Perforce Software has published the findings of the Delphix 2024 State of Data Compliance and Security Report. This inaugural report delivers exclusive research on the challenges of protecting sensitive data in non-production or lower environments, such as development, testing, analytics, and AI/ML.
“Our goal with this report is to share the realities of sensitive data exposures in non-production to help enterprises better protect their data moving forward,” said Ann Rosen, Director of Product Marketing for Delphix by Perforce. “Protecting sensitive data — data with personal identifiable information (PII) — in non-production has become more important over the years as cyberattacks target these environments. Companies need to do more to protect sensitive data.”
The report also reveals that the challenge of protecting sensitive data will only get more complex with the rise of AI. 85% of enterprises report concerns about regulatory non-compliance in AI environments. Even more troubling, 68% of organizations surveyed perceive a lack of solutions to tackle data privacy in AI environments.
“AI is transforming industries, and data is at the heart of AI,” said Rod Cope, Chief Technology Officer of Perforce Software. “When it comes to AI and data, it can be a double-edged sword. There’s a lot of excitement around the innovation possible in AI, but data in AI environments must be protected. The findings in the State of Data Compliance and Security Report underline the importance of complying with data privacy regulations in AI environments, too.”
Overall, 91% of organizations are concerned about the expanded exposure footprint across all lower environments (including software development, testing, and data analytics). Yet 86% of organizations allow data compliance exceptions in non-production. As a result, 54% of organizations have already experienced a data breach or theft involving sensitive data in non-production environments. In Delphix’s experience, if this data is not protected, the consequences can be dire. Indeed, 53% have already experienced audit issues and failures related to non-production.
To mitigate these concerns, organizations are turning to tools and approaches like static data masking, cited as a current solution by 66% of organizations surveyed.
“We hear all the time from customers that exceptions are given because it’s too complicated and time-consuming to achieve compliance without slowing down development or impacting quality,” said David Wells, Product Lead of Compliance Products for Delphix by Perforce. “At Delphix and Perforce, we believe that with the right approach, you can achieve compliance rapidly without bottlenecking innovation. Static data masking is the best way to protect your test and development data. You need production-realistic data to detect defects as early as possible in the development lifecycle, but you certainly shouldn’t use production data for this purpose. That’s why we’re continuously evolving Delphix masking solutions to meet the ever-expanding data compliance landscape, regardless of data source or environment.”
