and I'll > consider it". >> >>Very sore spot with me. >> >>Frank >> >> > ------------------------------<unsnip>---------------------------------- > You might consider this: "age" your data. > > We allowed testing with production data that was at least 3 weeks old. > In our business, after 2 days, the data was useless, even to a malicious > attacker, so we let it age three weeks, then allowed app. staff to use > it for test purposes.
Interesting, but doesn't much help solve a production problem that happened at 2am today. Plus the account numbers, personal identifiers (Tax ID et al), etc. most likely won't have changed in three weeks... Frank -- Frank Swarbrick Applications Architect - Mainframe Applications Development FirstBank Data Corporation Lakewood, CO USA P: 303-235-1403 F: 303-235-2075 The information contained in this electronic communication and any document attached hereto or transmitted herewith is confidential and intended for the exclusive use of the individual or entity named above. If the reader of this message is not the intended recipient or the employee or agent responsible for delivering it to the intended recipient, you are hereby notified that any examination, use, dissemination, distribution or copying of this communication or any part thereof is strictly prohibited. If you have received this communication in error, please immediately notify the sender by reply e-mail and destroy this communication. Thank you. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
