More and more companies are using Salesforce. As a result, more and more data is being stored in Salesforce, which needs to be properly secured. It is therefore becoming important to be able to accurately observe users’ behaviour, track their interactions with data and protect themselves from potential leaks and attacks. This is particularly important for industries related to finance and insurance, which may store particularly sensitive data, such as credit card numbers or insurance details. Such companies are often subject to additional regulations and must meet additional requirements such as compliance with the Financial Supervision Authority’s Cloud Communiqué (replacing the Authority’s previous guidelines from October 2017). This is where Salesforce Shield comes to the rescue, supporting us in such challenges.
Salesforce Shield consists of 3 tools that make it easy for administrators and developers to provide a higher level of security (especially in terms of compliance and control), directly to business-critical applications. They help, among other things, monitor application and data usage, automate security policies, encrypt sensitive data and perform compliance audits. Salesforce Shield includes: Shield Platform Encryption, Event Monitoring and Field Audit Trail.
Shield Platform Encryption
It increases the data protection capabilities offered out of the box by Salesforce. Data stored in standard and custom fields, as well as in files and attachments, is encrypted using an advanced HSM-based key derivation system. Shield Platform Encryption allows you to ensure data security without blocking common business tasks such as searches, lookups, validation rules, posts on Chatter. It enables data confidentiality, including the ability to use custom encryption keys, as well as key lifecycle management. Sensitive data is protected against all users (including administrators). At the same time, it guarantees compliance requirements. How do you get it up and running? First of all you need to acquire a license, for this you will need to contact Salesforce. Once you have it, it’s time to assign permissions, as well as customize the application and manage encryption key permissions. To finally launch Shield Platform Encryption in your organization.
Event Monitoring
Its purpose is to monitor, prevent and mitigate threats to sensitive data. It lets you know who has access to critical data, when and from where. It provides the possibility to monitor critical events in real time, as well as through log files. It contributes to the prevention of data loss, thanks to transaction security policies. It allows you to detect insider threats and report anomalies, as well as audit user behaviour and measure custom application performance.
Field Audit Trail
It facilities learning about the actual status and value of your data. Allows you to create an audit trail, with a history of up to 10 years, and to set triggers for when data is deleted. It extends the ability to track standard and custom objects. It gives you extended data retention capabilities, for audit, analytics or machine learning. It also helps you meet compliance requirements through automated archiving. Enables you to manage large amounts of data using Async SOQL APIs.
