Salesforce encryption serves various essential purposes in enhancing data security and protecting sensitive information within the platform.
Here are the key uses of Salesforce encryption:
1. Data Confidentiality:
Encryption ensures that data remains confidential by converting it into an unreadable format. It prevents unauthorized individuals or entities from accessing and understanding the data even if they gain unauthorized access.
2. Data Integrity:
Encryption helps maintain data integrity by protecting it from unauthorized modification or tampering. Encrypted data cannot be altered without the corresponding decryption keys, ensuring the integrity and authenticity of the information.
3. Regulatory Compliance:
Many industries and regions have stringent data protection regulations that require organizations to implement proper security measures, including encryption. Salesforce encryption helps organizations demonstrate compliance with regulations such as HIPAA, GDPR, CCPA, and others.
4. Data Breach Mitigation:
Encryption plays a crucial role in mitigating the impact of data breaches. Encrypted data is significantly more complex for attackers to exploit in case of a breach since they need to decrypt the data to access its contents. Encryption helps minimize the potential damage caused by unauthorized access to sensitive information.
5. Customer Trust:
Implementing encryption measures within Salesforce helps build customer trust by demonstrating a commitment to data security and privacy. Customers are more likely to trust organizations that protect their personal or sensitive information using encryption techniques.
6. Secure Data Sharing:
Encryption enables secure data sharing within and outside an organization. Encrypted data can be safely transmitted over networks or shared with authorized parties, ensuring that only intended recipients can access and understand the information. This is particularly useful when collaborating with partners, suppliers, or customers requiring sensitive data access.
There are Two Types of Encryptions in Salesforce:
Classic Encryption:
Salesforce Classic encryption will limit other Salesforce user access to custom text fields that you want to keep private. Data in encrypted custom text fields can only be viewed by users with View Encrypted Data permission. Classic encryption is included in the base price of your Salesforce license. With classic encryption, you can protect a particular type of custom text field that you create for the data you want to encrypt. The custom field is protected with industry-standard 128-bit Advanced Encryption Standard (AES) keys.
Please check the below article:
https://help.salesforce.com/s/articleView?id=sf.fields_about_encrypted_fields.htm&type=5
How to Implement Classic Encryption in Salesforce
- Click Setup.
- Then Click on Object Manager.
- Select (Eg: Account Object).
- Click On the Field & Relationships
- Then Click on the New Button
- Then Select the Text (Encrypted) data Type.
- Label the Field (Field Label (Credit Card Number)) then press the tab key, and the API Name will auto-populate (Credit_Card_Number).
- Fill the Mask Type (Last Four Characters Clear) and Mask Type (*) or (x)
- Click on Next, Next and Save & New.
How To Implement Classic Encryption Functionality
- Click Setup.
- Then Click on App Launcher.
- Click On the Sales or Accounts
- Then Click on the New Button
- Then Create Account Object Record (Fill the Credit Card Number Details)
Then Open That Record and See the Credit Card Number Field Value (Out of 7 Characters First Four Character Look Like xxxx or ****).
- If you want to You want to Enable the View Encrypted Data that Field for Particular User.
- Then You Need to Create Permission Set
- Then Click Setup.
- In the Quick Find Search box, enter Permission Sets.
- Select Permission Sets, then press New.
- Label the Permission Set (Classic Encryption Permission) then press the tab key, and the API Name will auto-populate (Classic_Encryption_Permission).
- Click Save.
- Then Click on System Permissions
- Then Click on Edit Button
- Enable the “View Encrypted Data”.
- Then Assign the Particular User to Permission Set (Classic Encryption Permission).
- Then Login in Users which user is Assigned to Permission Set (Classic Encryption Permission)
- Then Open that Account Object Record
Not able to Write the Where Clause Encrypted Field into SOQL.
Shield Encryption:
Shield Platform Encryption adds an additional degree of security to your data while keeping vital platform functionality. You may encrypt sensitive data at rest and when transported across a network, allowing your firm to reliably comply with privacy rules, regulatory regulations, and contractual duties for managing private data.
Shield Platform Encryption is available for free in Developer Edition org. All other editions require you to purchase a license. The detailed difference between Classic Encryptions.
Shield Platform Encryption is listed in the below article:
https://developer.salesforce.com/docs/atlas.en-us.securityImplGuide.meta/securityImplGuide/security_pe_vs_classic_encryption.htm
To know more about Shield platform encryption, please follow the below trailhead module:
https://trailhead.salesforce.com/content/learn/modules/spe_admins
How to Implement Shield Encryption in Salesforce
- Click Setup.
- In the Quick Find Search box, enter Advanced Settings.
- Select Advanced Settings
- Enable the Deterministic Encryption
- Then Click Setup.
- In the Quick Find Search box, enter Key Management.
- Select Key Management
- Tenant Secret Type Data in Salesforce
- Then Click on the Generate Tenant Secret
- Then Click on the Export Button
- Then Click Setup.
- In the Quick Find Search box, enter Encryption Policy.
- Click on the Encrypt Fields(After Clicking the Encrypt you will be able to see Only Standard Object and Standard Field Secret Type)
- Then Choose or Enable the Field.
How to Encrypt the Standard Object Custom Fields or Custom Object Custom Fields.
If you want to Encrypt the Standard object Custom Fields or Custom Object Custom Fields
Follow the directions below:
- Click Setup.
- Then Click on Object Manager.
- Select (Eg: Opportunity Object).
- Click On the Field & Relationships
- Then Click on the Main Competitor (Custom Field)
- Then Edit Main Competitor Field
- Then Enable Encrypted Checkbox (Encrypt the Content of this Field)
- Then Click Setup.
- In the Quick Find Search box, enter Encryption Statistics.
- Select Encryption Statistics
- Then Click on the Gather Statistics Button
- Now the in That Field Value Data is Encrypted in the Database Level Not in the UI Level.
Shield Encryption Limitations
Not able to Write the Where Clause Encrypted Field into SOQL.
Salesforce Shield Encryption GuideConclusion
Encryption plays a vital role in securing sensitive data on Salesforce. Implementing data-at-rest, data-in-transit, and field-level encryption is crucial for protecting against unauthorized access and breaches. Embracing encryption as a fundamental part of your security strategy enhances data privacy and reinforces your business integrity and reputation. Stay proactive in adopting encryption best practices to thrive in a secure and confidential environment.
Comments