Quiz: How secure is your
corporate application data?

Think your application data is secure? Find out if commonplace practices have left your corporate data more vulnerable than you think.


Old systems outlive their usefulness and become orphaned or abandoned. What if they still hold sensitive or classified data?

If you run business-critical applications in the cloud, you may store sensitive or confidential company data outside your firewalls. No doubt your organization takes precautions to protect that data from exposure to the wrong people or environments—but is it enough?

Surprisingly, as an application leader, some of the most common breaches in data privacy happen in your department. Answer the following questions to reveal vulnerabilities that could be avoided with the right best practices.

Q. Have you replicated production application data for testing, development, or reporting?

Many security controls you have put in place for production purposes are altered or dismissed altogether in your data warehouse or development environment.

“Often there’s very little scrutiny,” says Kristin Kokie, vice president of IT, Enterprise Strategic Services, at Informatica. “If you copy your PeopleSoft HR data to test a new release, suddenly developers are staring at actual salary details. If you allow analysts to pull transactional data from a data warehouse, pretty soon they’re massaging those numbers into spreadsheets on their desktops.”

You have lost all user-based access restriction, and any monitoring or compliance you enforced in production is no longer active. “There’s no compliance auditing of a development environment or on a desktop,” says Kokie.

Q. Do some people know too much?

Audit the data employees have access to and question whether it’s necessary. For example:

  • Customer support representatives: These employees need some amount of customer data in order to provide top-notch service. But does a junior employee at a telecommunications company really need access to a celebrity’s phone number?
  • Application production support staff: Although technical support questions need to be tackled in real time, do support personnel really need complete access to data to do their job? A request could expose private information such as an employee termination report, for instance.
  • Application developers: When data is copied for testing purposes, developers often gain full access not only to sensitive information but also to underlying databases and logins. Think of the damage one disgruntled employee could do with that information.

Q. Are you running a “suite” of misfit applications?

When you upgrade or replace old systems with new ones, you might continue to run both sets of applications in parallel. You never know when you might need the old data, right? Wrong!

Old systems outlive their usefulness and become orphaned or abandoned. What if they still hold sensitive or classified data? “You could have highly critical information just floating out there,” says Kokie. “How do you protect it if you don’t know it’s there?”

Now what?

If you answered yes to any of the questions above, don’t panic. You can overcome these vulnerabilities. Make it a priority to know where data resides and who accesses it. A common and simple-to-deploy best practice is to persistently mask sensitive data in nonproduction environments and dynamically mask it in production environments.

Want to get smarter about best practices in data privacy? This white paper offers more detail about how valuable data masking can be.

Related content



Humana relies on Informatica Data Integration hub to personalize member plans and programs for increased customer engagement.


Redouble your security efforts by focusing on the source—the data

Data is the lifeblood  of your organization. Don’t put it at risk by concentrating on securing only the perimeter of your IT infrastructure.


Keeping data safe: How to bridge the business/IT communication gap

Lacking an application data security strategy? Use these tips to foster a more balanced, collaborative approach to data security.


3 challenges to data privacy in a hybrid IT world

Avoid risking your data entering the cloud unprepared or missing out on its benefits altogether because of an over-zealous security team.