Synthetic Data Generation as a Strategy for Data Security

Enterprise IT teams have long sought functionally viable data for testing newly created business applications or updates to existing ones. Until recently, enterprises could easily dump production data into lower IT environments for testing. This strategy was affordable and enabled for the creation of curated datasets that aided in the testing of certain business processes. However, as numerous data protection legislation arise across the world, businesses are obligated to preserve and maintain the privacy of sensitive data. Some of these restrictions require businesses to explicitly identify their purpose for collecting and processing personal data. Enterprises can no longer utilize or manipulate data in any way they see fit. As a result, businesses considered data masking, which simply means substituting sensitive information with fake but accurate information. 

Data masking has received massive recognition in recent years as a reliable data privacy-enabling method. While data masking has had some success in many use-cases of privacy-safe data provisioning, it still requires access to the original sensitive data in order to transform it into a privacy-safe version. Second, there are concerns about the possibility of evil actors decoding original data using sophisticated mathematics.

Synthetic Data Generation is Emerging as Another Valuable Privacy-Enabling Technique

The concept of a software-machine autonomously creating needed data with little human input is referred to as synthetic data generation. Typically, a synthetic data-generating software requires: (1) metadata of the data store for which synthetic data must be created; and (2) a technique for constructing realistic yet fictional values, such as value-lists and regular expressions. (3) a thorough awareness of all data relationships, including those declared at the database level and those handled at the application code level. Synthetic data production, besides such user inputs, might harness the potential of ML/AI for intelligent metadata and association discovery.

For some years, the concept of machine-created data has been popular. It appears to be maturing presently. Here are some factors that may drive synthetic data applications to higher adoption:

 • Analytical model testing: Synthetic data for ML and AI are quickly taking center stage as facilitators of intelligent business process management. In analytics, data with specified properties is essential for testing the models that are being built. Such data must be sufficient—and created rapidly—in order to benefit to the company with agility. Enterprises face a data shortage for two reasons: (1) regulatory limitations may prevent real access to potentially secret data, and (2) data with desired qualities may be unavailable. For example, data may need to indicate a link between distribution patterns of distinct variables that are part of the analytics, or data may need to exhibit a particular distribution of values for a certain variable, etc. Such conditions may not be met by widely available data, whether produced or anonymized. Such circumstances may call for rapid and autonomous creation of data using data synthesis. 

 • Greenfield application testing: At the intial stages of developing a business application, there is no current data to disguise and utilize for testing. For testing new applications, synthetic data creation can automate the development of functionally viable and privacy-safe data
 • Integrated application testing: When multiple applications are upgraded in a consistent and concurrent manner, the downstream application may be dependent on data generated by an upstream application. If the upstream program's upgrades are not yet complete, the downstream application may need to mimic the type of data that the upstream application is expected to generate after the update. Here, synthetic data generation can aid in enterprise-wide uniform testing of modifications to interconnected applications.
 • Extreme application sensitivity: Certain business applications are simply too sensitive for their data to be utilized as input for data masking activities. Data from applications such as National Security, Defense, Genetics, Healthcare, Research, and Atomic Power, for example, need to kept private. Synthetic data creation is a potential alternative to creating privacy-safe data for testing such applications.
 • Authorization constraints: In some cases, privacy-safe data must be presented for a commercial purpose, yet the organization may not have obtained adequate consent from their consumers. Furthermore, obtaining consent is a complicated and time-consuming process. In such a scenario, synthetic data synthesis might be considered as a speedier data generating method.

The production of synthetic data is clearly generating interest even though the method may not apply to all circumstances. In addition, the technique may require integration to ML/AI applications to replicate complicated real-world situations of creating inter-related data. Nonetheless, it is an innovative technology that fills a gap where other privacy-enabling technologies fall short. Today, synthetic data production may need the coexistence of data masking, but in the future, there may be a convergence between the two, resulting in a more comprehensive data generation solution.