It’s not unusual for data migration projects to quickly face complex compliance considerations that add significantly to the completion time. With only one month to migrate a small European division’s disparate inventory management system to a newly developed inventory management application, the global manufacturing company’s development manager faced two sizeable hurdles:
• Users throughout the world wouldn’t have access to data during the migration process
• Real user data had to be sent out of the country from the European division’s data center to the U.S., raising compliance issues that had to be overcome or risk severe legal penalties.
While the first hurdle was certainly an important consideration in completing the project in a timely fashion, overcoming the data compliance issue was far more critical to the success of the entire project. Adding to the complexity of the data compliance issue was the need to accommodate the data compliance laws of two different countries. The result was that the project must include audit reports verifying that all data was properly disguised to meet the compliance laws of both countries before any real user records (data) could be sent to the U.S. for test purposes.
Experiencing a data breach is never a good thing. But blatantly ignoring a law that could land his CIO in a foreign jail and could cause the development manager personal damage was a risk he couldn’t take.
So now, on top of the scattered documentation, proprietary VSAM files, and a limited budget, the development manager also had to accommodate two different interpretations of data disguise rules while still enabling valid tests so this migration was complete within its allotted downtime.
Luckily, with a strong development team behind him, this manager wasn’t easily rattled. The team already confirmed its file and data editing tool could extract segments of the proprietary VSAM files and translate them to standard sequential files to populate the new system. They also confirmed that functionality within the same editing toolset could reduce project costs by allowing the team to filter through test data and identify only the applicable elements. This would greatly improve the efficiency and effectiveness of the testing process. Another benefit of the same tool is that file sizes could be dramatically reduced, which prevented additional expense by maximizing the available storage space. Now all he needed was a way to prove that the data was sufficiently protected by providing trustworthy audit reports for the compliance department.
Already on a roll, he approached the team for ideas on this new privacy complication. It turned out, once again, that the same powerful toolset could be used to disguise the data across multiple platforms as well as provide the audit trails required by the compliance department. In fact, they could even provide this department with access to set the disguise rules, which could add a layer of assurance that all requirements were followed throughout the process. Since all developers could use the same tool to perform their tasks—regardless of the type of data involved—training costs were minimized and the implementation time for the newly developed inventory management application was reduced.
Taking advantage of the assets available to him, the development manager called in experts from the company’s trusted supplier who could help with the data discovery across the organization’s worldwide enterprise. That information enabled his team to build all the variables into the data disguise rules for every application, which gave them a head start on future migration projects.
The test data assessment process identified how the data flowed throughout their enterprise, suggested alternative methods for disguising fields that needed contextual relevance, and even helped streamline future projects by helping inventory all sensitive data.
Sometimes the stars align and even the most cumbersome-appearing projects come together without a hitch when you have the right team and tools working together.
The project wasn’t even in process and already it was ahead of schedule, under budget, and required less training time to prepare. Now, if only there were a way to easily understand all the business functions of the old system so they knew to code them into the new system.
Well … (It’s never) the end!
Stuart Feravich is worldwide solution leader of Test Data Management for Compuware. He joined the company in 1993 and has been the Test Data Privacy Practice manager since 2008. He has led many high-profile projects for Compuware, including the creation of the first distributed File-AID product as well as helping to conceive, develop, and deliver Compuware’s Test Data Privacy solution. Prior to Compuware, he managed data centers for a large defense contractor, worked for a major regional financial institution, and led major system delivery projects for the world’s second largest office furniture manufacturer.