ARCAD Protects Test Data with Anonymizer
October 7, 2014 Alex Woodie
The specter of Russian super hackers breaking into corporate servers may be enough to give your CIO the willies. But there are many other ways data can walk away from your headquarters, including poorly protected test environments. Now ARCAD Software is helping IBM i developers secure that sensitive test data with a new product called Anonymizer.
The new ARCAD-Anonymizer product does pretty much what its name implies–it anonymizes data. It’s designed to be used in test environments where developers often use copies of production data because it closely replicates the real-world conditions the application will see when it completes testing. The software is Java-based and can run in IBM i, Windows, Linux, and other environments.
Anonymizer includes a series of algorithms that scramble and mask data. The key here is that the software scrambles the data just enough so it no longer carries much value to Russian super hackers and ne’er-do-wells lurking inside your organization, but not enough that it entirely loses its resemblance to the production data that the application will soon be running against. In this manner, the data no longer poses a security threat if it’s lost, but it also retains the key characteristics that make it attractive to testers in the first place.
Mark Dallas, ARCAD’s R&D director, says the software can be accessed from a command line or by calling a Java API. Users can anonymize entire tables in a database, or just scramble or mask individual fields that contain particularly sensitive data, such as names, addresses, and Social Security numbers. It primarily targets character-based string data within a database, but can be extended to target numeric fields with a Groovy script, he says.
The software can also be used to replace data in a test database from a separate external database, which provides functionality in addition to the scrambling and masking algorithms. For example, the software could replace a customer’s last name with a last name pulled from an external database.
Anonymizer will also “create a special kind of relationship between the original data and the transformed data just to be sure that you’re always going to get the same transformed data,” Dallas tells IT Jungle. “This is really important because when you’re going to make an upgrade of your test database, you must be sure you’re going to provide the same data.”
The software can also help testers discover data to be anonymized, which is a capability it borrows from ARCAD’s test data extraction product, called ARCAD-Extract. The company says Anonymizer can be used either standalone or in conjunction with Extract for extracting test datasets directly from production. The software can also work with a variety of ETL and database replication products via its Java API.
The Anonymizer functionality has existed for years within other ARCAD tools, but the company decided to pull it out and present it as a separate tool because of the growing need for DevOps tools to manage test data. This is part of a concerted effort on the part of ARCAD to push heavily into the testing tool market, which it will target with another little-known ARCAD regression testing tool called Verifier.
“I’m definitely confident that the testing market is not developed enough in the IBM i space,” ARCAD CEO and Chairman Philippe Magne tells IT Jungle. “There is a large number of companies who are embarking upon enterprise modernization, and within modernization there’s a need to mitigate risk. You need to have tools to ensure you won’t have any regression with the level of change you’re going to do. That’s why our regression testing tool is very strategic.”
ARCAD-Anonymizer is available now. For more information see the company’s website at www.arcadsoftware.com.