Some companies go to great lengths to “lock down” and protect their production environment, but end up neglecting to secure their other non-production environments (e.g. DEV, TEST, QA) that hold copies of production data. To guard these copies of production data, you have two choices – either limit users who will access that data to the same abilities that they have in production, or, purge, obfuscate or encrypt sensitive data refreshed from production. The problem, of course, is that in order to develop or test functionality, users may need more privileges on non-production environments than you would normally allow on production.

There is no silver bullet available here to protect your data in your non-production instances. In some cases, purging data can suffice (i.e. for development of a new application extension), in other cases, you may have to develop your own obfuscation routines to change the data once it is refreshed from production. Which approach is best for you can only be determined by an analysis of your data and its associated sensitivity

> back to list