Educause Security Discussion mailing list archives

Re: using live Production as sandbox for training

From: Cal Frye <cjf () CALFRYE COM>
Date: Fri, 30 May 2008 12:00:46 -0400

Melissa wrote:

Can anyone provide ANY insight as to the pros and cons of using a live
production system for training instead of creating a seperate sandbox
environment?


A further comment for the wider audience:

I might grant one exception: The data is real, but not yet in production
(you've just purchased the product, the data conversion has been done,
and training is to get folks started). Then training can take place, and
the environment wiped and reloaded when ready to begin production. No
training exercise then alters the live data, but live data is used for
example.

Even then, you risk exposing sensitive data. What if the training class
contains folks from HR, Financials, and Academic departments? An
exercise could display salary or health information to trainees not
authorized to see it, if you're using production data. It's worth the
trouble to create a test database with totally bogus data, that way no
risk of data exposure exists.


--
Regards,
-- Cal Frye, Network Administrator, Oberlin College

   www.calfrye.com,  www.pitalabs.com


"Little strokes fell great oaks." --Benjamin Franklin.

Current thread:

using live Production as sandbox for training Melissa (May 30)
- <Possible follow-ups>
- Re: using live Production as sandbox for training Cal Frye (May 30)
- Re: using live Production as sandbox for training Theresa Semmens (May 30)
- Re: using live Production as sandbox for training Doug Markiewicz (May 30)
- Re: using live Production as sandbox for training Cal Frye (May 30)
- Re: using live Production as sandbox for training Ardoth Hassler (May 30)
- Re: using live Production as sandbox for training Kevin Shalla (Jun 02)
- Re: using live Production as sandbox for training Cal Frye (Jun 02)