Data Detect Considerations
Here are suggestions for improving your organization’s security posture around sensitive information handling.
Required Editions
| Available in: Enterprise, Performance, Unlimited, and Developer editions with the Salesforce Shield or Data Detect Licenses. |
- As you create a policy to scan, know your limits. These limits include no account objects in person account enabled orgs, or fields other than text, Long Text, Long Text Area, and rich text.
- To successfully view scan results for fields using Classic Encryption, you must have the View Encrypted Data permission. Because encrypted data must be processed differently than standard data, scanning these fields takes longer. Including encrypted fields in a scan configuration can increase the total scan duration by approximately one-and-a-half times.
- Make careful selections to establish a more targeted scan and quicker results. Several factors determine scan time. For example, how many records, fields, and sensitive data categories you select in your policy. Plus any custom patterns or keywords you've added.
- Make sure that your custom (REGEX) patterns are optimized, otherwise the scans can fail, or take a long time to run.
- Note the length of each pattern or custom keyword, as the maximum length is 255 characters.
- If available, make policy exclusions. These exclusions can be for fields that you know are meant to have sensitive data for your business needs.
- Selecting a random duration in the past to get a sample of the data within your objects and fields can help you understand where sensitive data resides.
Did this article solve your issue?
Let us know so we can improve!
