Bank software testing putting customer data at risk - Informatica

Bank software testing putting customer data at risk - Informatica

UK banks are putting customer data at risk by using it during software development and testing without proper safeguards, according to a study commissioned by vendor Informatica.

The survey of 437 senior IT employees at financial services firms in the UK, carried out by the Ponemon Institute, shows 85% of data used during software development and testing is made up of customer information, yet 43% of respondents are not taking any steps to protect it.

Meanwhile, 41% say that their organisation uses less stringent safeguards to protect confidential data during the testing and development of their Web portals and applications than during the initial production stage.

This approach appears to be a result of confusion over culpability - around a quarter of those quizzed say that no one department has responsibility for protecting this data, whilst another 16% reveal that duty lies with their business heads.

With security, compliance and legal teams being sidestepped, decisions around data protection are being made by those who are more likely to be driven by the need to meet corporate targets, rather than addressing data security risks, argues Informatica.

In addition, nearly 85% of respondents say that their organisation outsources the development and testing of software applications, further complicating compliance matters because in over half of cases, this involves sharing real data.

By not ensuring that third parties have appropriate safeguards such as data masking in place, banks are greatly increasing the likelihood of customer data being lost or stolen, claims the vendor.

New technology is also having an impact, with more than a third of respondents using public cloud computing infrastructures or platform services in testing and development environments. Of these, 46% admit that they are not confident that the data held there is secure.

John Poulter SVP, Emea, Informatica, says: "Every day people trust their banks to adequately manage and protect their personal information and it's worrying to see that they are being unwittingly exposed to unnecessary risks. Despite a string of high profile data breaches in the financial services industry, it appears that IT professionals need a further reminder of the need to effectively manage customer data."

Comments: (1)

Ketharaman Swaminathan
Ketharaman Swaminathan - GTM360 Marketing Solutions - Pune 18 March, 2011, 09:21Be the first to give this comment the thumbs up 0 likes

The findings of this study resonate well with the ground reality found in many banking software development and testing engagements. Vendors think it's the bank's responsibility to mask customer information before handing it over to them (i.e. vendors) whereas this study raises an interesting point about the responsibility for masking data lying with vendors. Tight deadlines, ignorance of this issue among project staff, and other contributing factors will likely continue, as will the non-involvement of non-project experts. Looks like a viable solution to the problem is unlikely to come from inside banks or vendors.