Risks & Metrics Mistakes

Privacy and Metrics of Testing and Staging Environments

The big hacks we have heard about have typically struck production environments, but staging environments sometimes have data worth stealing too. We need to become more mindful of the data used in CIAM (customer identity access management) systems and prevent untested code from reaching production. In an article for CSO magazine, Susan Morrow touches upon five areas of interest in protecting data:

  1. Data quality
  2. Data storage
  3. Code security
  4. Hardening endpoints
  5. Good security policy and best practice

Cover Your Data

Some of the time, the data you use will have to be real data, but ideally old data. Yet old data can still have some unfortunately valuable aspects to it. Morrow recommends using emulator data/data-masking if you can. Data should furthermore be encrypted in the same ways it would be in a production environment. And about code security, Morrow says this:

Secure coding practices should be a design remit before the developer even begins. Insecure coding techniques are behind many threats as they build vulnerabilities into the code. Code metrics and testing using external code analysis can help to build secure code, but your own internal test metrics should also become part of the ongoing test environment…

So basically, a lot of these tips keep harping on the same central point: Treat staging environments with the same security habits as production environments. And practice good hygiene with the way data is used.

For further elaboration, you can view the full article here: https://www.csoonline.com/article/3246060/identity-management/privacy-and-metrics-of-testing-and-staging-environments.html

Show More