Shield Platform Encryption (Add-On) Encryption Policy - Database Encryption

Control Name

Shield Platform Encryption Policy - Encrypt The Transactional Database

Recommended Configuration

Setup>Encryption Settings>Encryption Policy>Enable Encrypt The Transactional Database.

Control Overview

Enable Tenant Secrets and rotate periodically.

Security Risk If Not Configured

Exposed sensitive data through database files.

Threat Scenarios

Threat actors that gained access to the running file system and copied off the database files will be able to read the data.

Estimated CVSS Score Range

Critical (9.0–10.0).

Risk Impact Considerations

Depending on the sensitive data stored in the platform and regulatory requirements that the company must comply with.

Higher Risk When

Encryption is not enabled and keys are not rotated or exposed to many users and external applications.

Low or No Risk When

This control can be considered low risk when one or more of the following are implemented:

• Uses Field Level Encryption to Encrypt Sensitive Data Prior to be stored in database

Business and Integration Considerations

Customers should evaluate the business justification for encrypting the data at the field level or database.

Recommended Remediation

Enable the Database Encryption and Field Level Encryption and rotate the encryption keys periodically.

Security Health Review Guidance

N/A - Currently not inspected by the Security Health Review tool.