With Shield, Salesforce looks to strengthen its promise of taking its Trust Services to the next level. Now, even industries with regulatory and compliance requirements such as Financial Services, Healthcare, and Public Sector can leverage the speed and innovation of cloud computing with the assurance of highest level of data protection, availability, and performance.

The needs of specific industries can vary depending on the criticality of the data that they manage and use. While some may need to track sensitive customer being exported others might need to encrypt them or maintain an audit trail of data to safeguard data integrity. The understandably high pressure of balancing the shift to cloud platforms with meeting compliance needs has deterred several organizations from making the shift thereby being bereft from the benefits that it promises to bring along!

Salesforce Shield is a premium set of integrated services built natively in the Salesforce1 Platform. With it, comes the capability to track the way in which one’s sensitive data is being used & handled. It certainly is a strong empowering tool for customers with complex governance and compliance needs to be able to track data going back up to ten years along with sensitive data encryption if they so desire.

Salesforce Shield includes the following core services:

  • Event Monitoring: This feature gives customers the transparent visibility into which users are accessing what kind of data along which the actions that they are taking on it.
  • Field Audit Trial: Salesforce customers now have the ability to go back & check their data state up to 10 years. It provides Audit trial data for up to 60 fields per object.
  • Platform Encryption: All sensitive data can now be easily encrypted at rest (at the metadata layer) without hampering any business functionality.
  • Transaction Security: Users can add various processes to Event Monitoring using the transaction security feature. Specific events can be configured with Salesforce to trigger actions as required. For example: When any User tries to access the Salesforce from any unsupported browser it will not provide access.

The Shield Platform works through the combination of the tenant key (available with the customer) and a master secret controlled by Salesforce to generate the org-specific data encryption key. This key is used to encrypt sensitive data stored in standard and custom fields, files, and attachments. The derived keys are never persisted to disc, ensuring maximum security for encryption keys.

Setup Salesforce Shield
  • Setup -> Security Controls -> Platform Encryption
  • Create Tenant Secret
  • Enable encryption for files, fields, and attachments
  • Assign permission to generate, rotate, and archive your org’s keys
  • If user has the permission to “View Encrypted data”, then the data gets decrypted before presenting it for user
  • Fields with the following field types: Text, Long Text Area, Phone, Email and URL in standard or custom objects can be encrypted


About Author
Nirupama Shree
Nirupama Shree
Nirupama Shree is currently working as a Business Analyst at Girikon, managing projects related to Salesforce. She has work experience in requirement gathering, blogging, maintaining client relations and has experience in technologies like Salesforce, Magento, Opencart. In her leisure time, she loves listening to music.
Share this post on: