Business
Context
In today’s world, securing customer data is
one of the most critical aspects considering various compliance, regulations &
strict data privacy rules. From application security standpoint, even when
proper security setup is done using OWD, role hierarchy, sharing rules etc.
there is one critical question that always remains alive – how if any user is enabled
any additional access over customer data than the intended access? There are
multiple mechanisms with which it can be ensured that this will never happen in
Production, but this could be quite possible that other actors e.g. Developer,
Tester, External User in Sandbox environment might get additional access over customer
sensitive data which is replicated from Production (e.g. full copy, partial copy sandbox data
replication).
What is
Data Mask?
And that is the right context
when Data Mask - Salesforce’s one of most recent security related product
offerings should be used. This feature enables to mask or delete data in
sandbox environment where above mentioned actors could be
provided additional access and thus gain access to sensitive data (e.g. PI, PII
etc.).
With this, we get three options
regarding masking
- Anonymization (i.e. masking fields values into
unreadable values e.g. Jag becomes 9$jstktreW),
- Pseudonymization (i.e. masking fields values
into readable but unrelated values based on library that comes as part of
managed package of this product offering e.g. Anik becomes Sunil)
- Deletion (i.e. nullifying field value)
At high level, there are two
parts of it the way it works
- Configure masking policies (i.e. the options
mentioned above)
- Execute the configuration to mask data
In
which part of the application development life cycle this should be used?
As mentioned above this is
applicable to mask sandbox data. Best practice is to have it configured in
production, so when sandbox is refreshed the same configuration flows down in
sandbox environment where accordingly data is masked by admin. Also, configuration
can be done in Sandbox environment as well and then the same can be executed to
mask the data.
How
it is different than Platform Encryption?
I think this is a very common and
interesting topic while talking about Data Mask. But it has a very simple
straight forward explanation – however both of them to secure customer data, the
objective of this two features are different - while Platform Encryption
encrypt customer data while it is stored in Salesforce data store (i.e. encryption
at rest), it does not mask data at ‘view layer’ i.e. when user with proper
access views the data the same is displayed in its original value – but Data
Mask scramble /delete the entire value of field so when the same is viewed by
user they don’t see its original value ever.
N.B. Classic encryption has in
built masking feature; however, it has limitation over encrypting any standard
fields. Review difference of classic vs platform encryption in detail
Considerations
·
While Platform Encryption is used because of
security privacy related need, considering Data Mask is very much relevant.
·
Some fields are not supported by Data Mask. Any
alternative should be devised in case of possibility of data breach.
·
As of date, the automated data masking at the
time of sandbox refresh is not available i.e. when sandbox is refreshed from production, data which is copied over (in case of full copy) to sandbox is not masked automatically based on masking configuration defined (however the same masking configuration flows down automatically).
Reference
https://success.salesforce.com/sessions?eventId=a1Q3A000021ea1UUAQ#/session/a2q3A000002BJQNQA4
https://trailhead.salesforce.com/en/content/learn/modules/salesforce-data-mask
