Resources Blog

How to Protect Salesforce Sandbox Data


Jul 30, 2021

Salesforce sandbox

By Francois Lopitaux, Chief Product Officer at Odaseva

Data in Salesforce sandbox environments can be an overlooked vulnerability with serious consequences. If you don’t take measures to protect Salesforce sandbox data, then you’re leaving yourself vulnerable to a data compromise.

I recently discussed this topic during the webinar, “Sandbox Data: The Hidden Risk” with my colleague Clémence Dumas, Product Marketing Manager at Odaseva. You can watch the full replay of the webinar here, and I have recapped some of the highlights below. If you have more questions about protecting Salesforce data in your sandboxes, you can request a demo with our team here.

What are the different types of Salesforce sandboxes?

There are four different types of Salesforce sandboxes that employees, contractors, and/or partners utilize throughout the process of building, testing, and releasing code. Depending on the sandbox you’re using, the amount of data it contains can range from a small amount to 100% of your production data.

The four types of Salesforce sandboxes are:

  1. Developer sandbox: A sandbox used during the initial stages of development.
  2. Developer Pro sandbox: A larger sandbox where development is done in a common environment.
  3. Partial sandbox: A partial copy of production environment where code is tested using real production data.
  4. Full sandbox: A complete copy of production data, used for training, final testing, and release.

Source: Salesforce

As you can see, a lot of people have access to sandboxes with production data in them! Depending on your organization, this data can contain confidential information like social security numbers and credit card numbers, which you must protect against data breaches.

How can you ensure privacy requirements in Salesforce sandboxes?

Data privacy regulations like GDPR and CCPA apply to sandboxes too. There are steps you can take to ensure that your Salesforce sandboxes are compliant:

  1. Define a clear sandbox manager: This role is responsible for all aspects of the sandbox including who has access.
  2. Define specific permission rules: Not everyone needs to have full access to the sandbox, so the sandbox manager defines specific rules of access. For example, developers need a high level of access in order to do their jobs, but someone who is running a training session doesn’t don’t need to access everything.
  3. Encrypt sandboxes with Salesforce Shield: protects data at rest.

By implementing these three steps, your Salesforce sandboxes are as protected and secure as production environments. 

But sandbox data protection doesn’t end there. A wider range of people need to access sandboxes such as third-party developers (whereas production environments are typically only accessed by end users).  These people still have access to your organization’s sensitive information even if they have the appropriate level of permission. Therefore, limiting access is only part of the solution.

That’s where sandbox anonymization comes in, to provide an extra layer of protection.

How can you anonymize Salesforce sandbox data?

There are tools that allow you to anonymize the data in Salesforce sandboxes without compromising testing and development. For example you can replace the sandbox data for an email address with different characters, while still retaining the “[email protected]” format so that it’s recognizable as representing an email address.

Before you start using sandbox anonymization tools (such as Odaseva Sandbox Anonymization) you should first reach out to others in your organization such as the legal department, your Data Privacy Officer, and the Center of Excellence to learn what aspects of data are important to them. Find out what data is private, what needs to be deleted or anonymized, etc. Then use these findings to define anonymization rules specific to your organization. This enables you to anonymize data while keeping it meaningful for development and innovation.

The end result is that you have relevant data in your Salesforce environment to test and innovate with, while also protecting customer data against a breach.

Recap: the three steps to ensure Salesforce sandbox data security

Now you know that Salesforce sandboxes contain production data, which means that it’s just as critical to protect them as production environments. Security and confidentiality shouldn’t come at the expense of development and innovation, so get the tools you need to help you protect sandbox data while keeping it meaningful. These three steps will ensure Salesforce sandbox data security:

  1. Secure access to sandboxes and define managers: Secure access to all sandboxes the same as you would to a production Org
  2. Understand the privacy and development needs: Talk to the different parties within the company to find out what data is important
  3. Implement a sandbox anonymization strategy: A Salesforce Sandbox anonymization tool can protect data even further while keeping it meaningful for testing and development

Ready to learn more and get started protecting your Salesforce sandbox data? You can watch a demo in the “Sandbox Data: The Hidden Risk” webinar replay here, or request a personalized demo today.

Close Bitnami banner