Salesforce Security: Play Nice in the Sandbox As an extension of your Salesforce production environment, your sandbox isn’t immune to user-driven security issues. Here are four opinions you may…

Salesforce Security: Play Nice in the Sandbox

Eric Chaves

Eric is the Director of Technical services, managing the technical Pre/Post Sales, Customer Success and Customer Support teams at CloudLock.


As an extension of your Salesforce production environment, your sandbox isn’t immune to user-driven security issues.

Here are four opinions you may have (and should rethink) concerning Salesforce sandbox security. If you’re unsure how clean your sandbox is, cut to the chase and find out with a 14 day free trial of CloudLock for Salesforce.

1. The Data is Clean

CloudLock | Salesforce SandboxSandboxes often lack a sufficient volume of data for proper testing, leading users to manually copy live data from production environments. Whether data is introduced to the sandbox through data migration or mirroring, users can inadvertently pull over files containing sensitive data, trumping the common misconception that sandbox data is sanitized.

The sandbox must be treated as an extension of your Salesforce production environment. Monitor it to ensure sensitive data does not fly under the radar and is misused as test data. What you find may surprise you.

2. Not In My Backyard: Our Sandbox is Small

There is an underlying assumption that the risk of data loss in sandbox environments is minimal, as there is less data in development than production environments. Despite the size of the environment, data in the sandbox may be just as sensitive, and may be externalized just as easily – the results being equally concerning.

A strong security strategy does not make concessions for small environments. If you don’t know exactly what is in your sandbox environment, you should develop and execute a process to ensure there are no surprises.

3. We Encrypt Everything

Organizations tend to secure their Salesforce environments through all-encompassing encryption. However, the overwhelming majority of information stored in Salesforce is not sensitive data, making indiscriminate, universal encryption an expensive, resource draining, and impractical effort. Additionally, relying on encryption and gateways impedes users, discouraging usage of the platform.

Embrace a security approach that differentiates between sensitive and non-sensitive data and focus on protecting the data that matters.

4. Don’t Worry, We Know Our Users

Companies often provide sandbox access to both internal employees and external third party users, such as contractors. Third parties may not be held to the same confidentiality standards as internal employees, or may not be vetted to the same extent, raising security concerns around inadvertent data exfiltration and compliance adherence.

Additionally, the majority of users in your sandbox environment aren’t security, or even IT professionals. They often simply seek a volume of data they can test on and, despite their good intentions, may not be concerned with the presence of sensitive data.

Rather than relying on paper policy, make sure you educate your sandbox users of the relevant security concerns and provide policy enforcement to emphasize users’ accountability for keeping data clean and secure in the sandbox.

The Bottom Line

The security of Salesforce data is vital to your business. As you design and execute your security strategy for Salesforce, be sure to incorporate your sandbox environments, helping users understand, embrace, and own their share.

Ready for More?

Our eBook, “5 Things You Think You Know About Salesforce Security“, discusses the all too common misunderstandings administrators and security professionals may have about Salesforce security. Read the eBook to learn:

  • Why security at the infrastructure and platform levels just isn’t enough
  • How you can balance Salesforces’ access benefits while protecting your sensitive data on the platform
  • Tips to manage the risk of data exposure – whether through insecure devices, third-party apps, or just risky collaboration practices

Get your copy today.


Browser Not Supported

Your browser version is outdated.

We would recommend you upgrade to a recent version to ensure that you have a good experience on the CloudLock site. Outdated browsers also increase your security risk. So please update your browser and come back later!

Click on the icon below to download the latest version of your browser