Salesforce Shield

Salesforce Shield is a suite of security features designed to help organizations protect sensitive data and meet compliance requirements.

• It includes Platform Encryption, Event Monitoring, Field Audit Trail, Transaction Security, and Einstein Data Detect.
• Platform Encryption allows encryption of sensitive data at rest using AES-256 encryption. Keys are managed by Salesforce and stored separately. It is useful for organizations handling sensitive data like healthcare or financial data, but it impacts performance and requires a separate license.
• Probabilistic Encryption makes it difficult to identify individual records, while Deterministic Encryption produces the same ciphertext for the same plaintext.
• Bring Your Own Key (BYOK) enables organizations to encrypt and manage their own encryption keys for data stored in the cloud.
• Key rotation enhances security by periodically replacing tenant secrets.
• Shield Encryption does not provide whole-disk encryption, obfuscate data, or selectively encrypt files and attachments.
• Tradeoffs and limitations include limited searchability and indexing, potential impact on performance, and incompatibility with some Salesforce features.
• Field Audit Trail tracks changes to fields on standard and custom objects, retaining history for up to 10 years.
• Real-Time Event Monitoring provides near real-time visibility into user activity and data access, helping identify security threats and optimize performance.
• Event Monitoring Analytics offers a pre-built dashboard for reporting and analysis.
• Big Objects store and manage large volumes of data in Salesforce.
• Enhanced Transaction Security enables custom security policies based on user attributes and conditions.
• Einstein Data Detect scans for sensitive data and recommends encryption.
• The deck concludes by recommending best practices and resources for further learning.