You are here:
Encryption at Rest - Classic Encryption Control
Configure Sensitive Custom Field to be masked with Classic Encryption.
Salesforce Classic Encryption is a built-in security feature included with all standard Salesforce licenses. Unlike the more advanced Shield Platform Encryption, Classic Encryption is primarily designed to encrypt sensitive data on custom fields while providing basic 128-bit encryption.
Security Health Review provides information on whether your Salesforce instance is configured to turn on Classic Encryption on custom fields based on configuration signals aligned with Salesforce-recommended best practices and highlights gaps that present the highest security and business risk.
Control Name
Classic Encryption - Custom Field Encryption
Recommended Configuration
Configure Classic Encryption:
Object Manager>Fields&Relationship>Text (Encrypted): Enable Masking Type for Mask All Characters.
Then set up Visibility in the Field Level Security for Profile by checking the relevant profile that can see the field.
Control Overview
Configure Sensitive Custom Field to be masked with Classic Encryption.
Security Risk If Not Configured
Unauthorized employees may be able to view sensitive PII (Personally Identifiable Information) like Social Security Numbers or bank details. For highly regulated customers, without enabling encryption for sensitive data may lead to noncompliance with regulatory requirements that require sensitive data to be obfuscated on-screen for non-privileged users.
Threat Scenarios
Without Classic Encryption, any user with "View All Data" (common for Admins or Senior Management) can see every piece of plaintext data in the org. If a Threat Actor is able to gain access to the user with “View All Data” they will be able to see the data.
Estimated CVSS Score Range
Critical (9.0–10.0).
Risk Impact Considerations
Depending on the sensitive data stored in custom fields and any users or integration users that can access the data.
Higher Risk When
Sensitive Data is stored in custom fields and no periodic review of access to the custom fields.
Low or No Risk When
This control can be considered low risk when one or more of the following are implemented:
- No Sensitive Data is stored in Custom Fields
- Periodic Review of Access To Sensitive Custom Fields: Periodically review on who has access to the fields through roles and permission reviews.
Business and Integration Considerations
Customers should evaluate the business justification for having sensitive data in custom fields.
Recommended Remediation
Do not store sensitive data in custom fields or use Salesforce Shield Platform Encryption to secure sensitive data in standard fields.
Security Health Review Guidance
Security Health Review identifies Custom Fields configured without encryption in Salesforce to help customers identify potential data loss risk, prevent unauthorized access to sensitive data with Salesforce-recommended security baselines and Zero Trust principles.
