Explain what is Data Masking ?
Data masking replaces real data with functional
fictitious data so that it can be used safely in situations where actual data
is not needed.
Use Case :
Our organization holds lots of sensitive data, specifically
in the Account/Contact objects. We also use multi sandboxes for
development, and as a security step, would like to mask (de-sensitive) selected
fields once we have refreshed our sandboxes from production. This refresh
task would likely take place at regular intervals.
Ex: Email Id/Phone / Mobile / etc
Name few tools to perform data masking?
- Informatica Cloud Test Data Management
- Dataloader
- Workbench
- Dataloader.io
Problem statement using above mentioned tools ?
Manual process involved,
Ex:
Using the data loader, you can mass update the
records to remove any sensitive data. This is a manual process though, and it
will need to be done each time the sandboxes are refreshed.
Can you provide the different solutions to make this task automated?
1.Field Level Encryption: Applying
the field level encryption to the sensitive fields in production, so that the
fields would remain masked in the sandbox.
Note: There are some
limitations of this
Ex: You can’t use the
encrypted fields in SOQL “where/order” clauses
2.Vendor appexchange solution :
Ex: OwnBackup
Note : Paid one
3.SandboxPostCopyInterface : To make your
sandbox environment business ready, automate data manipulation or business
logic tasks. Extend this interface and add methods to perform post-copy tasks,
then specify the class during sandbox creation.
Note : I can say,This option is the best solution
How to automate data masking using "SandboxPostCopyInterface"?
Step 1 : Create an Apex class that
implements SandboxPostCopy
Step 2 : At sandbox creation, Specify above Apex class as per below image
It is a build Vs. buy kind of decision. There are products that can do this. there are back-up kind of products that can do this, usually, they are expensive but if you have a back-up requirement, then it is worth the investment. The other products are based on Sandboxpostcopy. Cloud Compliance(https://appexchange.salesforce.com/appxListingDetail?listingId=a0N3A00000FADZgUAP) is one such product. It is metadata drive with a very point and click interface and has the capability to de-identify any object/field. There are a variety of masking options, so you should be able to make it work for you.
ReplyDeleteHope this helps. Thanks Rahul
Hi, in my understanding odaseva (https://appexchange.salesforce.com/appxListingDetail?listingId=a0N3000000B4Be3EAF) can answer you needs with Full Sandbox Personal Data Anonymization Application: https://www.odaseva.com/newsroom/sandbox-personal-data-anonymization/.
ReplyDeleteFeel free to reach me if you need further information.
Hi Deepika..According to your experience how efficient the option that you suggested ..Do you have any measurement in terms of volume vs time taken to complete the masking?
ReplyDelete