Salesforce data masking

Protect customer data in Salesforce sandboxes

As an organization you want to take care of your customers and their data. They trusted you with it so you need to ask yourself: “What do I need to do to protect my customer’s data?” Specifically, how can you ensure that your Salesforce data sandboxes are anonymized for testing and development purposes? However, it’s crucial to keep certain considerations in mind, as modifying sandbox data can impact those who work with them, including analyzing, testing and developing.

In most organizations, multiple copies of production data are created for lower environments such as development, test and acceptance. However, security requirements often dictate the need for anonymization or masking of sensitive data in these copies. But this impacts the people working with (and having access to) these environments as the original data used for development and testing is altered or replaced. Fortunately, there is a solution.

By utilizing a dedicated environment you can replicate your Salesforce data at any given point in time and mask or anonymize this – what we call it – “Test Data Master”. From this masked source, you can then provision data in various ways, either through automated or on-demand processes, streamlining your data provisioning workflows.

Salesforce data mask challenge

In Salesforce, users or teams can create sandboxes for specific environments like development and testing. These sandboxes need to be populated with data. One commonly used but controversial method is making an exact copy of production data into a sandbox, including both functional and technical aspects. Essentially, this creates a second production environment. However, this may not be an ideal approach, as it exposes developers to customer details that should be protected.

To address this issue, a more efficient data provisioning method is needed. This involves leveraging data masking or data anonymization techniques to protect sensitive customer data while populating sandboxes. This ensures that developers and testers have the necessary data for their workflows, while adhering to data protection and compliance requirements.

The solution

In collaboration with our trusted partner, Valori, we have developed a comprehensive solution to safeguard customer data during development and testing activities. Valori has been our training and implementation partner for many years, with a proven track record in testing and quality assurance, ensuring that software delivered meets the expected value. Test Data Management is one of their core areas of expertise, and they use a combination of DATPROF Runtime and DATPROF Privacy to create a powerful package.

With this solution, we can read all the information in the Salesforce environment, whether it’s production data or a full copy of production. We then create a one-on-one copy inside a separate environment, which we refer to as a ‘DATPROF environment’. This environment is treated with the same level of security and compliance as production data. The resulting copy is a normal relational database that can be modified with DATPROF Privacy scripts to anonymize the data effectively. Once the data is anonymized, it can be sent back to the Salesforce environment, creating a functionally and technically intact copy of production with protected customer data.

This solution ensures that customer data is safeguarded while providing developers and testers with the necessary data for development and testing activities. With the ability to create anonymized copies of production data, our solution empowers organizations to meet their data protection requirements and confidently carry out development and testing activities.

Multiple sandboxes

But what if you have several teams and you want to create several sandboxes or you need to maintain multiple environments? Many organizations follow the DTAP (Development, Testing, Acceptance, Production) approach, where their development, testing, and acceptance environments are connected. However, by default, Salesforce only allows you to create one full copy of production. So how do you get the data to the other environments?

Thanks to the intelligence of our solution, it’s not only possible to send the anonymized data back to the original source, but also to other sandboxes. Imagine that you’ve extracted all the information from the production environment, you’ve created this anonymized data set and you have three environments to provision… With DATPROF Runtime, you can easily create pipelines for provisioning multiple sandbox environments with this new dataset. For example, you can create three pipelines to provision three sandbox environments, ensuring that each developer or tester has their own isolated environment without disrupting the chain of environments or impacting other tests or team members. This streamlined approach greatly benefits the development, testing, and overall working speed of your teams.

Functional Integrity

Thanks to the collaborative efforts of DATPROF and Valori, we were able to create a comprehensive solution for Salesforce. During the initial implementation by Valori at the customer’s site, we encountered a challenge that went beyond just anonymization and subsetting of data within Salesforce.

A crucial aspect for the successful implementation was ensuring the functional integrity of data between the Salesforce application and other applications in the chain. Specific processes required end-to-end testing that involved both Salesforce and another system. This necessitated the need for functional integrity of data across both systems. Valori made necessary modifications to the solution to enable data anonymization and subsetting for both systems simultaneously, ensuring data integrity throughout the chain.

Summary

In conclusion, the solution presented above and demonstrated in the video allows for data reuse from the Salesforce production environment while ensuring data anonymization. Whether you need one or multiple sandboxes, this solution can accommodate your needs. Additionally, you can seamlessly connect your Salesforce data with other platforms such as SAP, Pega Platform, or custom applications, and sync the data across these systems. With this solution, data masking in Salesforce has never been easier, providing enhanced data security for your organization.