peshkova - Fotolia

Salesforce sandbox data anonymization app aids GDPR compliance

Odaseva's Full Sandbox Anonymization app ensures GDPR and CCPA compliance for Salesforce users by masking personal data in testing and training environments.

Need to scrub personal data from your Salesforce testing environment? There's an app for that.

Odaseva just launched its Full Sandbox Anonymization (FSA) application, which anonymizes all personal data that has been copied into a Salesforce Full Sandbox environment. The app will automatically mask leads, contacts, users and other data points to hide names, addresses, emails and other personally identifiable information (PII). It can also be customized to an organization's individual data anonymization needs. 

Salesforce Full Sandbox creates an exact copy of an organization's Salesforce environment so that admins can develop, test and train without interfering with their live environment. However, since these sandboxes are perfect copies, they potentially run afoul of data policy regulation like GDPR and CCPA. PII in a testing environment could pose a compliance risk, as it may be open to unauthorized or unintended access.

"For many years, the Full Sandbox was always a perfect copy, but now data policy regulation is really important to Salesforce customers," said Sovan Bin, CEO and founder of Odaseva.

Salesforce customers looking to avoid liability would have to develop ways to mask the personal data replicated into Full Sandbox environments. Building the tools and processes to automate this is possible for most enterprises, but there are initial costs of developing them and a continuous burden of maintaining them every time Salesforce updates, Bin said. Odaseva FSA is meant to solve the cost problem with its price of $2 per month per Salesforce user and the maintenance problem by automatically updating alongside Salesforce.

Screenshot of Odaseva FSA app
Odaseva Full Sandbox Anonymization lets a customer mask personal data in a Salesforce Full Sandbox instance.

The process of extracting Salesforce Full Sandbox's data, anonymizing it and then reloading it back into the test environment is complicated -- enough so that organizations that can't afford to develop and maintain a data anonymization process simply don't do it at all, said Christophe Bertrand, senior analyst at Enterprise Strategy Group. He said those companies operate under the notion that since the test environment will likely be deleted eventually and only accessed by a select, authorized group, they won't get in trouble.

"There's an immediate need in the market for something like this. Odaseva is in the right place at the right time," Bertrand said.

There's an immediate need in the market for something like this. Odaseva is in the right place at the right time.
Christophe BertrandSenior analyst, Enterprise Strategy Group

Odaseva is known for its Salesforce backup and recovery capabilities and introduced a product for long-term storage of Salesforce data earlier this year. Its compliance and data governance strategy distinguishes Odaseva from its competitors, according to Bertrand.

Odaseva FSA works well with enterprises, as it's scalable without adding complexity or needing additional development. It's similar to OwnBackup Sandbox Seeding, which has a built-in data masking feature.

"At the end of the day, Odaseva is as much a backup and archive solution as a data governance solution," Bertrand said. "Odaseva is going right at fixing the [anonymization] problem, and nobody else seems to be playing in that field."

Odaseva FSA is a direct result of GDPR, but Bertrand predicts there will be more need for data anonymization in the future. He said GDPR really kickstarted the notion that personal data is an extension of the person and should be protected, and other governments will either adopt GDPR's policies entirely or come up with similar regulations.

While Odaseva has Salesforce cornered at the moment, Bertrand pointed out there are plenty of other SaaS applications that could use a data anonymization tool similar to FSA. He thinks backup vendors will be looking more into data classification, governance and reuse in the near future, and not just for Salesforce.

Odaseva FSA is a standalone application that runs on Odaseva's platform, the Data Governance Cloud. Customers do not have to buy any other Odaseva products in order to purchase and use FSA, as the underlying platform is free of charge.

Odaseva is poised to release new offerings on the platform's marketplace on a regular basis -- roughly one new app every 4-6 weeks. The company will be focused on data privacy, and the next releases will revolve around complying with regulations beyond GDPR and CCPA, Bin said.

Dig Deeper on Storage management and analytics

Disaster Recovery
Data Backup
Data Center
and ESG