Protect your Sensitive Data in Sandbox
For a long time, the core concern from a corporate governance perspective is that the information contained in the non-production environments typically used for testing and development purpose is not security cleared. Most of the times the data is not properly treated when cloned from the production environment to replicate into the non-production environments (sandboxes). This practice represents a security vulnerability where data can be copied by unauthorized personnel and security measures associated with standard production level controls can be easily dodged. This represents an access point for a data security hole. While production environments are often scrutinized for privacy leaks and security, sandbox environments are sometimes lower priority because they’re used only for testing and/or development. However, developers and/or contractors who are working in sandboxes could have access to data that would otherwise be restricted in production. Besides, new privacy regulations such as the European Union (EU) General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) require companies to evaluate their technical and organizational controls to ensure compliance.
The overall practice of Masking Sensitive Data at an organizational level should incorporate processes for the distribution of masked test data subsets. Therefore, we’ve designed ‘Mask Sensitive Data’ application for masking sensitive data field in a Sandbox environment. These fields can contain personally identifiable information (PII), company sensitive data or any other personal customer data. It is quite common to have obfuscate data that is represented outside of a production system, in other words, where data is needed for application development, building feature extensions and conducting various test cycles. Now with the help of our app, masking your enterprise data from the production systems, to fill the data component, required for these non-production environments would be a piece of cake.
Mindful of complex privacy requirements, Mask Sensitive Data the app offers you a lot of customization options in form of custom metadata types to control the length and pattern of masking for different data types, configure the objects and fields that need to be masked or blanked and delete the field history so that we do not leave any trace of the production data into the sandbox. The masking is irreversible but since the application is only programmed to mask in a Sandbox environment (to avoid accidents in production), you can always go ahead and refresh sandbox again to get your data back as it was.
You can initiate the process separately in a Sandbox environment or you can mention the class ‘MaskSensitiveData’ while creating or refreshing a Sandbox from a production which will run a post copy script to automatically Mask Objects and fields defined in the custom metadata configuration. However, we recommend you to trigger masking in the Sandbox manually.
Our app process the data 100% natively within your org and it is capable of handling large production data sets and supports masking of all data types in Salesforce. It also comes with full auditing to track you masking jobs and also get a detailed report for the on-going, aborted and finished process and the errors during the process and also the fields that couldn’t be masked and the ids of the records failed, so you can manually mask them later. Our app will also notify of the process results to the running user along with any other email (that you can configure) of the process summary.
And as a bonus, we also offer you a stand-alone feature which is part of this application to ad-hoc mask any Spreadsheet data (CSV/Excel file) and download the masked version of that file, again the columns that need to be masked and pattern for different data types being configurable. You can also copy any comma or tab-separated text and get the masked result back available for you.
Your org’s Data security is not something to brush aside. Mask Sensitive Data app protects your confidential data so that you can carry on development and/or testing without worrying about your sensitive data being compromised.