Loading
Table of Contents
Filter by (0)Add
Select Filters

          No results
          No results
          Here are some search tips

          Check the spelling of your keywords.
          Use more general search terms.
          Select fewer filters to broaden your search.

            Search all of Salesforce Help
            Search all of Salesforce Help
            Implementation and Ongoing Management

            You are here:

            1. Salesforce Help
            2. Docs
            3. Salesforce Shield Platform Encryption Architecture

            Implementation and Ongoing Management

            As with any enterprise-wide activity, you should assess the preparations and repercussions of implementing Shield Platform Encryption prior to enabling it. Thorough planning, feature selection, and planning increase the likelihood of a smooth adoption.

            Performance testing, user testing, compliance reviews, auditing and disaster recovery are all things you should consider as part of your overall encryption strategy.

            • Before You Encrypt
              Before you encrypt data in Salesforce, or in any cloud service, first make sure that you’re matching the right security solution to the type of threats that you face.
            • Moving to Shield Platform Encryption
              The process of onboarding to Shield Platform Encryption requires a methodical, phase-based approach, as encryption applies to different data stores using distinct keys. The initial steps involve determining your encryption scope, classifying sensitive data, and setting up the foundational encryption policies. We recommend you make use of developer orgs and production sandboxes before rolling out any of the Shield Platform Encryption features.
            • Performance Considerations
              Encrypting data with Shield Platform Encryption has minimal impact on the day-to-day performance of Salesforce for users. Salesforce recommends testing Shield Platform Encryption in a full copy sandbox under real-world conditions before enabling it in a production org.
            • Encryption Monitoring And Backup
              Along with the many encryption options that we provide with Shield Platform Encryption, we also make it easy to review the state of your encryption landscape. We also provide a facility to bulk encrypt data when you start using a new encryption feature, or after you have rotated an encryption key.
            • Disaster Recovery and Key Management
              You have control over the lifecycle of your encryption keys and tenant secrets. Salesforce provides several options for key material, including Salesforce-generated keys, Bring Your Own Key (BYOK), External Key Management (EKM), and the Cache-Only Key service. Salesforce strongly recommends that you regularly rotate your key material to align with security policies.
             
            Loading
            Salesforce Help | Article