Deploy Shield Platform Encryption the Smart Way
So far you’ve learned what encryption is, how Shield Platform Encryption secures data, how to set it up in an org, and how to control the lifecycle of that key. But what does this process look like for a company that already has a lot of existing data? Doc’s practice was small and just getting off the ground. What about something more established?
Shield Platform Encryption works for all kinds of customers. Understandably, deploying Shield Platform Encryption in larger or more complex orgs requires some research and planning.
During your work with Doc and other Salesforce customers, you’ve seen several ways that companies use Shield Platform Encryption to provide extra protection for their data. Let’s see how you can help American Bank. They’re expanding their retail and corporate banking offerings across the United States and need some help deploying Shield Platform Encryption with minimal disruption to their business operations.
American Bank wants you to help them avoid the hiccups that other companies encountered when they deployed Shield Platform Encryption.
Encrypt Only Where Necessary
Your first bit of advice for American Bank is to figure out what they do and don’t need to encrypt.
- Define a threat model for the organization. Walk through a formal threat-modeling exercise to identify which threats are most likely to affect the organization. Use these findings to create a data classification scheme and to decide which data to encrypt. For example, certain kinds of threats might be specific to the financial sector or to the particular services that American Bank offers.
- Not all data is sensitive. Focus on information that requires encryption to meet regulatory, security, compliance, and privacy requirements. Unnecessarily encrypting data can slow down performance and affect employees’ day-to-day activities. American Bank reads through the list of regulatory requirements they need to meet. These requirements define the kinds of customer data that require extra security. The bank decides to apply Shield Platform Encryption only to those areas.
- Create a data classification scheme early. Work with stakeholders in security, compliance, and business IT departments to define requirements. Balance business-critical functionality against security and risk measures, and challenge your assumptions periodically. American Bank looks at the results of its threat model exercise and regulation review. The bank realizes that it needs to update its security and compliance policy to match. That way, everyone understands why the deployment team decides to encrypt some data types and not others.
Assign Permissions and Key Access Judiciously
Create a strategy early for backing up and archiving keys and data. Unlike
passwords, you can’t reset a tenant secret. Salesforce can’t help with deleted,
destroyed, or misplaced tenant secrets. Always back up tenant secrets.
We’ve seen cases where businesses encrypt data with a tenant secret and accidentally destroy that tenant secret without archiving it in Salesforce. Thankfully, those customers made a backup. If an administrator for American Bank winds up in that situation, the admin can re-import the backed-up tenant secret and access the data.
- Grant the “Manage Encryption Keys” permission to authorized users only. Users with this permission can generate, export, import, and destroy org-specific keys. That’s quite a bit of authority and responsibility. You recommend that American Bank choose carefully who they grant this permission to. You also recommend that they monitor the key management activities of these users regularly with the setup audit trail.
- Understand that encryption applies to all users, regardless of permissions. The data stored in encrypted fields is encrypted at rest, regardless of user permissions. You reassure American Bank that even when their employees need to access encrypted data in the course of their work, their data is still encrypted at rest. They should use field-level access controls to limit who can access sensitive data.
Your advice helps American Bank think in broad terms about who’s going to access the encrypted information and how encryption will become a part of American Bank’s employees’ day-to-day activities.
Using Shield Platform Encryption with Other Security Features
American Bank is feeling good about the implementation process, and they’re ready to deploy. Before they dig in, you remind them to review the other security features that Salesforce offers.
- Assign non-encryption related permissions to control who sees what information.
- Use roles and profiles to control access to sensitive data, just like you would without encryption enabled.
- Use field-level security settings, page layout settings, and validation rules, not Shield Platform Encryption, to control which users can see which data.
American Bank loves the AppExchange and has even created a few apps of its own. They want to confirm that they can still use these apps after they enable Shield Platform Encryption.
You have good news with a word of caution: Many apps support or are not affected by Shield Platform Encryption. So American Bank can enable encryption without affecting many apps and can even encrypt data in some of their favorites.
However, some apps aren’t compatible with encryption and a few can prevent you from enabling Shield Platform Encryption. American Bank’s IT department checks the Shield Platform Encryption Implementation Guide for the list of supported and unsupported apps.
Because every company is different, you recommend that American Bank use a sandbox org to test encryption before enabling it in production orgs. That way, American Bank can see how Shield Platform Encryption works with their unique configuration and setup.
Think of it this way. We don’t buy cars without first taking them for a test drive. And few of us are probably daring enough to strut out on to the beach in a new swimsuit without first trying it on. As it is with cars and bathing suits, it’s best to try out Shield Platform Encryption before taking it on the road.
You help American Bank set up a sandbox that mirrors the structure of their production org. From there, they can enable Shield Platform Encryption and experiment with how it does and doesn’t change the way their employees access information in their org.
When they turn on encryption in their sandbox org, Salesforce checks for potential side effects. American Bank’s deployment team gets an email if existing settings could pose a risk to data access or the normal operation of their Salesforce org. For example, if American Bank wants to encrypt data stored in an app that isn’t compatible with Shield Platform Encryption, they’ll get an email notifying them of the problem and how to solve it.
After the company’s deployment team gets a feel for how Shield Platform Encryption interacts with preferred apps and org settings, they can deploy it on production orgs.
You remind them that if they want to test how new apps, fields, or settings interact with Shield Platform Encryption after they enabled it in a production org, they can refresh a sandbox from a production org to create an exact copy of that production org. They can then try out updates without affecting active users.
American Bank couldn’t be happier with the help you’ve given them. Now they’re confident that they can make their data even more secure and meet their regulatory requirements in an effective and sustainable way.