maravis.com

One of the things that I have noticed is that a lot of companies use production data for testing. They usually justify this by saying that some use cases can only be reproduced by using production data. PCI-DSS requires that production data is scrubbed or sanitized before being used for testing purposes. The Ponemon Institute has come out with some interesting (and scary) data on data security during development and testing.

A new product from Voltage Security claims to use a technique that may make implementing database encryption easier. The product, called SecureData, encrypts data without requiring changes to the column lengths.