Governing Your Salesforce Data in Your On-Premise Database

It is conventional wisdom that most data security breaches come from within. What this means is that some internal staff member has access to the database, can run queries against that database, and can take the data and do malicious things with it.
Sky with sunrise in the distance and clouds

But what if the data was not human-readable? Or, phrased differently, what if the data was human-readable to those who are authorized to see human-readable data, but gibberish otherwise? In that scenario, a malicious internal employee may have physical access to the database, may be able to connect remotely to the database, or may be able to run queries against the database, but will be powerless to do anything malicious with it.

This is encouraging. No matter how hard a business tries to protect against these data breaches, someone, somewhere is trying to pull the data and make a quick buck. Or someone, somewhere, is just hostile enough that they want to put the hurt on their employer – possibly by setting the employer up for lawsuits or a damaged reputation.

Capstorm is in the business of backing up and restoring your Salesforce data. It is also in the business of protecting that data too. Data protection is synonymous with data governance. But let’s talk about the first part – backing up and restoring your data – for a brief moment.

A Disaster Recovery Plan Plays A Big Part in Governance

Any CTO/CIO worth their weight in salt will have a disaster recovery plan for their data, which very likely includes their Salesforce data too. Without that plan, nobody in the company can sleep well at night — literally, nobody. From the CEO down to the receptionist, and with the growing reliance on Salesforce to run your business, it is an extremely high priority that you can recover from data loss or corruption.

Data Corruption and Data Loss Go Hand-in-hand

Let’s talk about data loss and data corruption. Because we’re not talking about the grid going down (well, now that I think about it, that’s becoming more of a concern lately), nor are we talking about some disk drive on some Salesforce server failing (it happens all the time, but most high-octane SaaS model companies, such as Salesforce, have enough redundancy to compensate for these kinds of catastrophic failures), nor are we talking about dropping a bit in the network traffic (TCP/IP does a pretty good job of compensating for that too.) Let’s just estimate that the probability of these kinds of failures is one in a million (it’s much safer than that, actually, but let’s use that number for argument’s sake.)

So exactly what can go wrong that a CTO/CIO should worry about? Well, it’s a plain fact of life that companies don’t stand still. They either grow, or they die. So most companies take their investment in the Salesforce platform and try to do more interesting things to remain competitive in their respective markets. “Doing something interesting” very likely implies some customization to their Salesforce environment. It might mean adding some new objects, some new fields on existing objects, some new formulas, some new reports, some custom scripts that mass update records in the Salesforce database, and more. What could go wrong? Lots!

Production Failures Can Happen to Anyone

Customization implies code. Someone is writing that script. Or that formula. Or the report. Or mucking with the data model. Someone forgot that changing a data element triggers the re-calculation of other data elements that were not intended to be updated. And all of these activities are done by who? That’s right. People. And people are imperfect. With the sincerely best of intentions, people are prone to error. Scripts have bugs. Evolving data models can wreak havoc. Not to mention someone is pouring coffee over their keyboard and wiping out their entire database of Accounts and then purging the Recycle Bin as they clean up their mess. 

Even with incredible levels of testing in a Sandbox, there’s a finite probability that some newly introduced feature in your Salesforce Production organization will cause issues. Issues that you wish you could recover from. That finite probability, however small, is not zero. Again, for argument’s sake, let’s say it’s one in a thousand. Not an unreasonable number, by the way.

So, according to this seat-of-the-pants analysis, you are one thousand times more likely to introduce a Production failure than the “traditional” computing environment failures. It’s actually way higher than that, but, again, this is all seat of the pants. And if it was your son or daughter in high school who wrote those scripts, the number just jumped much higher.

Are you sweating yet?

Not if you have a good disaster recovery plan. Check that, not if you have a well-tested disaster recovery plan. Here’s my challenge to you – simulate a catastrophic loss or corruption of data in a clone of your Production organization (emphasis on clone.) You are sitting on 50 million records across your Account, Contact, Opportunity, and other objects. That’s 50 million corrupted or missing records. What are you going to do?

CapStorm Solutions Mean Faster Recovery

If you’re a Capstorm customer (and this is where I put my sales hat on), you relax. You know you’re in good hands, and with a push of a button and after a few seconds to minutes, your Salesforce organization is back to where it was prior to the disaster. Think that’s achievable with our competitors’ disaster recovery products? Think again. If I handed you a stack of CSV files of those 50 million records and told you to have at it, where do you think that would leave you? Sure, you might get the job done after a few tries. But each iteration will take you days to weeks, if not weeks to months, to complete! Not what we call in the industry – “a happy path.”

But it’s not just about disaster recovery that you are copying your Salesforce data down to your on-premise database (you are using CopyStorm for that, right? If not, run, don’t walk, to learn more about CopyStorm.) There are other fun things you can do besides sleep better at night. Affordability aside (Salesforce ain’t cheap), there’s flexibility too. Having your data in your database to do whatever you want with it lets you do all sorts of downstream reporting, analysis, machine intelligence (what don’t I know?) and more. The tools and technologies becoming available for you to play with are constantly growing.

Which brings us full circle back to the beginning of this article. You’ve realized that CopyStorm is the industry’s best software for pulling Salesforce data down to your on-premise database (you choose the database type, by the way.) You’re now sitting on a treasure of data, ready to seek out new life and new civilizations and boldly go where no man has gone before.

CS:Govern – Your Data Obfuscation Sidekick

Then you suddenly realize that a lot of that treasure includes some pretty confidential data elements that only a select few employees should be able to see. No worries, Capstorm’s CS:Govern software allows you to pick as many or as few objects and fields that you wish to make human unreadable such that only those select employees can see that data.

I know what you’re thinking. Is it too late? I’ve already got my 50 million records in my on-premise database. Now I want to Govern a handful of the object fields. Am I too late? Nope! CS:Govern will let you whip through all that data and will mask the specified data elements according to your rules. And it can do this behind the scenes, even when a copy is running and pulling new data!

What if my machine crashes halfway through this process? Now I have partially masked data, and partially human-readable data. Am I in trouble? Nope! CS:Govern is intelligent enough to pick up where it left off and finish the job. Just let it finish what it started, and you will be good to go.

CS:Govern works side-by-side with all of CopyStorm’s sub-systems, including the Snapshotting sub-system (a snapshot of your entire Salesforce data at a point in time), and the Chunking sub-system which breaks large Salesforce documents (no size limits) into chunks that can fit into your database’s columns. Yup, we can Govern your Salesforce attachments and documents too.

Access to the human-readable data is as simple as clicking a checkbox in the CS:Govern UI which maps a database user or role to one or more compliance categories. Out of the box, CS:Govern mirrors the Salesforce compliance categories – but you can always change or add new ones. When restoring data back into Salesforce, for whatever purpose, you can elect to keep the Governed data masked, or to decrypt those object fields back to human-readable form. As is true of all of Capstorm’s products – it’s your data, do what you want with it.

Unless you’ve been living in a cave for the past ten years, you must be aware that data breaches are happening at an accelerating pace. The loss of continuity of business due to recovery time and legal costs are staggering, not to mention the embarrassment. We can’t solve all of your data security problems. But when it comes to your Salesforce mirrored data in your on-premise database, CS:Govern can supplement our responsibility of helping you get more sleep at night.

Steve Widom

Steve Widom

With over three decades of software development experience, Steve is grateful to have lived through the Computer Age, and is a member of the CapStorm technology team specializing in data Governance, as well as Test Automation.

About CapStorm

CapStorm is the most technologically advanced Salesforce data management platform on the market. Billions of records per day flow through CapStorm software, and our solutions are used in every industry from credit cards, telecom providers, insurance agencies, global banks and energy providers.

Recent Posts

Follow Us

Become a CapStorm Insider

Become a CapStorm Insider

Subscribe to the CapStorm Forecast

This field is for validation purposes and should be left unchanged.