De-identifying Data for Software Development and Testing at Enterprise Scale

Shannon Thompson
March 23, 2023
De-identifying Data for Software Development and Testing at Enterprise Scale
In this article

    Protecting sensitive data for secure distribution to software testing and development teams at an organization-wide level poses a number of challenges for enterprises. Front and center are the challenges of:

    • Effective coordination between stakeholders and users: De-identifying sensitive data requires input from various parties, including security teams who need to ensure compliance with regulations and internal policies. Additionally, onboarding new users can be difficult when knowledge about data privacy standards is siloed within the mind of one expert on the team.
    • Maximizing efficiency: Distributed decision-making wastes valuable time by delaying or duplicating efforts, which gives rise to bottlenecks and frustration, and increases the likelihood of errors. At the scale of terabytes of data and hundreds of columns, the need to streamline workflows is magnified. 
    • Enabling standardization: The more users and teams involved, the more difficult it becomes to have the global visibility to ensure that the same de-identification policies are applied consistently and to the required standards across databases and developer environments.

    The Enterprise Fake Data Platform

    The Tonic platform is uniquely suited to solving the challenges of turning sensitive data into realistic, safe data at the enterprise level. A number of Tonic’s features are purpose-built to address the enterprise. Here’s just a sampling of these essential capabilities:

    • Privacy Reports: To verify compliance with de-identification standards, teams can export privacy reports for each of their organization’s workspaces in Tonic. The report captures the intersection of data schema, sensitivity, and protection (generators applied), and includes additional classification for fully anonymized columns, to validate the level of protection achieved. These reports can be shared with security and Infosec teams external to Tonic.
    • Workspace Inheritance: Streamline your organization’s privacy settings across multiple use cases by easily reusing de-identification configurations across multiple environments connected to the same source database. Workspace Inheritance significantly speeds up the configuration of workspaces across teams, while ensuring consistency in the quality and degree of protection achieved. As changes are made to the parent workspace over time, the child workspace will continue to inherit those parent configurations, including schema-related changes or de-identification policy updates, allowing for more efficient scaling of Tonic across your entire organization.
    • Generator Presets: Going down to the column level, Generator Presets allow users to quickly and easily apply the same generator configuration on a per generator basis across workspaces to ensure consistent de-identification output and to dramatically reduce repetitive tasks in transformation efforts. It represents an efficiency game-changer by offering significant time savings for Tonic’s users.
    • Role-based Access Control (RBAC): Customize access permissions for Tonic users on your team to maintain your organization's security standards. Beyond offering built-in workspace Manager and Editor permission sets, Tonic lets you create your own collections of granular permissions that can be assigned to users or SSO groups. With this flexibility, companies with segregated duties can give more users access to Tonic to perform required tasks, without having to compromise on security.

    Privacy + Productivity = Value Across the Enterprise

    Ultimately, enterprises are looking for a return on investment when implementing a de-identification solution. By streamlining the de-identification process and allowing for efficient scaling across teams and environments, Tonic boosts engineering team productivity (and satisfaction!) so you can maximize your investment in valuable team members.

    The business case for a modern test data generation platform—designed with the enterprise and the developer in mind—is clear. Tonic's generator presets and workspace inheritance features ensure that the same de-identification standards are applied consistently across databases and environments, reducing the likelihood of errors and improving overall data quality. By providing visibility, reporting on data flows, and granularly managing permissions, Tonic reduces the risk of costly (internal or external) data breaches and compliance violations. Doing the right thing is also better for business.

    Tonic is purpose-built to address the unique challenges that enterprises face when de-identifying sensitive data. By offering streamlined global visibility and controls, Tonic powers productive, efficient engineering teams at scale. Connect with a member of our team to learn more.

    Shannon Thompson
    Senior Product Manager
    Shannon is a product manager at

    Fake your world a better place

    Enable your developers, unblock your data scientists, and respect data privacy as a human right.