With more than 150,000 customers of Salesforce around the world, enormous quantities of customer and prospect data are being stored in Salesforce databases in the Cloud. Some of that data may be very sensitive, some may be personally identifiable and other data may fall under specific industry and government regulations or compliance mandates. In every case, there’s a responsibility on using and handling the data correctly.

Given that not all data is sensitive, finding sensitive data can be like looking for a needle in a haystack and trying to manage it manually is next to impossible.

With the release of version 2.5 of Enterprise Recon at the beginning of 2022, Ground Labs added support for Salesforce to its industry-leading data discovery solution to help customers address exactly this requirement to identify and manage sensitive data stored within Salesforce.

Finding and Remediating Data within Salesforce

Customers of Enterprise Recon can:

  • Inspect all Salesforce data objects to look for sensitive data including Payment Card information, Personally Identifiable Information (PII) and custom data types. More than 300 data types are included as standard.
  • Easily discover sensitive data by identifying the precise location in an object, right down to the line within a record, where data is stored.
  • Produce extensive reports on what data has been found and where.
  • Distribute remediation tasks to the owners of the data in Salesforce so that they can own the steps to properly protect it.
  • Support scanning of standard objects and custom objects in both production and sandbox environments.

There are many occasions where data pops up in unexpected places and Enterprise Recon makes this easy to find and fix these issues when they occur. In addition, it helps highlight dark data i.e., data that has expired and is now no longer needed and therefore should be removed.

The scanning process itself is highly performant with very low overhead on the system. If necessary, scanning can be scheduled to happen overnight when usage of the system is at its quietest. In addition, Salesforce data can be scanned regularly at whatever frequency is necessary (even daily).

Although there are no usage restrictions with Enterprise Recon, it uses the Salesforce Application Programming Interface (API) for data access. Sometimes this API may also be used by other third-party solutions using Salesforce and it may be worth noting if that causes any usage limitations.


Extensive reporting is provided in Enterprise Recon. Summary reports include details of the number of matches, the number of specific data types found, the number of objects and the number of data types found in each object. Detailed reports from a single scan go further to include samples matched with the exact data in specific records. In fact, Enterprise Recon even provides links directly to the Salesforce record to show a specific data match. All reports can be exported for further analysis in HTML, PDF, CSV, TXT and Word file formats.

Our product roadmap includes working with our customers to understand how they’re making use of this facility and we welcome any input. We’re also examining other APIs provided by Salesforce to see what further capabilities we can add. 


We’re excited to see the impact this new capability provides, as we continue to help our customers meet their compliance and regulation requirements for protecting sensitive data. We’ve also produced a short video that covers this functionality and shows some of the new capabilities in action. To take a look, click here.Your feedback is welcome.

Want to keep up with all our blog posts? Subscribe to our newsletter!