Secure Your Sandbox Data With Salesforce Data Mask

Here is the latest news from Salesforce:

“This week at Dreamforce ‘19, we announced Salesforce Data Mask — a new tool to help you customize, build, and test on Salesforce while protecting private data. Data Mask anonymizes and deletes private data from your sandbox environments so you can test with high fidelity substitute data and rest assured that your customers’ data is kept private and confidential.

Why do you need to secure sandbox data?

In recent years, new regulations such as the European Union (EU) General Data Protection Regulation (GDPR) and the forthcoming California Consumer Privacy Act (CCPA) require companies to evaluate their technical and organizational controls to ensure compliance. Industry-specific standards and regulations such as the Payment Card Industry Data Security Standards (PCI DSS) and the Health Insurance Portability and Accountability Act of 1996 (HIPAA) also include strict privacy and security requirements.

Data governance issues can cause significant repercussions for your business, including loss of customer trust and legal consequences, including regulatory fines. GDPR infractions alone can lead to fines of up to 4% of annual global revenues, or $20 million, whichever is greater.

With these complex privacy requirements in mind, we systematically address privacy-related systems and processes, including where private data resides, how and when it moves, and who has access to it and when. While we often think of security and compliance in the context of production software deployments, it is equally important to think about the application development process. This is where Salesforce Data Mask comes in.

Data Mask secures data in three ways

Instead of manually securing data and access for sandbox orgs, Salesforce Data Mask automatically masks private data in sandboxes. Data Mask uses a fully platform-native approach to mask private data without taking data out of Salesforce or introducing external dependencies.

Data Mask works behind-the-scenes in three ways:

  1. Anonymization — or making the data anonymous — scrambles a field’s contents into unreadable results. For example, Blake becomes gB1ff95-$.
  2. Pseudonymization converts a field into readable values unrelated to the original value. For example, Kelsey becomes Amber.
  3. Deletion converts a field into an empty data set.

Salesforce Data Mask uses nondeterministic obfuscation, meaning that you cannot unmask the data even if you try to reverse engineer the approach or use statistical inference attacks to attempt to maliciously hack the data.”