Salesforce Data Loss Prevention (DLP) Guide | Nightfall Developer Platform

Guide to Cloud Data Loss Prevention (DLP) on Salesforce

Learn how to discover, classify, and protect sensitive data in Salesforce with Nightfall’s APIs and our open source backup DLP scanner. Improve security & compliance with cloud data loss prevention.
The Challenge

Data Sprawl on Salesforce

  • Salesforce is a cloud-based customer relationship management platform. Sensitive data like PII, credentials & secrets sprawl into Salesforce at an alarming rate. It’s nearly impossible to know what types of data are in Salesforce through manual efforts.
  • Salesforce doesn’t have enterprise-grade data protection, DLP, or data classification capabilities built-in.
  • Current data protection solutions are built for devices and networks, not cloud services like Salesforce, so they are hard to implement. They aren’t flexible, accurate, or developer-friendly because they are primarily based on regular expressions and simple heuristics.
  • This can lead to productivity loss, risk of data breach, and compliance problems.
+
  • Programmatically get structured results from Nightfall’s detectors for many types of sensitive data like credit card numbers and API keys. Nightfall maintains a growing library of detectors that include personally identifiable information (PII) and other data types as defined by data privacy regulations, such as GDPR, PCI-DSS, and HIPAA.
  • Deep-learning based detectors go well beyond regexes, rules, and search strings so you can make sense of your data without the alert fatigue. These detection techniques continually improve over time.
  • Customizable detection engine to tailor detectors and detection rules to your needs.
  • Custom-defined data types using regular expressions or word lists, to discover proprietary or unique sensitive data specific to your use cases.
  • Scan a broad range of file types and MIME-types, and perform machine learning based optical character recognition (OCR) to extract text.
  • Nightfall Dashboard enables you to create, save, and manage detection rules easily and flexibly in the UI to reference in code.
  • Open source scanner code as well as detailed docs & tutorials so you get started quickly and customize the service to your needs.
Instructions

Using Nightfall API with Salesforce Backup
  • Create a export/backup of Salesforce. Read instructions here.
  • Configure a detection rule. Set up detection rules as code, manage them in the Nightfall Dashboard, or use the default one. Use our Playground to test detection rules easily.
  • Fork/clone the cloud backup DLP scanner on GitHub. This open source service (1) sends Salesforce export/backup data to Nightfall to be scanned, (2) runs a local webhook server that retrieves sensitive results back from Nightfall, and (3) writes the sensitive findings to a CSV file. Check out the Readme for more details.

Case Study

“The Nightfall Developer Platform allows us to scan for certain patterns of information, like social security numbers or credit cards. We can ensure that our internal communication stays as work-appropriate as possible.”

Tim Alman, Enterprise Process Solutions Manager
Use case: DLP & content moderation
Employees: 12,000+
Industry: Retail & Ecommerce

Get Started

It's free to get started with the Developer Platform, and our backup/export scanner is open source. Sign up for a Nightfall account to start classifying and protecting sensitive data, read our API docs to learn more, or view the code on GitHub.
View on GitHub — OR — Sign Up