Keeping data safe: How to bridge
the business/IT communication gap

Lacking an application data security strategy? Use these tips to foster a more balanced, collaborative approach to data security.


Application data security is a joint responsibility between the business and IT that generates frustration even as it demands collaboration.

Are you concerned about data privacy? Have you unearthed vulnerabilities? You are not alone. Application data security is a joint responsibility between the business and IT that generates frustration even as it demands collaboration. As an application leader, you are instrumental in helping both sides achieve their goals. So how can you facilitate communication? Here are three ways you can bridge the communication gap:

  1. DO be clear about what data needs to be protected, but DON’T be afraid to discuss needs.

    Most IT and development teams are not aware that they come into contact with sensitive data. Business owners should classify private data and assign access controls. These controls do not automatically transfer, however, when data is replicated or transmitted outside the production environment.

    The opposite is also true, of course. IT is tasked with implementing security policies that shut down processes in the interest of protecting data. They do not realize that they may be inhibiting productivity, which is counterintuitive to business objectives. The solution is collaboration, early and often.

  2. DO use production data in nonproduction environments, and DO use tools that protect data for this purpose.

    If your development team is copying production data to test a new feature, you could be in breach of a data privacy regulation. Some data is private and should always be subject to security precautions, even in test environments. At the same time, however, developers need properly formatted data in order to test functionality. They can’t simply plug in a series of letters, for example, when an application calls for an explicit government ID.

    Fortunately, there are tools to help protect data privacy while still enabling development teams to conduct work in nonproduction environments. If you need to hide the real value of data while maintaining its format, use data masking. In other words, replace actual government ID numbers with those having equivalent length and character pattern.

    If you are unsure whether nonproduction environments are putting sensitive data at risk, consider data discovery and profiling tools. These are programmed to hunt for data that is normally classified as private and can alert you to any potential risks of exposure.

  3. DO understand regulatory and compliance issues, and DON’T wait for a breach to implement best practices. One of the biggest concerns related to data privacy is government and industry regulation. Work with your data governance team to make sure developers are aware of the severe legal and financial implications a security breach can have on the business.

    Remember: Education is key. IT personnel are most likely unaware of critical data privacy needs or regulations. Help them understand the consequences of seemingly small actions. At the same time, encourage IT to teach business and application development teams the most effective ways to camouflage substitute data in a test environment. The collaboration will pay off.

For more information about the benefits of data masking, read Driving value without locking down your data.

Related content



Humana relies on Informatica Data Integration hub to personalize member plans and programs for increased customer engagement.


4 recommendations for securing your cloud applications

Security problems are not inherent to the cloud, but they are inherent to being human.


Quiz: How secure is your corporate application data?

Think your application data is secure? Find out if commonplace practices have left your corporate data more vulnerable than you think.


3 challenges to data privacy in a hybrid IT world

Avoid risking your data entering the cloud unprepared or missing out on its benefits altogether because of an over-zealous security team.