Securely Running Python with Data Cloud’s New Bring Your Own Code Architecture

In our “Engineering Energizers” Q&A series, we highlight the engineering minds driving innovation across Salesforce. Today, we meet Amanda Johnson, a Director of Software Engineering who leads the development of Bring Your Own Code (BYOC) — a secure, scalable, pro-code platform built within Data Cloud that lets customers run custom Python code directly against their data. BYOC is to Data Cloud what Apex is to Salesforce Core — a powerful way to implement custom logic and extend platform capabilities, empowering customers to unlock advanced data transformations, segmentations, calculated insights, and unstructured data processing, using custom code without waiting for new Salesforce features — all while keeping trust and security at the core.

Dive into how Amanda’s team delivered a complex, full-stack product on a tight deadline — despite limited frontend expertise — while architecting tenant-isolated runtime environments and scaling the platform to support secure Python execution at enterprise scale.

What is your team’s mission as it relates to BYOC, and how does it shape the development of the platform in Data Cloud?

We offer Data Cloud customers the flexibility to execute custom Python code directly on their data, leveraging their existing code assets or enabling to build new ones where our out-of-the-box features are not sufficient to get the job done. Simply put, BYOC bridges the gap between what customers want to do with their data and what out of the box features are available inside Data Cloud. Our pilot customers are bringing in fascinating use cases by using BYOC for things like ID5 data decryption, converting customer usage information into “weightings” that can be used to drive suggestions for an LLM. Additionally, they are leveraging sophisticated data science libraries like pandas and scikit-learn to run custom ML models inside Data Cloud, delivering predictions without having to move data elsewhere.

The team is committed to building a secure and scalable platform that enables real-time Python script execution through a lightweight SDK, transforming data manipulation, transformation, and training within Data Cloud. The primary engineering challenge is to balance flexibility with safety. BYOC allows customers to write and run custom code, but it is essential to ensure that this code operates in a secure, isolated environment. This isolation is critical to protect other tenants and maintain system integrity. The goal is to empower customers with self-service capabilities for advanced data processing while upholding Salesforce’s high standards for trust, compliance, and security. This approach ensures that customers gain more control without compromising the reliability and security they expect from the Salesforce platform.

High-level overview of Data Cloud’s architecture.

What were the biggest technical challenges in building BYOC for Data Cloud?

One of the big challenges was providing a way for BYOC customers to iterate on and test custom code outside of Data Cloud before fully deploying it. To solve this, the team added the ability for customers to execute fast inner-loop development and verify that their code worked in the BYOC SDK with sample of data, all while using their choice of python developer tool, such as VSCode or Jupyter notebooks. Once verified, they deploy in Data Cloud and execute it on-demand or on a scheduled basis.

Another challenge was transitioning from infrastructure to product engineering. The team had years of experience with AWS infrastructure, including managing EKS clusters and Data Cloud’s Service Mesh, but they had limited exposure to frontend development. To bridge this gap, the team leveraged Trailhead to understand and write modern Javascript. I personally leveraged relationships built since 2019 to bring in experts, securing two dedicated UI engineers for several sprints, and organized brown bag sessions for knowledge transfer. This required a lot of flexibility — asking infrastructure engineers to learn JavaScript, adopt frontend best practices, and deliver a product on a tight timeline.

How does BYOC ensure scalability for executing customer Python code on Data Cloud using Kubernetes and runtime isolation?

Scalability planning began early. BYOC is designed to support hundreds of customers post-Dreamforce, each running code against their own Data Lake Objects. The architecture ensures tenant-level isolation, with each customer’s code executing in a dedicated environment to prevent cross-tenant impact. Key components of this isolation strategy include Kubernetes node pool separation and strict runtime sandboxing.

Collaboration with Salesforce’s performance and scale testing team has been crucial. We developed a suite of API load tests to simulate real-world usage patterns and identify potential bottlenecks. Although specific throughput metrics are still being validated, the system is built to scale horizontally, with autoscaling and observability tools in place to dynamically monitor and adjust resources. The focus is on being ready for the expected demand surge post-Dreamforce, ensuring stability, security, and performance as customer adoption increases.

Overview of Data Cloud’s structured and unstructured data architecture.

How did the team balance rapid development of BYOC with Salesforce’s high standards for trust, security, and code quality?

Delivering a pilot version of BYOC in six months required a strict Definition of Done, including minimum 80% code coverage on all features, mandatory code reviews, and thorough security validation. These were non-negotiable. The team built BYOC on Salesforce’s Hyperforce platform, which is an architecture that allows Salesforce to offer customers more control over data residency and compliance, while also improving agility, scalability, and security. Security was a top design priority from the start. The system was architected with tenant isolation, strict runtime controls, and automated security scanning. We partnered with a 3rd party for penetration testing before going live with our beta. Balancing speed and security was challenging, but it was achieved by maintaining clear priorities, strong engineering discipline, and an unwavering commitment to quality.

How is AI used to improve developer productivity when building and testing the BYOC platform in Salesforce Data Cloud?

AI has accelerated testing processes, especially for generating unit and API tests, with Cursor being the primary tool. While AI didn’t significantly affect the pilot delivery timeline, it has streamlined repetitive tasks, allowing engineers to focus on more complex challenges. Some engineers were early adopters, while others needed encouragement, but once they tried it, they recognized its value.

The team is also exploring how AI can assist customers in writing Python code for BYOC, though this is still in the R&D phase. AI is seen as a tool to enhance efficiency, not replace engineering expertise. The goal is to use AI to free up engineering time for deeper problem-solving, not to bypass critical thinking or design rigor.

Amanda explores the Cursor AI tool and how it is improving her team’s productivity.

What engineering strategies prevent regressions in BYOC when adding new features and capabilities?

Prioritization was essential. A strong partnership with the product team helped establish a clear feature hierarchy, ensuring the most impactful work remained on track. Regular backlog grooming sessions kept everyone aligned, and mapping technical dependencies prevented surprises. The team had to make tough decisions, deferring some UI pages to meet the pilot deadline. It wasn’t ideal, but it was necessary.

Siloing proved practical: backend engineers focused on SDK and APIs, frontend engineers on the UI, and security experts on platform hardening. While cross-functional collaboration is the long-term goal, this division allowed deep, specialized work without causing regressions. A shared understanding of the architecture and constant communication ensured changes in one area didn’t break another. Trust in engineers’ estimates and feedback guided the decision-making process.

Amanda shares why engineers should join Salesforce.

How does user feedback influence the roadmap and development priorities for BYOC in Data Cloud?

Voice of the customer is everything here. The engineering team worked to launch our pilot version of BYOC in May. Having a live version of our product out for customers to use has enabled us to gain a deep understanding of their use cases and continue to evolve our product roadmap based on their feedback. Each pilot customer is paired up with a technical lead of our engineering team. Whether we’re chatting asynchronously in dedicated slack channels or in direct meetings, we’re able to continuously evolve our development priorities to better meet customer needs, becoming more robust and user-friendly with each release.