5 min read time

The Importance of Test Data Management in the Modern Era

by in Cybersecurity

Starting with the traditional Software Development Life Cycle (SDLC) of Waterfall model to the recent DevOps model of development cycle, all these models emphasize one unique phase: testing of the application for its functionality. In today’s SDLC process, application deployment (target) platform or application development platforms are changing in the name of technology advancement. A good example is looking at the number of applications moving from on-premises to complete cloud and hybrid deployment models. However, even with these technology advancements, the functionality of the application rarely changes. It has also been determined that no matter the application development platform, the quality of that application depends on how well it is tested before gets deployed. To validate an application thoroughly for its functionality, application code and its logic goes through at least 10 or more vigorous testing types and techniques including Unit testing, Component testing and others. 

Traditional approaches of application development typically requires maintenance of multiple “environments” for structured data and code: Development, Test, and Production are the most common examples. In each of the lower environments, developers and quality assurance staff require sets of test data to create new application functionality and execute unit, integration, and system tests. 

In a traditional SDLC Model, the testing phase starts after the completion of the development phase. Quality acceptance of the product/application arrives after a few iterations of Development->Testing-> Development cycle as defined by the organization’s senior leadership and agreed by the application team and the quality team.

Recent advancements in application development based on Agile/DevOps suggests that the Testing / Quality Assurance (QA) team be an integral part of a technical team to become quality facilitators whereas the necessary level of quality is defined by the organization. In this SDLC model, organizations define quality of application as, satisfying customer experience within the given resources and the given timeframe. 

In the case of agile development, testing is part of the development and coding. Since Agile testing focuses on identification and repair of the faults immediately rather than waiting for the entire development to complete, it covers all types of testing as soon as the coding is done. This means every sprint release is delivered after testing for its application functionality and source code.

The DevOps model of SDLC has many aspects of agile SDLC methodologies. It is based on CALMS - Culture, Automation, Lean, Measurement, Safety. DevOps uses a combination of tools to automate each of the Build & Test, Continuous Integration and Continuous Delivery of software/applications in shorter time with higher quality.

DevOps model

In each of the SDLC models, the quality definition by organizations drives the QA team to focus more on the automation of testing which also leads to a generation of test input or test data to be created using automated methods to match with the speed of testing. Since the application functionality is changed rarely, a sufficient amount or subset of data from current production data is extracted and used as test data. As the QA team explores different tools and technologies including cloud-based QA tools, the creation of test data and sharing it with geographically distributed QA team poses another challenge with respect to security of personal data in the test data. 

In the past, it may have been acceptable to periodically export production data and then import that data into the lower environments. Considering the risk of a data breach and regulatory compliance violations, these simple practices no longer satisfy security requirements. Instead, organizations are now pressed to quickly and effectively “protect/obfuscate” sensitive data from a production source as it is moved into a lower environment. 

As DevOps and Agile development cycles enables organizations to narrow the gap of application software delivery, the need for secured quality test data is also increasing to avoid a penalty due to non-compliance of data privacy regulations. 

Test Data 5Ws and 1H of Test Data Management

Due to the emergence and growth of data privacy laws, organizations can no longer use real production data for testing, development, quality assurance, or education. Therefore, they need the right tools to generate anonymized and protected data and still deliver needed insights.

Traditional Questions Related to TDM Solutions

Micro Focus Point of View

Why will test data be created?


Test data is created to validate new features and functionalities of the applications being developed. It involves using tools and processes for creating a relationally intact, reliable copy or subset of production data, or data similar to it.


When will the test data be created?


Based on the functionality or new feature sets of the application, test data will be created during the development cycle of the application.


What kind of test data will be created?


It depends on the application and where it will be used. It is based on database schema and can be in the form of CSV or structured text files.

Who are the users consuming the test data?


It consists of test engineers (functional, integration, system) and the quality assurance team.

How will the test data be created?


Based on the requirements, test data will be generated using Manual, Automated Production Copy, and Automated Synthetic data generation. The process and cost involved in Manual and Synthetic data generation is remarkably high. Automated copy of production data is preferred because it is already in line with the required database schema. However, the requirement of protecting or sanitizing the sensitive data, (per security policies and testing requirements) must be ensured.

Where will the test data be used within the organizational structure?

The test data will be used by application development teams and cross-functional teams such as testing and quality assurance.

Thanks for reading this initial blog in my upcoming Data Privacy blog series focusing on Secure and Compliant Test Data Management. I wanted to provide an introductory view on the importance of Test Data Management (TDM) in the modern era of application development. In my upcoming blogs I will cover what is Test Data Management (TDM) and how our CyberRes Voltage solution automates data privacy and protection of sensitive, regulated production data for use in test development pipelines for functional app testing, training, QA, and related use cases.


Join our Community | Data Security User Discussion Forum| Tips & Info| What is Data Security?


Data Privacy and Protection