Provisioning Test Data with IBM InfoSphere Optim Test Data Management: Part 2

In Part 1 of this article, we explored two different strategies for provisioning test data using the IBM® InfoSphere® Optim™ Test Data Management solution—cloning and subsetting production data. In part two, we’ll see how InfoSphere Optim can help privatize sensitive data so test groups can use production data without sacrificing compliance with multiple regulations.

Privatizing sensitive data with InfoSphere Optim

Regardless of the test strategy chosen to create the gold master, it’s almost certain that at least part of the data will have to be privatized. Organizations must be sure that they remain in compliance with a growing number of regulations such as the Sarbanes-Oxley Act (SOX), the Health Insurance Portability and Accountability Act (HIPAA), Payment Card Industry (PCI) data security standards, and others.

InfoSphere Optim users can maintain that compliance in three ways. First, the Optim Data Privacy Providers (ODPP) package allows the privatization of the most sensitive types of data such as names, addresses, credit card numbers, national IDs, dates, and more. In addition, InfoSphere Optim enables administrators to create powerful yet easy-to-write scripts that perform specialized privatization. Finally, administrators can create low-level privacy functionality written in a compiled language such as C, COBOL, or Assembler.

InfoSphere Optim provides graphical user interface elements that allow administrators to easily associate a privacy function to a data element when they use the ODPP package or create scripts.

Privacy examples

InfoSphere Optim offers a number of privacy capabilities for different types of information (such as name, date of birth, national ID, and so on) and data type.

Randomized lookup

Information such as names and addresses are not easily privatized using an algorithm, so InfoSphere Optim supports looking up a different name or address (see Figure 1).

Figure 1. The InfoSphere Optim interface enables administrators to randomly select names or addresses.

Aging

With InfoSphere Optim, dates can be aged—in other words, administrators can adjust dates forward or backward in time by a certain number of days, weeks, months, or years (see Figure 2).

Figure 2. Administrators can add or subtract time to dates.

Randomized credit card numbers

Credit card numbers are particularly sensitive, but most applications expect credit card numbers to be valid; that is, they must have the correct starting digits as well as a valid Luhn checksum digit. InfoSphere Optim provides the ability to generate credit card numbers that are of a random type (issuer) or based on the original value (see Figure 3).

Figure 3. InfoSphere Optim enables administrators to generate randomized yet valid credit card numbers.

Randomized Social Security numbers

National IDs, such as US Social Security numbers, are also very sensitive and must always be privatized when used in development and testing environments. InfoSphere Optim can generate random yet valid Social Security numbers that optionally preserve the area encoding (see Figure 4).

Figure 4. Administrators can generate randomized yet valid national ID numbers.

Ensuring compliance while capitalizing on production data

Using production data in test environments is vital for improving testing accuracy. Yet organizations must adhere to a large and growing array of regulations designed to protect sensitive information. By incorporating a range of privacy capabilities into its easy-to-use graphical interface, InfoSphere Optim helps simplify the process of privatizing data as administrators build test environments from production data.

What are some of the toughest data privatization challenges that you face? Let us know in the comments.