Part 1 of this 4-part series defined TDM and explained why it’s crucial to the success of your organization. Part 2 identified key stakeholders and Part 3 described some of the challenges associated with implementation of a TDM strategy. In the conclusion of the series, Principal Consultant Bill Clayton details BMC Compuware’s TDM solution and describes the benefits of implementing a TDM strategy.
BMC Compuware offers a comprehensive Test Data Management solution which includes an end-to-end combination of the technology, expertise, and best practices needed to support a data protection and optimization initiative across the enterprise. By implementing a TDM solution, an organization can reduce its risk of exposure, increase productivity, and reduce the overall test data footprint, all while lowering the cost of managing data.
BMC Compuware Test Data Management Best Practice is one of the key components of the solution. It provides the guiding principles to build or enhance the process of preparing secure data environments to support the IT functions related to the usage and delivery of data in production-like conditions such as testing, training, etc. It allows for right-sized, desensitized, on-demand data. The solution allows for the diverse technical, organizational and political challenges associated with the protection of proprietary information that project teams typically encounter. The methodology outlines the phases, activities, tasks, and deliverables that encompass the implementation of a complete data management solution within the context of an existing Quality Assurance Life Cycle.
The purpose of the BMC Compuware Data Management Best Practices is to facilitate the initiation and execution of a data management endeavor. This is accomplished by relieving the pains related to the scoping, planning, organizing, managing, controlling, and delivering data environments with fictionalized sensitive information. This approach is based upon the implementation of proven software technologies; in particular, with the BMC Compuware File-AID suite of data management products, as well as Topaz and Topaz for Enterprise Data. This suite of tools enables an organization to ensure that successful data subsetting and de-personalization procedures are employed across the enterprise.
The key to a successful Test Data Management solution is to know your data. Having an up-to-date data model is crucial.
Data model analysis documents a representation of the information assets utilized by the business. It is a commonly used documentation tool that fully describes the data components of an application system. It identifies all of the physical data structures, their attributes, and their relationships to all of the other structures in the system. The goal of the data model analysis activities is to provide knowledge about the environment’s data, determine the elements that are considered sensitive, and to define their association to other data objects.
Function Model Analysis identifies and documents information about the application processes. It determines what business rules and logic apply to the data considered sensitive or private, and it outlines the expectations of how the affected data should be changed as a result. Function Model Analysis is also important in order to understand any/all data validations and checks done against sensitive fields within the application programs. This is a critical step so that any fields having undergone disguise treatment maintain the same validation results after being disguised. All enterprises have their own list of data elements to be considered for obfuscation, but some of the most often chosen candidates are:
1. Driver’s license number
4. Date of birth
5. Telephone number
6. Tax identifier
The analysis documents are peer and customer reviewed for acceptance and sign-off.
The design describes the processes to define the strategies for the extraction of the data to be protected, the disguise techniques to be applied to the sensitive data included within the extract(s), and the considerations to be observed when loading the extracted and disguised data into its target environment(s).
The design should be generated by following the framework of the specific details identified and documented in the previous analysis phase. This should include details such as the physical locations of where all of the data and corresponding structural layout information are located, how that data is used by both the applications that interface with it and any testing procedures and processes that impact it, and most specifically, where all of the sensitive data elements are contained within the data necessary to build a fully functioning test data environment that emulates the production system(s) it supports.
The primary purpose of the design phase is to chart a strategy for the extract of the necessary test data, the disguise of the sensitive fields/elements contained therein, and finally the subsequent load of all of the combined data. This should be done while taking into consideration the specific requirements, dependencies and restrictions discovered during the analysis phase.
The deliverables of the design tasks are designed to provide written specifications that will serve as the basis for the development of specific data management rules and processes. In the context of BMC Compuware’s Test Data Management Best Practices, design information is documented to address the Compuware File-AID and Topaz product suite specifically, which provides the data management capability.
This is the process to build and test the extracting and/or subset of related data from a source environment, obfuscating sensitive elements, and loading the obfuscated data to a target environment.
The major source of input information for the tasks to be performed during the development phase of a TDM project is the documentation produced during the design phase. Such deliverables should serve as detailed instructions for programmer/analysts to build and test these processes.
A critical success factor for delivery is to fully understand the application QA life cycle, the processes in place, the testing requirements, the roles of the QA organization, etc. This is part of the information collected during the analysis phase. To some extent, the delivery phase is similar to rolling out a business application to production. But in the case of a TDM solution, deployment is made to the different QA environments where data needs to be protected, and delivery of the extract, disguise, and load processes is fitted within the existing QA cycle.
It is critical to prepare for delivery of the solution by making sure that appropriate access to documentation and human and technical resources is readily available. This phase involves, in addition to the data management implementation group, the integration of a multi-disciplinary team including Security, Applications, Quality Assurance, Auditing, Systems, DBAs, Architecture, Technical Support, etc.
At the conclusion of the delivery phase then the ‘implementation’ is over. The new TDM solution must be owned and managed to keep it current. Following are some of the benefits you can expect from a robust TDM strategy:
1. The analysis document doubles as an inventory for where sensitive data is stored. Such an inventory is often required by legislation.
2. A better understanding of the enterprise data and how it all works together.
3. Knowledge of where unwanted and/or unneeded data resides.
4. A suite of jobs that can be run when required, on a schedule or on an on-demand basis.
5. Cost savings in the form of reduced DASD can be substantial. A major US bank reported savings of millions of dollars when they reduced their test data footprint down to 20% of its original size.
As you can see, proper Test Data Management, guided by a robust strategy and comprehensive solution, helps mitigate risk, ensures regulatory compliance, addresses the concerns of stakeholders, and increases productivity, all while helping to reduce cost.