Data 360 Clean Rooms enable secure data collaboration without moving raw data. This zero-copy, federated architecture solves the conflict between data utility and strict regulatory compliance like GDPR while maintaining performance across distributed environments.
In our Engineering Energizers Q&A series, we highlight the engineering minds driving innovation across Salesforce. Today, we spotlight Soumya KV, Senior Director of Software Engineering at Salesforce, as she leads the team building Data 360 Clean Rooms to enable secure organization collaboration on data-driven insights while maintaining strict privacy, consent, and governance controls over underlying datasets.
Explore how her team built Data 360 Clean Rooms to enable privacy-safe data collaboration under regulatory constraints like GDPR and CCPA, designed a distributed architecture that isolates datasets during analysis, and implemented a zero-copy federation model that executes queries where data resides.
Our team designs and builds the core architecture powering Data 360 Clean Rooms, which serves as a secure collaboration layer for cross-organization data sharing. We focus on developing a privacy-first architecture that enables data isolation and zero-copy federation, ensuring sensitive PII never leaves its source environment. These capabilities allow organizations to generate shared insights without ever exposing raw data.
Moving into the framework itself, we build the governance controls and query execution capabilities that allow providers and consumers to analyze shared audiences. This structure enforces strict privacy and compliance requirements throughout the process. To support this model, the platform includes several key capabilities:
These controls ensure that every collaboration remains secure, auditable, and governed. Ultimately, this allows organizations to unlock value from data partnerships without exposing sensitive information.
Privacy and regulatory compliance serve as foundational design constraints for this architecture. Any platform enabling collaboration on customer data operates within strict frameworks like GDPR and CCPA. To meet these requirements, Data 360 Clean Rooms include multiple layers of protection:
These safeguards prevent identity exposure and inference while enabling meaningful analysis across datasets. By enforcing these controls at query time, the system ensures that collaboration remains compliant and maintains trust between participating organizations.
Connecting Data 360 Clean Rooms with external platforms like AWS Clean Rooms involves bridging distinct architectural frameworks. While Data 360 utilizes zero-copy federation, AWS Clean Rooms operates through specific components:
These variations create hurdles for metadata alignment and data-sharing processes. Establishing interoperability involves creating uniform contracts for schema mapping and query templates across both systems. To solve this, our team developed a secure integration layer that facilitates collaboration while maintaining privacy standards. This layer includes protocols for sharing metadata and coordinating queries between environments.
The system also uses a controlled retrieval process to move aggregated insights back into Data 360 for reporting and activation. This strategy enables organizations to work across different ecosystems while keeping governance and privacy rules intact.
Building a zero-copy federation model involves a complete redesign of query execution across distributed landscapes. In our implementation of Native Salesforce Data 360 Clean Rooms, we engineered a distributed query execution framework.
This ensures that provider-side operations are isolated within the provider’s security context, while consumer-side logic executes strictly within the consumer’s environment, maintaining end-to-end data integrity without physical movement. Every participant handles their segment of the query locally under their own governance rules.
This distributed model keeps raw data at its original source. The process only allows aggregated and anonymized results to move across the collaboration boundary. The system applies privacy controls during the query process to verify that all calculations follow established policies. These safeguards include:
This architecture maintains data ownership and removes the risks of data migration. It allows for secure collaboration across separate systems.
The primary challenge was balancing resource efficiency with strict multi-tenant isolation. Supporting one provider across many consumers created a risk of interference and data leakage.
We addressed this by architecting a decoupled control plane where metadata and privacy policies are synchronized globally, while execution is partitioned into unique collaboration contexts. This allowed us to achieve 1:N scalability, reusing the same underlying data assets across multiple partnerships without physical duplication while ensuring that a breach or policy change in one collaboration had zero impact on another. This system enables:
The system also uses mechanisms to push updates for dataset mappings and privacy policies across all active collaborations. By designing specific collaboration contexts and dataset reuse, the system allows providers to scale secure data work across many partners while maintaining privacy.
The post Building Data 360 Clean Rooms: Zero-Copy Architecture for Privacy-Safe Data Collaboration appeared first on Salesforce Engineering Blog.
Continue reading on the original blog to support the author
Read full articleMaintaining architectural consistency in a massive, multi-cloud ecosystem is vital for security and scale. This approach allows engineers to build on shared abstractions, ensuring that acquisitions and new services integrate seamlessly while supporting advanced AI and agentic workflows.
Scaling distributed systems to 120 trillion rows requires moving beyond query federation. Adopting a file-based approach with Apache Iceberg eliminates bottlenecks between compute and storage, enabling high-performance AI at petabyte scale without data duplication.
Engineers need ways to bridge the gap between unpredictable LLM reasoning and the deterministic requirements of enterprise systems. Agent Script provides a structured control plane that ensures security and consistency while allowing agents to remain flexible and easy to develop.
Engineers must balance LLM flexibility with enterprise reliability. AgentScript provides a deterministic control plane for AI agents, ensuring security-sensitive workflows like authentication remain predictable while maintaining the reasoning power of modern large language models.
