Data masking or data obfuscation is the process of hiding original data with modified content. The main reason for applying masking to a data field is to protect data that is classified as personally identifiable information, sensitive personal data, or commercially sensitive data.
Data masking is the process of replacing sensitive information with fully functional, dummy data when data is copied from a production environment to a non-production environment.
Why Secure Sandbox Data?
In recent years, expansive new privacy regulations such as the European Union (EU) General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) require companies to make technical and organizational changes to their security practices to ensure compliance. These regulations affect nearly every Salesforce customer.
In addition, industry-specific regulations such as the Payment Card Industry Data Security Standards (PCI DSS) and the Health Insurance Portability and Accountability Act of 1996 (HIPAA) include strict privacy data protection.
Noncompliance and data breaches can result in total loss of customer trust and severe financial and legal consequences, with fines of $5,000–$100,000 per month until a company achieves compliance. GDPR infractions can lead to even larger fines of up to 4% of annual global revenues, or $20 million, whichever is greater.
The Challenge of Securing Sandbox Data
Sandbox environments can contain personal information (PI) and personally identifiable information (PII). PI and PII data include the names of customers, employees, phone numbers, email addresses, physical addresses, Social Security numbers, credit card, and banking details, compensation information, general secrets, and more. Because sandboxes are typically used for development and testing, a larger group of developers, employees, and contractors that can’t typically access production environments might need to be given access to sandboxes. Managing sandbox data privacy often is an afterthought and if implemented can be time-consuming and difficult.
Without special tooling for sandbox data, Salesforce administrators and developers spend considerable time and resources securing full and partial sandbox data. They do so to ensure that the sensitive data in production is carefully controlled as data is replicated from production to sandbox environments.
There are multiple tools available for data masking, you can use 3rd party tools which do the data masking like Datapilier of Flosum etc.
You can also use the Data Masking manage package to mask the data.
Data Mask Manage package-
Salesforce Data Mask is a powerful resource for Salesforce admins and developers that masks sensitive data in sandboxes.
How Does Data Mask Work?
Data Mask is a managed package that you install and configure in an Unlimited, Performance, or Enterprise production org. You then run the masking process from any sandbox created from the production org. The masking process lets you mask some or all sensitive data and ensures that the data is not replicated in a readable or recognizable way into another environment. Data Mask uses nondeterministic obfuscation to prevent reverse engineering or statistical inference attacks from de-obfuscating the newly rendered data.
Once your sandbox data is masked, you can’t unmask it. This process does not affect your production data, so if you change your mind, you can always refresh the data from production and create a new sandbox org. After you configure Data Mask, you can mask data sets as often as needed.
As the sandbox data is masked, previously determined objects and fields undergo a transformation from sensitive, readable sandbox data to obfuscated data.
Install the Data Mask Managed Package
Configure Masking-You can configure the masking in one of two ways:
Configure it in production, then when a sandbox is created or refreshed, the configuration appears in the sandbox. Or,
Configure the masking in an existing sandbox.
Give the mask a name, API name, and description. Then, you can choose whether to mask case comments or delete all emails and Chatter feeds.
Select the Data to Mask and run
No comments:
Post a Comment