Informatica

Axon Data Governance provides access to the data in your system via the aforementioned data quality dashboard. The same dashboard exposes metadata attributes, business terms, processes, and so on, with an emphasis on modelling your data specifically as it relates to your business. Furthermore, it is easy to access any underlying physical data via integration with Enterprise Data Catalog, and this access is provided via a multi-dimensional search across your entire system, either globally or for a particular type of asset. In addition to the dashboard, a detailed data quality assessment is available for each data asset, complete with business lineage data that is displayed visually. You can also make change requests through this interface. If your request is approved, a workflow is triggered to coordinate relevant stakeholders to implement the necessary changes, as well as documenting any changes made.

Another view within Axon Data Governance is related to data privacy and compliance, which allows you to view privacy information on data assets in more detail. It lets you see precisely how your data has been used, accessed and reported on. As with many tools of this nature, this means that you can both ensure that you are complying to a regulation and prove that you are doing so.

Figure 2 – A process map of policies in Informatica Axon

Axon Data Governance also provides a significant level of support for the creation and implementation of policies, particularly those oriented around data quality and data privacy. Specifically, it allows you to design and build a policy hierarchy, as illustrated in Figure 2, beginning with an abstract description of your policy, and ending with concrete business rules that can be executed on your data assets. Policies will typically be organised by project although, of course, reuse is possible. Projects may be purely internal or they may be related to regulations such as the General Data Protection Regulation (GDPR). Axon also has significant graphical capabilities (backed by a graph database) in this area, so that you can visually explore relationships both across policies and between policies and projects.

Axon Data Governance models data assets as they relate to the business, making both your data, and the relationships between it, much easier to understand and utilise, particularly for non-technical users. This enables self-service, data discovery and collaboration, which in turn allows everyone in your organisation to effectively contribute to data governance. In our opinion, collaboration on this scale is necessary to achieve effective data governance at the enterprise level. In turn, data governance is increasingly becoming a necessity to promote data quality and ensure regulatory compliance. To wit, the 2016 Big Data Maturity Survey concluded that “accessibility, security and governance have become the fastest growing areas of concern year-over-year, with governance growing most at 21%.” More generally, the issues that surround poor data quality are well known, and the Gartner Group estimates that bad data can cost large organisations up to 14.2 million dollars per year.

The Bottom Line

Axon Data Governance provides data quality, data privacy and data governance capabilities within a single solution. By itself, it is very capable. However, combined with other products in the Informatica Intelligent Data Platform, it forms the crux of an extremely thorough, well-integrated, and complete data governance solution.

Fig 01 - Informatica Data Privacy Management integration with Axion

Considered holistically, Informatica’s approach is that you start by creating actionable data privacy policies (integration with Axon – see Figure 1 – from which you can overlay policies into Informatica Data Privacy Management). Then, discover and classify your sensitive data; uncover and map “identities” to data (that can be used to support data subject rights requests under regulations such as the GDPR and CCPA); analyse the risks posed by sensitive data so that you can prioritise your protection plans; protect the data (masking and other techniques); respond to rights and consent requests; and, finally, be able to track and report on all of this.

The facilities for discovering sensitive data, which may be run against samples of the data, if required, are extensive and can be automated using ML and AI. You can match on the metadata via patterns, regular expressions and rules and you can also introspect SQL – both SQL queries and any SQL used for data movement purposes – though not stored procedures. Distance constraints (for example, post code needs to be near city name) can be used and you can define white (always sensitive) and black (never sensitive) lists. In the latest version, the underlying engine can make recommendations about what should be in these lists. The leverage of primary/foreign key relationships is planned for the next release. For unstructured data the product uses AI to look for parts of speech and otherwise relies heavily on the use of reference data. When potentially sensitive data is discovered you can set your system up to automatically agree that this is sensitive or that it is not sensitive or that it needs human validation, according to thresholds that you define.

Fig 02 - Risk simulation planning in Informatica Data Privacy Management

The use of identity mapping, is interesting because it allows you to support rights requests: for example, where is Philip’s data? To discover and map identities, the product uses fuzzy matching and the product ships with various pre-built classification policies such as PCI, GDPR and so forth. This is augmented by support for domains (name, email address and so forth) which are provided out of the box and can be combined.

Finally, we should mention the risk scoring (see Figure 2). In addition to providing risk analytics and key performance indicators there is also risk simulation planning. This allows you to see the impact of using different approaches to say, masking.

While sensitive data isn’t only about personal data, it is issues over complying with new privacy regulatory mandates that are driving the market for sensitive data discovery and the subsequent protection of that data. Informatica is well-known as a market leader in the data management space and this is where its strength lies. The company has very strong credentials when it comes to structured data and it has focused its discovery capabilities in this area, where it has significant strengths. We particularly like the company’s support for managing identities, which makes a lot sense within the context of GDPR, CCPA and similar regulations to determine data access.

Conversely, Informatica has respectable rather than comprehensive capabilities when it comes to discovery in unstructured environments. But, and this is a big but, companies that have focused on discovery for unstructured data tend to have very limited structured capability, typically limited to just Oracle and SQL Server. Most large enterprises are not limited to just these providers which would mean having two different sensitive data discovery solutions which, to our minds, does not represent any sort of solution.

The Bottom Line

Organisations should be aiming to have a single solution for sensitive data discovery that enables a data privacy governance strategy across a global enterprise. Organisations with multiple heterogeneous database implementations, as well as file systems, that they need to secure, would do well to shortlist Informatica as one of only a few companies that offers significant structured data discovery along with unstructured support.

The product provides a variety of methods for data subsetting and rules for generating synthetic data (including bad data), as well as extensive options to support data masking. The latter is policy-driven, and includes support for unstructured data, federated masking (to ensure consistency across multiple datasets), and encryption. The last of these can be reversible or not as the situation requires, is based on NIST approved algorithms, and can be either format or metadata preserving. The product also ships with out-of-the-box masking policies that support PCI, PII and PHI compliance.

A major capability is the creation of a test data warehouse that can be used to provision updated test data on demand and without troubling the production environment. This links into DevOps environments and tools (such as Jenkins) and there is integration with HPE ALM. In addition, there is support for flat files as well as databases.

Fig 1 The self-service portal in Informatica Test Data Management

There are multiple ways to enable self-service within this environment. For example, you can distribute data to your testers via a parameterised test data plan: testers fill in the plan’s parameters whenever they need relevant test data and receive it accordingly. The product also includes a self-service portal (shown in Figure 1) that allows test data admins to publish test data sets for consumption by testers. Testers can provision any data sets that are made available to them, and can modify, subset or copy them locally as they will, allowing them to customise their test data for their specific testing requirements. Data sets can be published directly to the portal from within the test data warehouse, and once within the portal can be tagged to make them easier to search through.

Fig 2 Test data coverage in Informatica Test Data Management

TDM also provides a graphical test data coverage capability, as seen in Figure 2, that allows you to see whether you have sufficient data to provide the level of coverage you require. The blank spaces in the picture indicate uncovered test data combinations. Armed with this information, you can augment your test data as necessary.

For the discovery of sensitive data, Informatica provides discovery options that use pattern matching, dictionaries, algorithmics, and other techniques – including machine learning – to reduce false positives. Relevant curation facilities are also provided. Moreover, these discovery capabilities are extended by Informatica Secure@Source, an additional product that provides enterprise-wide discovery of sensitive data and continuous multi-factor sensitive data risk monitoring. In particular, Secure@Source provides lineage against masked data and allows you to see where data has been masked as it flows through your enterprise. Moreover, Secure@Source is integrated with TDM’s masking functionality, allowing you to, for example, start a masking process in TDM from within Secure@Source.

Informatica TDM is an outstandingly broad solution, offering functionality that covers almost all aspects of test data management and enabling it to address a wide variety of use cases. Its capabilities include data subsetting, static data masking, synthetic data generation, data discovery, test data provisioning, and format-preserving encryption. Moreover, it is highly capable in all of these areas. This is a rare thing, especially in regards to synthetic data.

Several of its capabilities serve particularly well as differentiators, including the ability to visually display test data coverage, the test data warehouse and the self-service portal. The latter is an especially strong point in the product’s favour: the ease of use and reduced reliance on a test data admin that it provides could be a major boon to your testers’ productivity.

In addition, concerns over data breaches and regulatory compliance (particularly GDPR) have been prominent in 2018, and this will likely continue throughout 2019. Data breaches, in particular, are rapidly becoming a case of “when, not if”. This has led to an increased need for data security, which will often overlap with test data management. For instance, data masking is frequently used for both purposes. Consequently, the fact that Informatica is able to provide both test data management and data security solutions is appealing, since it can make sure that your solutions for the two spaces are well integrated where they overlap. Moreover, it will often be easier to extend an existing data security solution (such as Informatica) to cover test data management (or vice versa) than to start from scratch, not least because at least one major component – masking – will most likely already be in place.

The Bottom Line

TDM proves very competent in almost all areas of test data management. It is certainly a market leader, and it should most likely be on your shortlist.