This is an inaugural report that looks at the challenges of protecting sensitive data in non-production or lower environments, such as development, testing, analytics, and AI/ML.
“Our goal with this report is to share the realities of sensitive data exposures in non-production to help enterprises better protect their data moving forward,” said Ann Rosen, Director of Product Marketing for Delphix by Perforce. “Protecting sensitive data - data with personal identifiable information (PII) - in non-production has become more important over the years as cyberattacks target these environments. Companies need to do more to protect sensitive data.”
The report reveals that the challenge of protecting sensitive data will only get more complex with the rise of AI and 85% of enterprises have reported concerns about regulatory non-compliance in AI environments. Even more troubling, 68% of organisations surveyed perceive a lack of solutions to tackle data privacy in AI environments.
“AI is transforming industries, and data is at the heart of AI,” said Rod Cope, Chief Technology Officer of Perforce Software. “When it comes to AI and data, it can be a double-edged sword. There’s a lot of excitement around the innovation possible in AI, but data in AI environments must be protected. The findings in the State of Data Compliance and Security Report underline the importance of complying with data privacy regulations in AI environments, too.”
Overall, 91% of organisations said that they were concerned about the expanded exposure footprint across all lower environments (including software development, testing, and data analytics). Yet 86% allow data compliance exceptions in non-production. As a result, 54% of organisations have already experienced a data breach or theft involving sensitive data in non-production environments.
In Delphix’s experience, if this data is not protected, the consequences can be dire. Indeed, 53% have already experienced audit issues and failures related to non-production.
To mitigate these concerns, organisations are employing tools and approaches like static data masking, cited as a current solution by 66% of those surveyed.
“We hear all the time from customers that exceptions are given because it’s too complicated and time-consuming to achieve compliance without slowing down development or impacting quality,” said David Wells, Product Lead of Compliance Products for Delphix by Perforce. “At Delphix and Perforce, we believe that with the right approach, you can achieve compliance rapidly without bottlenecking innovation. Static data masking is the best way to protect your test and development data. You need production-realistic data to detect defects as early as possible in the development lifecycle, but you certainly shouldn’t use production data for this purpose.”
To download the full 2024 State of Data Compliance and Security Report use the link below.