A security architect is establishing a data governance policy for the company's software development life cycle (SDLC). To comply with privacy regulations and minimize the risk of unauthorized data exposure, the policy must specify the appropriate environment for using real, sensitive customer data. In which of the following environments should this type of data FIRST be introduced?
The production environment is the final stage in the SDLC and is the only environment where real, sensitive data should be used. Development, testing, and quality assurance (QA) environments are typically less secure and should use sanitized, masked, or synthetic data to mirror production data without exposing sensitive information. Introducing real data only in the final production environment is a critical data governance control that helps prevent data breaches and ensures compliance.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
Why is real data not used in earlier development stages?
Open an interactive chat with Bash
What is anonymized or synthetic data, and how is it used?
Open an interactive chat with Bash
What are some examples of security controls that protect real data in production?