Salesforce Platform Encryption and Classical Encryption – Depuzzling

8 Comments / Encryption, Salesforce, Security / By

To take your security measures further, Salesforce Shield provides a more robust suite of solutions. Shield includes three products: Platform Encryption, Event Monitoring, and Field Audit Trail. Here our focus on Shield Platform Encryption, which provides a higher-level encryption (256-bit instead of 128-bit) than the classic offering.

Platform Encryption is very different than classical encryption and leads people to get confused Platform Encryption as replacement of Classical Encryption which is partially wrong.

However Salesforce has explained differences in very detail here: https://help.salesforce.com/articleView?id=security_pe_vs_classic_encryption.htm&type=5, still would like to help to understand some outlined items in an easy way . But before going through, the above given article or below explanation, you must need to understand each key terms here (like to understand what is data at rest, tenant secret, initialization vector etc): https://help.salesforce.com/articleView?id=security_pe_definitions.htm&type=5

Platform Encryption (PE) VS Classical Encryption (CE)

  • Classical Encryption does data masking means if User’s profile has not “View Encrypted Data” and field is encrypted then value is obfuscated as asterisk when user try to access. But PE (Platform Encryption) does not support this – instead Salesforce urges to use Profile FLS. So question is if it does not do masking then what does it do? Well, actually PE makes sure data are stored in salesforce platform’s database after encryption. So that if database breach takes place, data will be encrypted and not usable.
  • CE (Classical Encryption) deals with authenticated (having login access) and authorized user (having sufficient permissions) only while PE does not care about authenticated and authorized user (assuming this part of security is taken care by using profile/permission set). PE does not:
    • Prevent non-authorized users from accessing your Salesforce org
    • Prevent authorized users from viewing specific data
    • Prevent authorized users from exporting customer data
  • PE implementation notes.

Related Posts

8 thoughts on “Salesforce Platform Encryption and Classical Encryption – Depuzzling”

  1. web hosting

    My developer is trying to convince me to move to .net from PHP.
    I have always disliked the idea because of the costs.
    But he’s tryiong none the less. I’ve been using WordPress on a variety of websites for about a year and am worried about switching to
    another platform. I have heard excellent things about blogengine.net.
    Is there a way I can transfer all my wordpress posts into it?
    Any help would be really appreciated!

  2. gamefly

    Good web site you’ve got here.. It’s hard to find good quality writing like
    yours nowadays. I really appreciate people like you!
    Take care!! games ps4 allenferguson games ps4

  3. bit.ly

    I believe that is among the such a lot vital information for me.
    And i’m happy studying your article. However should remark on some general issues,
    The site taste is wonderful, the articles is really nice : D.
    Just right process, cheers ps4 games 185413490784 ps4 games

  5. tinyurl.com

    Hey There. I found your blog using msn. This is a very well written article.
    I will be sure to bookmark it and return to read more of
    your useful information. Thanks for the post.
    I’ll definitely return.

  6. web hosting

    Appreciating the time and energy you put into your blog
    and in depth information you provide. It’s great to come
    across a blog every once in a while that isn’t the same unwanted
    rehashed information. Excellent read! I’ve bookmarked your site and
    I’m including your RSS feeds to my Google account.

Comments are closed.