In an economic environment where every penny counts the thought that an "average" data breach could wipe £5million off the bottom line is a sobering thought for those responsible for an organisation's information policy. The majority of this cost is seen through loss of business, with the Ponemon Institute stating that a single breach could cost 1/3 of an organisation's customer base. When margins are squeezed and competition tight the impact of poorly protected information is only going to grow.

The issue is not however with production systems. These should  and often are "locked down" and protected so that only those authorised have access to information and that those visits are tracked. Far harder to protect are the test and development systems that are cloned from production disks. Whilst the data is the same sensitive information that is fully managed in production, the environments in which they are placed are far from secure. Securing the environment locks the data but makes that same environment unfit for purpose. Opening the security allows the developers to perform their tasks yet exposes sensitive information.

The conclusion can only be Clones of production should not be used for Test and Development.