Salesforce Shield – A New Level of Trust for Your Business Apps


Any successful business today, has a website and an app for better reach and convenience of its customers. However, it is a matter of concern for organizations about how safe and trustworthy does the customer feel when logging into their app or a site.

In July 2015, Salesforce Shield was introduced to further strengthen the data and to help the security specialist track the minutest activity within the Salesforce cloud. With Salesforce1 platform as the base, Salesforce Shield offers triple security cover for its users. Companies who incorporate this software into business-critical apps, can work on a new level of trust and transparency.

Who needs this Shield?

Companies with complex governance and compliance needs will find Salesforce Shield as a blessing as they can implement appropriate security control according to the sensitivity of the data. For example, payment technology companies and mobile banking application allows us to shop online and transfer money, but the safety of the security application of the bank has always been a concern.

The end-user license agreement for the software downloaded from the bank states what they are and not responsible for to escape legal liability. However, it is definitely a PR nightmare for the bank or for that matter any organization if they have an app that does not have a strong security architecture.

This software is beneficial for medical and health insurance industry as well, as they can protect health information of their clients without compromising the ability of customer service agents to search, view, run workflows and using other key functions of the data to deliver better service.

Offering a set of premium-integrated services, business houses can now leave safety in the hands of Salesforce Shield and focus efficiently on their core business.


The Three Vanities

Platform encryption, event monitoring and field audit trial are the three core services that Salesforce Shield is proud to offer its customers who has apps built on the Salesforce1 platform.

  1. Platform Encryption

With Platform Encryption in place, your company can confidently declare they comply with privacy policies of their clients.

What makes platform encryption different from classic encryption?

The classic one protects custom text fields created for a specific purpose whereas, platform encryption as a feature encrypts a variety of widely used standard and custom fields such as personal accounts, cases, search, workflow and approval processes. To add a stronger security cover, each company and each data within has a unique tenant secret that is to be renewed from time to time.

Another differentiating feature is that it encrypts the selected data when at rest as well as when the data is transmitted over a network using an advance key derivation system. To unauthorized users the encrypted data appears as asterisk. For its new customers, Salesforce shield team can encrypt and re-archive previously stored field history data.

How it works?

When a user submits information, the application server scouts for the organization specific encryption key in its store. If not available readily, then the application server gets the encrypted tenant secret from the database and requests the key from the key derivation server. The encryption service then encrypts the data on the application server.

  1. Event Monitoring

The original Salesforce Shield software monitors unauthorized access to sensitive data. In its newer version, this product has an enhanced feature of transaction security monitor. Administrators can monitor all login attempts made on the organization’s portals or communities. With this feature, companies can understand how their apps are being utilized and internally what information are the company’s employees downloading.

Transaction security monitors real-time Salesforce events and notifies the administrator to apply suitable security policy without affecting user performance. In case of suspicious infiltration, the administrator can instantly restrict access.

This tool offers great flexibility. Access restriction to data can be customized as per the company’s wish and therefore the users do not have to go through the time-consuming process of getting permission from the IT head to access the data.

  1. Field Audit Trial

This feature helps to comply with industry regulations related to audit capability and data retention. If a company has multiple administrators, this tool makes it possible to track twenty most recent setup changes made by them as it lists the date of alterations, the changes made and displays the admin code who brought about the change.

There are quite a number of data that does not require regular access yet when an information is required it is a hassle to find it if it is moved to a different location. The data archive feature can retain archived field history data for up to ten years by keeping the data in “near-line storage” that can be accessed faster and at reduced cost. History retention policy can be automatically set on objects like accounts, cases, contacts, leads, opportunities, assets, entitlements, service contracts and contract line items.

On visiting the trust site, its subscribers can get live data on system performance and alerts for current and recent phishing and malware attempts.

The complete Salesforce Shield Suite is available since March 7, 2016 as part of Salesforce App Cloud. To buy this product, a customer will have to shell out a percentage of its total Salesforce product spend based on the existing contract. It does not come cheap but your data is worth much more, no wonder many companies are buying the Shield for their organizations.

Please share your comments on the blog.

For knowing more on how we can personalize Salesforce Shield for your company, do write to

Author : Deepa Nishant Sinha Date : 29 Apr 2016