1. Define a threat model for your organization.To identify the threats that are most likely to affect your organization, walk through a formal threat modeling exercise. Use your findings to create a data classification scheme, which can help you decide what data to encrypt.
2. Encrypt only where necessary. Not all data is sensitive. Focus on information that requires encryption tomeet your regulatory, security, compliance, and privacy requirements.Unnecessarily encrypting data impacts functionality and performance.Evaluate your data classification scheme early and work with stakeholders insecurity, compliance, and business IT departments to define requirements.Balance business-critical functionality against security and risk measuresand challenge your assumptions periodically.
3. Not all data is sensitive. Focus on information that requires encryption tomeet your regulatory, security, compliance, and privacy requirements.Unnecessarily encrypting data impacts functionality and performance.
4. Evaluate your data classification scheme early and work with stakeholders insecurity, compliance, and business IT departments to define requirements.Balance business-critical functionality against security and risk measuresand challenge your assumptions periodically.
5. Create a strategy early for backing up and archiving keys and data. If your tenant secrets are destroyed, reimport them to access your data. You are solely responsible for making sure that your data and tenant secrets are backed up and stored in a safe place. Salesforce cannot help you with deleted, destroyed, or misplaced tenant secrets.
6. Read the Shield Platform Encryption considerations and understand their implications on your organization. Evaluate the impact of the considerations on your business solution andimplementation.Test Shield Platform Encryption in asandbox environment before deploying to a production environment.Before enabling encryption, fix any violations that you uncover. Forexample, if you reference encrypted fields in a SOQL ORDER BY clause, aviolation occurs. Fix the violation by removing references to the encryptedfields.When requesting feature enablement, such as pilot features, give SalesforceCustomer Support several days lead time. The time to complete the processvaries based on the feature and how your org is configured.
7. Evaluate the impact of the considerations on your business solution andimplementation.
8. Test Shield Platform Encryption in asandbox environment before deploying to a production environment.
9. Before enabling encryption, fix any violations that you uncover. Forexample, if you reference encrypted fields in a SOQL ORDER BY clause, aviolation occurs. Fix the violation by removing references to the encryptedfields.
10. When requesting feature enablement, such as pilot features, give SalesforceCustomer Support several days lead time. The time to complete the processvaries based on the feature and how your org is configured.
11. Analyze and test AppExchange apps before deploying them.If you use an app from the AppExchange, test how itinteracts with encrypted data in your organization and evaluate whether itsfunctionality is affected.If an app interacts with encrypted data that's stored outside of Salesforce,investigate how and where data processing occurs and how information isprotected.If you suspect Shield Platform Encryption could affect the functionality of an app, ask the provider for help withevaluation. Also discuss any custom solutions that must be compatible with Shield Platform Encryption.Apps on the AppExchangethat are built exclusively using Lightning Platform inherit Shield Platform Encryption capabilitiesand limitations.
12. If you use an app from the AppExchange, test how itinteracts with encrypted data in your organization and evaluate whether itsfunctionality is affected.
13. If an app interacts with encrypted data that's stored outside of Salesforce,investigate how and where data processing occurs and how information isprotected.
14. If you suspect Shield Platform Encryption could affect the functionality of an app, ask the provider for help withevaluation. Also discuss any custom solutions that must be compatible with Shield Platform Encryption.
15. Apps on the AppExchangethat are built exclusively using Lightning Platform inherit Shield Platform Encryption capabilitiesand limitations.
16. Use out-of-the-box security tools.Shield Platform Encryption is not a user authentication or authorization tool. To control which users can see which data, use out-of-the-box tools such as field-level security settings, page layout settings, and sharing rules, rather than Shield Platform Encryption.
17. Grant the “Manage Encryption Keys” user permission to authorized users only. Users with the “Manage Encryption Keys” permission can generate, export, import, and destroy organization-specific keys. Monitor the key management activities of these users regularly with the setup audit trail.
18. Synchronize your existing data with your active key material. Existing field and file data is not automatically encrypted when you turn on Shield Platform Encryption. To encrypt existing field data, update the records associated with the field data. This action triggers encryption for these records so that your existing data is encrypted at rest. To encrypt existing files or get help updating other encrypted data, contact Salesforce. We can encrypt existing file data in the background to ensure data alignment with the latest encryption policy and key material.When you contact Salesforce support to request the background encryption service, allow at least a week before you need the background encryption completed. The time to complete the process varies based on the volume of data involved. It could take several days.
19. Handle currency and number data with care. Currency andNumber fields can’t be encrypted because they could have broad functional consequences across the platform, such as disruptions to roll-up summary reports, report timeframes, and calculations. You can often keep private, sensitive, or regulated data of this variety safe in other encryption-supported field types.
20. Communicate to your users about the impact of encryption. Before you enable Shield Platform Encryption in a production environment, inform users about how it affects your business solution. For example, share the information described in Shield Platform Encryption considerations, where it's relevant to your business processes.
21. Encrypt your data using the most current key. When you generate a new tenant secret, any new data is encrypted using this key. However, existing sensitive data remains encrypted using previous keys. In this situation, Salesforce strongly recommends re-encrypting these fields using the latest key. Contact Salesforce for help with re-encrypting your data.
22. Use discretion when granting login as access to users or Salesforce Customer Support.If you grant login access to a user, and they have field level security access to an encrypted field, that user is able to view encrypted data in that field in plaintext.If you want Salesforce Customer Support to follow specific processes around asking for or using login as access, you can create special handling instructions. Salesforce Customer Support follows these instructions in situations where login as access may help them resolve your case. To set up these special handling instructions, contact your account executive.