Salesforce Sandbox Data Mask for Add-on Security and Sandbox Refresh Process

Lst updated on
March 16, 2020

When it comes to data security, Salesforce sandbox Data Mask is a mighty tool, which is largely used by the Salesforce developer and admins lately.

Unlike manually securing the data and access control to the data and sandbox orgs, admins and developers can now use the Data Mask in order to mask the Sandbox data automatically.

Masking will enable the developers and admins to mask the most sensitive data in the sandbox like PII (Personally Identifiable Information) or sales figures etc. in a typical corporate development environment, it is important to ensure the confidentiality of data and accessibility to it.

In the modern Salesforce toolset, Data Mask is using some obfuscation platform-native technology in order to mask the most sensitive data sent in partial or full sandboxes. Such a masking methodology will let you mask the data with varying levels of masking based on the sensitivity and criticality of data.

Once if your sandbox data gets masked properly, it is impossible to unmask it. As it is an irreversible process, it will further ensure that the data doesn't get replicated in a recognizable or readable way into a different environment.

Doing it properly will not affect your production data. So, if in case you change your mind later, it is always possible to refresh the data from the production and then create another fresh sandbox org.

Different level of data masking

As we have seen above, you can custom configure various levels of data masking based on the data sensitivity as:

  • Replacing private data in the sandboxes with some random characters.
  • Replacing private data with the help of mapped words.
  • Delete the most sensitive data.

While using data masking, it is mostly recommended that you mask those fields which specifically contain PII and other such sensitive data.

A typical Data Mask can various delivery levels of masking in order to help keep your sensitive data private and secured in the sandbox. It is possible for the administrators to replace the sensitive data in the sandboxes using some random characters and replace data with mapped words or to eliminate it fully.

Installing managed packages

Primarily, Data Mask remains as a managed package which you can install in the production org. You can further run the masking process from any random Salesforce sandbox, which is created from production org.

To install Data Mask, one must first enable the corresponding features in the production org and then set the user permissions. On getting the package appropriately installed, Salesforce can further upgrade the packages automatically when new features and bug fixes are available.

Creation and configuration of Data Mask

The users can configure masking in a couple of different ways. You may configure it in the production, and then while a sandbox gets created refreshed, you can find the configuration appearing in the sandbox. Second, you can also configure masking in the existing sandbox.

While the data mask package gets installed in the production org and configured accordingly, data masking can be run only in the sandbox orgs. It will further ensure that the data in production org is not getting masked accidentally.

While the configuration is done, the users can then start to mask the sandbox data based on your preferences. Just run the mask every time you try to replace the data or delete data in the sandbox.

Salesforce Sandbox refresh

If you function as a developer or admin on Salesforce, then you may also know the fact that Sandboxes act as the most integral part of the development and deployment.

In this, Sandboxes may help the users to develop as well as test the applications in a controlled environment by avoiding any direct impact on the real production environment.

So, while dealing with the most complex projects, a well thought out refresh strategy for the sandbox is very crucial to ensure the manageability of projects and proper implementation.

This becomes more critical as the org gets more complex and also as you have a lot more custom code with many restrictions around the PII data compliance.

The Sandbox templates will let you pick some objects and specific data to copy full or partial copy sandboxes to control the size of the sandboxes. Such templates are made available to work with only Full and Partial Copy sandboxes.

However, the selection of the Sandbox type if largely dependent on the purpose in hand, the volume of data, and the need for periodic refreshes.

 Considering all these, developer, as well as developer pro sandboxes, are also used mostly in development, unit testing, and training whereas partial sandboxes are mostly used for integration testing, and Full sandboxes primarily for integration testing, load testing, user acceptance testing, performance testing, and staging.

Critical things to consider in Sandboxes refresh.

Never plan sandbox refreshes during the Salesforce release dates as spring, summer, and winter releases. Always look for recommendations in order to plan for the full copy sandbox refresh completion for about 48 hours as the refresh timing is primarily dependent on salesforce Queue as well as the volume of data.

Building the Sandbox templates may further depend largely on the business requirements for the refreshes if there are multiple lines of business by using a single Salesforce org. Also, don't do any sandbox refreshes during development times. It would further increase the overall effort and complications for the development team.

Also, always create read-only users if you want to involve the external consultants and developers into the production, for which you may have to create it each time after a sandbox refresh.

This way, once you refresh the sandbox, one can update it easily in the sandboxes in order to give them further access as and when needed. Without this in place, you may have to recreate such users further each time when you want to provide access, which is a lot of work and a big waste of time. As an admin, using such tips for effective sandbox refreshes will help you to save a lot of time and money.

Reach us for all your network security concerns and solutions- MedhaHosting

Need help with deployments, consulting, support, migration planning, or proof of concept?
Get Free Consulting
Microsoft 365 Migration Form

I would like to send my contact information to MedhaCloud so that MedhaCloud can share additional information about products, services, thought leadership and invitations to flagship events with me by email. *

By submitting this form, I acknowledge that someone from MedhaCloud will contact me via email or phone to discuss my request.

Related Article

View All
chevron-down linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram