SAP Testing Third-party software Security Data Masking

Securing Vulnerable SAP Test Data

By
2 Minute Read

At Risk Data

Sensitive data residing within SAP DEV, TST, QAS or PRE-PRD systems has always concerned SAP teams. It's impossible to avoid and has been a necessary risk teams take to deliver valid test data for development, test and project teams.

The system data refresh process

To ensure development, test and project teams have up-to-date systems and data to work with, SAP teams need to refresh their non-PRD systems regularly. The current frequency for most teams is annually, but the pressure to increase the frequency to quarterly is mounting.

As refresh cycles increase, so does the risk; the data is fresher and more accurate. Prying eyes can see more, and a bad actor can do more. Fortunately, bad actors are rare, but the possibility exists. As does the possibility of leaking sensitive information to those developing and testing within the systems.

Obfuscating at-risk data

Fortunately, it isn't hard work to de-risk the data.

Often referred to as scrambling, masking or anonymisation, data obfuscation changes the nature of the data so that it is no longer recognisable in its original form. Developers, testers, or bad actors can see data, but it is meaningless and thus no longer at risk. SAP teams can be confident that sensitive data is no longer a concern.

Anonymising sensitive data in non-PRD systems can be achieved by several means, including:

  • Scrambling
  • Nulling
  • Substitution
  • Shuffling

However, most of these methods are not suitable for testing. It is difficult to test with data no longer representative of the original. For example:

Scrambling reorders the characters and numbers into a random order hiding the original content, and nulling applies a null value to a data column. Neither is representative of the original data. Shuffling shuffles the data in a randomised fashion. Also unsuitable for testing.

Far and away, the best obfuscation method is substitution. Different, like data, replaces the original at-risk data. The original look and feel of the data is retained, often with the same postcode, same gender, same credit card type, or other details required for accurate testing.

Recommended solution

Libelle DataMasking is a simple yet effective solution to obfuscate at-risk data.

In one automated action, SAP teams can convert selected sensitive data fields into like realistic-looking and logically correct data. Data that developers and testers can access safely and perform accurate tests on.

With over 40 anonymisation algorithms to choose from, SAP teams can produce data sets that accurately mimic the original without compromising testing.

To learn more about SAP data anonymisation, see www.legupsoftware.com/product-libelle-datamasking

To learn more about SAP IT automation, see www.legupsoftware.com

To chat briefly to see how we can help. Make time to talk with Rick.
Rick Porter

Rick Porter

With over two decades of working within the SAP ecosystem, Rick has met and worked with SAP IT professionals from broad backgrounds and experiences. Rick knows the stresses and strains experienced by those managing SAP systems and enjoys bringing these insights and reflections into conversations.

Author

Recommended For You