<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=1703665079923990&amp;ev=PageView&amp;noscript=1">
Skip to main content

Organizations are facing a crucial question: Is classic encryption (included with Salesforce base licenses) enough to protect sensitive data or do I need Salesforce Shield?  

Consider this blog your ultimate guide to unraveling the difference between classic encryption and Shield platform encryption as well as the additional features Shield provides. Let's delve into the layers of protection offered by Salesforce Shield and explore what this solution provides for your business security and regulatory requirements. 

Understanding Salesforce Shield: A Brief Overview

Salesforce Shield is not just a security suite; it's the fortified armor for your data within Salesforce. Tailored for diverse industries, it enhances data security, ensures regulatory compliance, and preserves sensitive information privacy. With a comprehensive set of features, Shield addresses various aspects of security and compliance, providing robust protection for your data. Shield extends the security features of the Salesforce base licenses to adhere to specific security and compliance requirements.

Delving Deeper into Salesforce Shield's Top Features

Platform Encryption: This feature allows organizations to expand their encryption capabilities to protect it from unauthorized access. Comparing Shield to classic encryption, data such as standard fields, custom fields, files, content, and additional objects all can be encrypted. Gone are the days of using a single dedicated field type with classic encryption to encrypt data. Classic encryption limits analytic capabilities and platform encryption optimizes analytics. Shield ensures that if a user gains access to the data it remains encrypted and unreadable through the management of a secure data encryption key.   

What’s the difference between Classic Encryption and Shield Platform Encryption?

FEATURE CLASSIC ENCRYPTION PLATFORM ENCRYPTION
Pricing Included in base user license Additional fee applies
Encryption at Rest Checkmark Checkmark
Native Solution (No Hardware or Software Required) Checkmark Checkmark
Encryption Algorithm 128-bit Advanced Encryption Standard (AES) 256-bit Advanced Encryption Standard (AES)
HSM-based Key Derivation   Checkmark
Manage Encryption Keys Permission   Checkmark
Generate, Export, Import, and Destroy Keys Checkmark Checkmark
PCI-DSS L1 Compliance Checkmark Checkmark
Masking Checkmark  
Mask Types and Characters Checkmark  
View Encrypted Data Permission Required to Read Encrypted Field Values Checkmark  
Encrypted Standard Fields   Checkmark
Encrypted Attachments, Files, and Content   Checkmark
Encrypted Custom Fields Dedicated custom field type, limited to 175 characters Checkmark
Encrypt Existing Fields for Supported Custom Field Types   Checkmark
Search (UI, Partial Search, Lookups, Certain SOSL Queries)   Checkmark
API Access Checkmark Checkmark
Available in Workflow Rules and Workflow Field Updates   Checkmark
Available in Approval Process Entry Criteria and Approval Step Criteria   Checkmark

Source: Salesforce


Event Monitoring: Event Monitoring provides detailed information about user activity to prevent and mitigate threats by setting transaction security policies. Event monitoring analytics assist with visualizing user activity from event logs with pre-built Dashboards provided with the CRM Analytics App licenses included. This is vital for security auditing, compliance reporting, and detecting any unusual or suspicious behavior that could indicate a security threat. 

Field Audit Trail: Field Audit Trail is your data detective, tracking changes over time for a detailed history of user actions—a compliance dream and a lifesaver for regulated industries. Retaining data for up to 10 years is crucial for compliance, internal auditing, and investigating unauthorized changes, ensuring a comprehensive record of data alterations. The field audit trail included with Shield increases the total number of fields that can be audited for each object.

Einstein Data Detect (Generally Available): Protect both your customers and employees from mistakenly sharing personally identifiable information with Einstein Data Detect. Leverage this managed package, determine the sensitivity of a field, categorize data classification metadata in bulk without a third-party service, and determine which fields to encrypt or mask. Einstein Data Detect is taking the guesswork out of securely storing and gathering your data. 

Industries that Need Shield

Now that we've unveiled the most important features, let's talk about the industries that can benefit the most from Salesforce Shield.

Financial Services: The financial services industry deals with highly confidential information, including financial transactions and personal customer data. Salesforce Shield's encryption, access controls, and audit trail capabilities are crucial for maintaining data integrity and meeting regulatory standards applicable to banks, broker-dealers, registered investment advisors, and insurers.

Healthcare and Life Sciences: The healthcare industry handles a vast amount of sensitive patient data that is subject to strict privacy regulations such as HIPAA (Health Insurance Portability and Accountability Act). Salesforce Shield's features, such as Platform Encryption and Compliance & Certification support, can help healthcare organizations meet these regulatory requirements, including those set by the FDA (U.S. Food and Drug Administration).

Legal Services: Law firms dealing with confidential client data can use Shield to maintain a secure environment and adhere to legal industry standards. Field Audit Trail becomes a trusted ally, ensuring every data change is accounted for in your environment and adheres to legal industry standards.

Is Salesforce Shield for You?

In a world where data breaches make headlines, the answer is a resounding yes. If your organization deals with sensitive information, strives for compliance, and values the integrity of your data, then Salesforce Shield is not just a luxury but a necessity.

Ready to empower your business with a suite of data security? Explore the world of Salesforce Shield and ensure your data remains the superhero of your success story.

Partner with us and let's fortify your Salesforce fortress together. Your data deserves nothing less than the highest level of protection against the ever-evolving landscape of cyber threats. Shield up and stay secure.

Need some more help?

Do you have cybersecurity needs that go beyond Salesforce? Ascend Technologies is a Managed Service Provider offering holistic IT solutions including a full range of cybersecurity capabilities.

Written by Tom Palaia, Salesforce Sales Engineer

New call-to-action