Thursday, April 20, 2017

Don't Expose Customer Data in Demos

One problem of creating compelling demos is having realistic data to show, and use cases that customers can relate to.  One simple trap that many companies fall into is that they use real customer data, or their own internal user data, and in both of these cases you run up against issues of data protection and ethical abuse of power.
This article on ars technica shows how a security vendor fell foul of this trap and had some prolonged abuse of customer data.

Instead how can you show plausible stories?

  1. Create Data to tell these stories - use scripts, random name generators and so forth to make up plausible data.
  2. Alter any existing data - remove any identification of users, customer data, sensitive data of any kind.
  3. Any reference to existing customer problems should not identify customers without permission, or provide sensitive data that could identify their situations