Do you have test-bed or staging systems that hold real corporate data? As this article from a couple of years back points out, sometimes using real data for testing is unavoidable because the software doesn’t work with fake data:
http://h30499.www3.hp.com/t5/Following-the-Wh1t3-Rabbit-Down/What-We-re-All-Forgetting/ba-p/2408011
However, having real data on those test systems increases your exposure to security risks. This more recent follow-up article discusses how that can work in a real security breach, and why it’s so important to make sure that non-production systems are protected to the same extent as the production systems, as well as tips and techniques for addressing this problem:
