Loading
Feature degradation | Gmail Email delivery failureRead More
About Salesforce Data 360
Table of Contents
Filter by (0)Add
Select Filters

          No results
          No results
          Here are some search tips

          Check the spelling of your keywords.
          Use more general search terms.
          Select fewer filters to broaden your search.

            Search all of Salesforce Help
            Search all of Salesforce Help
            Set Up Platform Encryption for Data 360

            You are here:

            1. Salesforce Help
            2. Docs
            3. Data 360

            Set Up Platform Encryption for Data 360

            When you enable Platform Encryption, your first Data 360 root key generates automatically. This key encrypts all previously ingested data in Data 360. After the initial setup, you can continue to use the generated root key or configure an external key using External Key Management (EKM), or leverage your own key material using Bring Your Own Key (BYOK) in the Salesforce UI to encrypt data in Data 360. You can rotate root keys periodically and view key metadata, such as creation time and creator, in Setup.

            Required Editions

            Available in: All Editions supported by Data 360. See Data 360 edition availability.
            Available with add-on license: Enterprise, Performance, Unlimited, and Developer Editions. Requires purchasing Salesforce Shield or Shield Platform Encryption, and Platform Encryption for Data Cloud. Also, to use the optional External Key Management, requires purchasing the Platform Encryption for Consumption license.

            Here are the key migration options.

            • From Customer Managed Keys (CMK) to EKM: Existing CMK customers can configure a new EKM key from the Key Inventory and Management page in Setup. This change affects only the encryption of new data going forward. Previously encrypted data remains encrypted with the existing CMK key.
            • From EKM to CMK: Existing EKM customers can switch to a CMK by generating a new key in the Key Inventory and Management page. This action reencrypts existing Data 360 data using the newly generated CMK key.
            • From CMK or EKM to BYOK: Upload your own key material via the Bring Your Own Key option in Setup. Data encrypted with previous keys remains accessible. The new data is encrypted using the new BYOK root key.
              • Customers can transition from CMK to BYOK and BYOK to CMK via the Salesforce UI. When this transition occurs we don’t reencrypt previously ingested data to the new key. It stays encrypted with the previous key.
              • Customers can also transition from EKM to BYOK and BYOK to EKM.
                • From EKM to BYOK: We reencrypt all previously ingested data to the new key.
                • From BYOK to EKM: When this transition occurs we don’t reencrypt previously ingested data to the new key. It stays encrypted with the previous key.
             
            Loading
            Salesforce Help | Article