Organizations are facing a crucial question: Is classic encryption (included with Salesforce base licenses) enough to protect sensitive data or do I need Salesforce Shield?
Consider this blog your ultimate guide to unraveling the difference between classic encryption and Shield platform encryption as well as the additional features Shield provides. Let's delve into the layers of protection offered by Salesforce Shield and explore what this solution provides for your business security and regulatory requirements.
Understanding Salesforce Shield: A Brief Overview
Salesforce Shield is not just a security suite; it's the fortified armor for your data within Salesforce. Tailored for diverse industries, it enhances data security, ensures regulatory compliance, and preserves sensitive information privacy. With a comprehensive set of features, Shield addresses various aspects of security and compliance, providing robust protection for your data. Shield extends the security features of the Salesforce base licenses to adhere to specific security and compliance requirements.
Delving Deeper into Salesforce Shield's Top Features
Platform Encryption: This feature allows organizations to expand their encryption capabilities to protect it from unauthorized access. Comparing Shield to classic encryption, data such as standard fields, custom fields, files, content, and additional objects all can be encrypted. Gone are the days of using a single dedicated field type with classic encryption to encrypt data. Classic encryption limits analytic capabilities and platform encryption optimizes analytics. Shield ensures that if a user gains access to the data it remains encrypted and unreadable through the management of a secure data encryption key.
What’s the difference between Classic Encryption and Shield Platform Encryption?
| FEATURE | CLASSIC ENCRYPTION | PLATFORM ENCRYPTION |
|---|---|---|
| Pricing | Included in base user license | Additional fee applies |
| Encryption at Rest |  |
|
| Native Solution (No Hardware or Software Required) | |
|
| Encryption Algorithm | 128-bit Advanced Encryption Standard (AES) | 256-bit Advanced Encryption Standard (AES) |
| HSM-based Key Derivation | |
|
| Manage Encryption Keys Permission | |
|
| Generate, Export, Import, and Destroy Keys | |
|
| PCI-DSS L1 Compliance | |
|
| Masking | |
|
| Mask Types and Characters | |
|
| View Encrypted Data Permission Required to Read Encrypted Field Values | |
|
| Encrypted Standard Fields | |
|
| Encrypted Attachments, Files, and Content | |
|
| Encrypted Custom Fields | Dedicated custom field type, limited to 175 characters | |
| Encrypt Existing Fields for Supported Custom Field Types | |
|
| Search (UI, Partial Search, Lookups, Certain SOSL Queries) | |
|
| API Access | |
|
| Available in Workflow Rules and Workflow Field Updates | |
|
| Available in Approval Process Entry Criteria and Approval Step Criteria | |
Event Monitoring: Event Monitoring provides detailed information about user activity to prevent and mitigate threats by setting transaction security policies. Event monitoring analytics assist with visualizing user activity from event logs with pre-built Dashboards provided with the CRM Analytics App licenses included. This is vital for security auditing, compliance reporting, and detecting any unusual or suspicious behavior that could indicate a security threat.
Field Audit Trail: Field Audit Trail is your data detective, tracking changes over time for a detailed history of user actions—a compliance dream and a lifesaver for regulated industries. Retaining data for up to 10 years is crucial for compliance, internal auditing, and investigating unauthorized changes, ensuring a comprehensive record of data alterations. The field audit trail included with Shield increases the total number of fields that can be audited for each object.
Einstein Data Detect (Generally Available): Protect both your customers and employees from mistakenly sharing personally identifiable information with Einstein Data Detect. Leverage this managed package, determine the sensitivity of a field, categorize data classification metadata in bulk without a third-party service, and determine which fields to encrypt or mask. Einstein Data Detect is taking the guesswork out of securely storing and gathering your data.
Industries that Need Shield
Now that we've unveiled the most important features, let's talk about the industries that can benefit the most from Salesforce Shield.
Financial Services: The financial services industry deals with highly confidential information, including financial transactions and personal customer data. Salesforce Shield's encryption, access controls, and audit trail capabilities are crucial for maintaining data integrity and meeting regulatory standards applicable to banks, broker-dealers, registered investment advisors, and insurers.
Healthcare and Life Sciences: The healthcare industry handles a vast amount of sensitive patient data that is subject to strict privacy regulations such as HIPAA (Health Insurance Portability and Accountability Act). Salesforce Shield's features, such as Platform Encryption and Compliance & Certification support, can help healthcare organizations meet these regulatory requirements, including those set by the FDA (U.S. Food and Drug Administration).
Legal Services: Law firms dealing with confidential client data can use Shield to maintain a secure environment and adhere to legal industry standards. Field Audit Trail becomes a trusted ally, ensuring every data change is accounted for in your environment and adheres to legal industry standards.
Is Salesforce Shield for You?
In a world where data breaches make headlines, the answer is a resounding yes. If your organization deals with sensitive information, strives for compliance, and values the integrity of your data, then Salesforce Shield is not just a luxury but a necessity.
Ready to empower your business with a suite of data security? Explore the world of Salesforce Shield and ensure your data remains the superhero of your success story.
Partner with us and let's fortify your Salesforce fortress together. Your data deserves nothing less than the highest level of protection against the ever-evolving landscape of cyber threats. Shield up and stay secure.
Need some more help?
Do you have cybersecurity needs that go beyond Salesforce? Ascend Technologies is a Managed Service Provider offering holistic IT solutions including a full range of cybersecurity capabilities.
Written by Tom Palaia, Salesforce Sales Engineer
