Application Development

Confessions of a Developer: “I Know Everyone’s Salary”

Companies today are rushing to be more digital, and for many organizations, that means development velocity is under pressure. Hear what developers have to say when it comes to balancing access to data with data security.

With the fast pace of development projects, it’s easier than ever for things to fall through the cracks. Every +1 dev/test environment creates a potential security minefield of an unmasked sensitive field.

With so many loosely managed and often unrefreshed development and test environments out there, on-premises or cloud, it’s no wonder sensitive information leaks out into the wild.

To quote the FTC in a recent note: securing non-production, storing sensitive data in them “is like storing gold in the bank while it is being constructed – it could be risky.”

Companies today are rushing to be more digital, and for many organizations, that means development velocity is under pressure. But with more and more pressure to develop and deliver apps faster, it opens the door to greater security risk, bad quality data and decreased productivity.

The thing is, developers get frustrated too because they require data fast, but their requests take too long because data environments are expensive and time-consuming to create. As a result, they’re forced to work with low-quality, stale or incomplete data, or they cut corners and get data any way they can.

DevOps ups the ante

With the growth in DevOps practices, the demand for data is set to increase. For DevOps to function at maximum speed while applying agile methodologies running multiple projects, their processes require many parallel environments for automated testing.

It’s a big difference from when a developer could once get by with a single or even shared environment. More than ever, developers must work on multiple code versions with corresponding data environment versions to develop, iterate and unit test new features while also supporting a range of existing software and features. It’s a recipe for an embarrassing data breach.

So how do you get DevOps what they need without leaking sensitive salary information?

Developing faster without adding more risk

Let’s take a look at a real-world example. PayBay, an Italy-based company that specializes in developing state-of-the-art electronic money, mobile and analytics platforms, wanted to achieve the speed necessary to keep up with the changing market landscape.

Its slow, complex and manual processes meant environment provisioning for development analytics was taking days; cost restricted the number of environments available; analytics systems lacked full and up-to-date data; more importantly, sensitive personal data was held in test systems, which was not permissible under GDPR. Hence, releases only occurred on a monthly basis, impacting its ability to innovate at speed and deliver full value to its clients.

PayBay decided to embark on an IT transformation journey aimed at helping its development teams build better software, both faster and more securely. The new technology included these key elements: a self-service feature as well as data virtualization and masking.

With the self-service data controls, development teams were able to access a dataset whenever they needed it, for the environment they needed it in - eliminating a ticket-driven, request-fulfill model. Every data refresh across every non-production environment was masked irreversibly, preserving both the referential integrity of data sources from heterogeneous environments. Data virtualization sped up refresh times to minutes.

As a result, they saw a dramatic speed increase with greater accessibility of data that moved software release cycles from a monthly to weekly basis; products were delivered to market 30 percent faster; environment provisioning time was cut from days to just hours; database refreshes went from hours to minutes; most importantly increased data security to comply with GDPR.

What’s the takeaway? Development and innovation velocity doesn’t mean compromising data security during the software development lifecycle (SDLC).

The most well intentioned development projects can create big exposure if shortcuts are taken when delivering data to developers or data security practices are not carried out properly. The secret to success is empowering developers to self-serve on secure fresh, realistic dev/test data in minutes while ensuring sensitive data is masked and anonymized at the source.

You can learn more about how the Delphix Data Platform can make data fast and secure for access across your organization.