There's a moment most QA leads and engineering managers recognize. The sprint is planned, and the automation framework is ready. Then someone asks: " Where's the test data coming from?
And the answer, in organizations large and small, is usually some version of: we'll take a copy of production.
It's the path of least resistance. Production data is real, comprehensive, and already available. Why generate something when you can just copy it? The logic is understandable. The problems it creates are not always immediately visible, but they accumulate, and eventually they become impossible to ignore.
How the workflow actually plays out
Taking a database copy for testing sounds straightforward. In practice, it rarely is.
A full system copy means spinning up an environment large enough to hold the entire production dataset, which for enterprise systems can run into terabytes. Then there's the subsetting process: cutting the data down to something manageable for testing, usually by hand or with custom scripts written years ago and now nobody fully understands. Then masking: identifying and anonymizing the sensitive fields before the data can be shared with the test team. Then, validating that the relationships still hold after all that cutting and masking. Then, fixing the ones that don't.
By the time a test environment is actually ready, days or weeks have passed. And the moment production changes (a schema update, a new configuration, a fresh batch of transactions), the copied environment starts drifting out of alignment. The next refresh kicks off the same cycle again. Full database copies also carry significant storage costs: maintaining multiple non-production environments from production copies can consume as much storage as the production system itself, often far more.
For teams running continuous delivery or frequent release cycles, this simply doesn't fit. The data preparation and development timelines are moving at completely different speeds.
The compliance problem hiding in plain sight
Beyond the time cost, there's a more serious issue that often doesn't get the attention it deserves until something goes wrong.
Production databases contain real personal data: customer names, addresses, financial records, employee information, and health data. When that data is copied into a test environment, it becomes accessible to developers, testers, contractors, and integrated tools that would otherwise have no access to production systems. The access controls are typically weaker, the monitoring less rigorous, and the number of people who can touch the data considerably higher.
Manual masking helps, but it's inconsistent. Fields get missed. New data types are added to production schemas, and nobody updates the masking rules. Contractors work with data that shouldn't have left production. None of this is visible until an auditor asks questions or, worse, until there's a breach.
Cumulative GDPR fines since 2018 have now reached €5.88 billion according to DLA Piper's 2025 GDPR survey, with enforcement active well beyond the technology sector into banking, healthcare, and energy. The risk profile of copying production data into test environments has changed considerably. Treating it as a routine, low-risk operation is no longer defensible.
Stale data and the coverage gap
Even when a copied environment is set up correctly and masked properly, it has a shelf life.
Production data reflects a specific moment in time. The longer a test environment runs on a static copy, the further it drifts from current production conditions. New product configurations, updated pricing rules, and recent customer records are not reflected. Tests that pass against stale data can fail against the real thing, and edge cases that only appear in recent transaction patterns go untested entirely.
For teams working on complex systems with frequent configuration changes, this is a meaningful coverage gap. The tests look thorough. The data underneath them isn't keeping up.
There's also a volume problem. A production copy contains everything, including data that's irrelevant or counterproductive for testing. Sorting through it to find the right records for specific test scenarios takes time. Building targeted datasets, the kind that cover specific edge cases or regulatory scenarios, is difficult when you're starting from a copy of everything rather than generating exactly what you need. Test data has become a blocker when it should be a foundation: something that enables testing to move faster, not something that holds it up.
Why this matters more as systems get more complex
The system-copy approach was developed when enterprise architectures were simpler, and release cycles were slower. Both of those things have changed.
Modern software environments span multiple systems: core databases, CRM platforms, ERP systems, cloud services, and third-party integrations. A single business process might touch five or six of them. When each system's test data is copied and managed separately, the data doesn't align across the chain. IDs don't match. Dates are out of sequence. Integration tests break for reasons that have nothing to do with the application code, and diagnosing them takes longer than it should.
Meanwhile, the shift towards CI/CD and continuous testing has fundamentally changed what teams need from test data. Pipelines run frequently, sometimes multiple times a day. Waiting days for a refreshed environment copy isn't compatible with that cadence. The data layer needs to move at the speed of the pipeline, and a manual, copy-based approach cannot do so. Teams treating test data as code, versioned, automated, and integrated directly into delivery workflows, are finding they can run more regression cycles, test more scenarios, and catch more defects before they reach production.
A different way of thinking about test data
The organizations moving away from system copies aren't replacing them with nothing — they're replacing them with a fundamentally different model: test data that is generated and provisioned on demand, rather than copied and manually maintained.
Instead of taking everything from production and cutting it down, the approach starts from what tests actually need: production-realistic data, with the right relationships intact, masked by default, and available in minutes. It integrates directly into CI/CD pipelines, so environments are refreshed automatically rather than on a manual cycle. And it generates data that covers edge cases and specific scenarios that a production copy might never contain.
The compliance posture is also different. Rather than masking being a step that happens after the copy — and that can be skipped or done inconsistently — privacy protection is built into how the data is created. There's no window in which real personal data exists in a test environment, because real personal data was never used to build it.
This is the model that Synthesized is built around. By automating data generation, masking, and provisioning through an AI-native platform, Synthesized provides engineering and QA teams with production-realistic test data on demand, without the storage overhead, compliance exposure, or manual effort that system copies entail. Organizations using Synthesized report up to 99% storage savings compared to full database copy approaches, and delivery cycles that run up to 70% faster as a result of removing the test data bottleneck.
Ready to move beyond the system copy? Book a demo and see how Synthesized helps engineering teams get the right test data, faster, without the risk.