Test data: Data protection and quality

For this purpose, it is necessary to allow own developers or external experts to access the development system. In order to be able to develop in a high-quality manner, realistic and detailed test data is also required.

The dilemma becomes clear when the protection of sensitive data and the ability to produce high-quality results collide.

Permissions

Protecting sensitive information may mean deleting some of the data. However, this results in a deterioration of the quality of the development environment. This deterioration can lead to the inconsistency of the system.

On the other hand, providing a high-quality development environment can result in sensitive information becoming accessible to people who are not authorized to view it. When data is to be removed from the SAP ERP system, responsible teams face two major challenges:

First, the traceability of changes in the system. If business users change the affected data through standard transactions, the system logs these changes and thus preserves the original data, for example -change documents for vendor and customer.

Second, the interconnectivity of ERP systems. If business users delete data records directly at the table level instead, this leads to inconsistencies in the SAP system. For example, sales orders could reference a customer master key that no longer exists.

Archiving

To circumvent these two problems, the SAP standard offers the possibility of archiving. However, archiving can only process master data for which there are no more open transactions, and the maximum best result is the consistent deletion of data, which does not provide an optimal development environment. 

The dilemma

An elegant way to overcome the dilemma and provide detailed data in the development environment in a way that protects sensitive information is to mask these records consistently. In the SAP system, data is sometimes stored in different tables and, in special cases, important information is also stored in strings.

This is a feature that makes it very difficult to locate all tables and fields that are relevant for data masking. Once the locations of this data are identified, it is still necessary to ensure that the masking is consistent and system-wide.

This is a major task, which on the one hand requires detailed know-how that may first have to be acquired, and on the other hand also takes up resources that would be better used elsewhere and for other processes.

For the business user, it is difficult to assess whether all storage locations have really been taken into account. Specialized companies such as Epi-Use Labs provide standard software that has been developed specifically for data masking. This software should be flexible enough to be able to map the specifics in a company's SAP system.

Sensitive data is protected in a DSGVO-compliant manner while providing an effective development environment that meets the high and ever-changing demands of businesses.