Shield Platform Encryption

Salesforce Shield Platform Encryption Guide

Shweta Choudhary Jul 2, 2021
2,628  Views

Shield Platform Encryption

As organizations store more sensitive data, like actually recognizable data (PII), in the cloud, they need to guarantee the protection and classification of that information to meet both outside and inner consistence prerequisites. Shield Platform Encryption permits you to locally scramble your most delicate information at rest across the entirety of your Salesforce applications. Encoding information at rest adds another layer of insurance to PII, delicate, private, or exclusive information. 

Salesforce offers two different ways to scramble information


Advertisement

  • Classic Encryption 
  • Shield Platform Encryption

Before you encode

Before the encoding of information in Salesforce — or in any cloud administration — first, you need to be sure that you're using the correct security solution for the kind of threat you encounter. For example, on the off chance that you are generally worried about ensuring against end-client or regulatory record takeover attacks, which are typically accomplished through social engineering and malware bugs, data encryption may not be a proper control against such a danger. 

dont miss out iconDon't forget to check out: 9 Tips to Keep Your Data Secure in Salesforce

Salesforce Shield Platform Encryption secures information at rest. It shouldn't be mistaken for control that scrambles information on the way, like Transport Layer Security.

Shield  Platform Encryption is most appropriate for: 

  • Protecting against information loss because of unauthorized data access.
  • Bolstering consistence with administrative necessities or inside security approaches.
  • Satisfying authoritative commitments to deal with sensitive and private information for clients.

Shield Platform Encryption Process:

At the point when clients submit information, the application worker searches for the org-specific data encryption key in its cache. If it isn't there, the application worker gets the encoded tenant secret from the data set and asks the key inference worker to speculate the key. The Shield Platform Encryption organization then scrambles the information on the application server.

Shield Platform Encryption utilizes a novel tenant secret that you oversee and a master secret that is dealt with by Salesforce organization. Naturally, we consolidate these secrets to make your unique data encryption key. We can provide the final data encryption key from our side.

data encryption

Before information is encoded, a Salesforce head needs to empower encryption first and produce or supply key material. For each field, record, attachment, and data element which are encoded, the connected metadata in the UDD is refreshed to show the new encryption setting.

  • At the point when a client saves encoded data, the runtime engine decides from metadata whether the field, file, attachment, or data element ought to be scrambled prior to putting away it in the database. 
  • If encryption has to be done, the encryption administration checks for the encryption key in the encryption key reserve. 
  • The encryption administration check for the key exists already or not. 
  • In the event that indeed, the encryption administration recovers the key. 

dont miss out iconCheck out an amazing Salesforce video tutorial here: Security for Salesforce Developers: Data Security

  • On the off chance that key doesn't exist, a request has been sending to the Shield KMS and returns to the encryption organization running on the Lightning Platform. data moving between the Shield KMS and the encryption organization is scrambled by the TLS convention, which utilizes an authentication endorsed by a submitted Salesforce authority. This current validation's private key is taken care of locally in an encoded structure. The authentication's public and private keys are rotated consistently.
  • Subsequent to recovering or inferring the key, the encryption organization makes a discretionary initialization vector (IV) and scrambles the information using JCE's AES-256 execution. 
  • The ciphertext is saved in the database. The IV and related ID of the key material utilized for the determination of the data encryption key will be gotten in the database.
Categories: Data, Salesforce Security
Tagged: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

Responses

Popular Salesforce Blogs

Report

Harassment or bullying behavior
Harassment or bullying behavior
Contains mature or sensitive content
Contains misleading or false information
Mobile App Reported Contents
Contains abusive or derogatory content
Contains spam, fake content or potential malware

Block Member?

Please confirm you want to block this member.

You will no longer be able to:

  • See blocked member's posts
  • Mention this member in posts
  • Invite this member to groups
  • Message this member
  • Add this member as a connection

Please note: This action will also remove this member from your connections and send a report to the site admin. Please allow a few minutes for this process to complete.

Report

You have already reported this .