Data Masking in Salesforce:
Why data masking?
>>To meet/adhere to regulatory & customer requirements for data privacy and security.
Currently Available Privacy regulations/Industry standards?
European Union’s (EU) General Data Protection Regulation (GDPR)
California Consumer Privacy Act (CCPA)
Payment Card Industry Data Security Standards (PCI DSS)
Health Insurance Portability and Accountability Act of 1996 (HIPAA)
Non-compliance/Data breaches?
loss of customer trust and severe financial and legal consequences
fines of $5,000–$100,000 per month until a company achieves compliance
GDPR infractions can lead to even larger fines of up to 4% of annual global revenues, or $20
million, whichever is greater.
How salesforce addresses these security standards?
Salesforce systematically addresses all privacy-related systems and processes
including where sensitive data resides,
how and when it moves, and
who has access to it and when
what about Salesforce Sandbox environment?
While production environments are continuously scrutinized for security or privacy leaks, sandbox
environments are sometimes lower priority because they're used only for testing and development.
However, developers or contractors who are working in sandboxes could have access to data that would
otherwise be restricted in production.
Why secure Sandbox Data?
Sandbox environments can contain
Personal information (PI) and
Personally identifiable information (PII)
PI and PII data includes the names of customers, employees, phone numbers, email addresses, physical
addresses, Social Security numbers, credit card and banking details, compensation information, general
secrets, and more
Are there any Salesforce Tools to handle Sensitive data?
Without special tooling for sandbox data, Salesforce administrators and developers spend considerable
time and resources securing full and partial sandbox data. They do so to ensure that the sensitive data in
production is carefully controlled as data is replicated from production to sandbox environments.
What is Salesforce Data Mask?
Salesforce Data Mask is a powerful resource for Salesforce admins and developers that masks sensitive
data in sandboxes. Data Mask delivers different levels of masking to help keep your sensitive production
data private. You can replace sensitive data in your sandboxes with random characters, with similarly
mapped words, or eliminate it. With Data Mask, customers don’t concede the rights and privileges
associated with the privacy and confidentiality of production data when it’s replicated in a sandbox.
How Does Data Mask Work?
Data Mask uses platform-native obfuscation technology to mask sensitive data in any full or partial
sandboxes. You can configure different levels of masking, depending on the sensitivity of the data.
How Data masking is different from data encryption?
Data masking prevents developers or other users from viewing sensitive data in the user interface or
exporting it as plain text. Data encryption prevents malicious attackers from accessing or interacting
with sensitive data at rest in the data center.
What is data obfuscation?
Data obfuscation is a way to modify and ensure privacy protection for PI and PII data. You can mask a
field’s contents by replacing the characters with unreadable results. For
example, Blake becomes gB1ff95-$. Or you can convert a field into readable values that are unrelated to
the original value. For example, Kelsey becomes Amber.
How to install, configure, and use Data Mask?