Data Security

When using a Test Data Management (TDM) tool, it is important to be aware that such tools often have access to productive (live) data. This access carries significant data protection implications, especially as TDM solutions may enable a larger group of users to access, view, or process sensitive or personal information originally intended only for production environments. Therefore, it is essential for users and administrators to recognize these risks and to implement appropriate technical and organizational measures to prevent unauthorized access, ensure data minimization, and maintain compliance with applicable data protection regulations (such as GDPR). Careful handling and protection of productive data in testing processes must be a top priority to avoid data breaches and ensure the privacy and security of all involved data subjects.

Recommendations

The following checklist is intended to help users configure the XDM installation as securely as possible as part of the Technical and Organizational Measures (TOM) for data protection.

  1. Credential Encryption: XDM needs to store credentials for connecting to source and target database systems. These passwords are kept in XDM’s internal database. We strongly recommend enabling password encryption for all credentials stored in XDM. See Password Encryption for more information.

  2. Secure Communication (SSL/TLS) Enforce SSL/TLS encryption for all communications between end-user browsers and the XDM web UI to protect data in transit from unauthorized access. See Setup SSL encryption.

  3. Restriction of Admin Privileges The ADMIN role in XDM’s permission management system allows members to access all objects within XDM. Grant the admin privilege only rarely and exclusively to highly trusted users.

  4. Minimization of Browse and Script Permissions Minimize the assignment of the BROWSE and SCRIPT permission on connections. This permission allows users to view the contents of source or target tables, which may expose sensitive production data. The SCRIPT permissions allows access to the password of a credential by a script.

  5. Restriction of Diagnose Permissions The DIAGNOSE permission for task executions allows users to view detailed information such as logs and technical internal details. Since log files may contain sensitive information (e.g., connection strings, credentials), grant this permission only to users who require it for troubleshooting purposes.

  6. Principle of Least Privilege for Database Access XDM uses a single user account to access connected database management systems. This account should only have the minimum privileges required to perform its tasks. Assign only those permissions as specified in the official documentation.

  7. Multi-Factor Authentication (MFA) XDM supports various authentication providers, such as LDAP or OAuth. Consider using an authentication provider that supports Multi-Factor Authentication (MFA) to enhance security and prevent unauthorized access.

  8. Regular Permission Reviews Regularly review and update user permissions to ensure that only authorized users have access to sensitive data.

  9. User Awareness and Training Provide regular training sessions and clear guidelines for all users on the secure handling of test data and the proper use of XDM functionalities.

  10. Secure Handling of Session Logging: XDM persists logged-in user sessions in its administration database. Regularly delete expired or invalid session records, and avoid storing sensitive authentication data unless absolutely necessary.

  11. Regular Data Cleanup Implement a regular cleanup process for test data to ensure that sensitive information is not retained longer than necessary. For example, this may include sensitive production data copied into a test environment or sensitive data stored as part of an IceBox generation.

  12. Keep JDBC Drivers Updated Ensure that the JDBC drivers used for database connections are kept up to date in order to benefit from the latest security patches and functional improvements.