Add an Extra Layer of Security to Your Apps
Learning Objectives
After completing this unit, you’ll be able to:
- List standard Salesforce security features.
- Explain what Salesforce Shield is.
- Describe what Shield Event Monitoring does.
- Describe what Shield Platform Encryption does.
- Describe what Shield Field Audit Trail does.
Be a Data Detective with Salesforce Shield
You can add more security and compliance to all your employee apps and data with Shield—which includes Field Audit Trail, Platform Encryption, and Event Monitoring—and customer apps with Heroku Shield.
Note
In this module, we refer to:
- The accounts you sell to as businesses.
- A business’s customers as customers.
With the increase in cloud computing, businesses and their customers are more connected than ever. All of this connectedness is great, but as businesses gain access to larger amounts of customer data, they have to handle all of that data responsibly. Businesses must see how their employees use customer data and prevent private information from falling into the wrong hands.
At Salesforce, we take data protection very seriously. Salesforce comes with Trust Services, which are standard features that keep data safe, such as IP login restrictions, strong password policies, Lightning login, and two-factor authentication. And Salesforce continues to innovate data security processes and improve controls.
But some businesses—such as financial companies that work with sensitive data, or healthcare providers that are required to protect patient information—need an extra layer of visibility and security. That’s where Salesforce Shield comes in. Shield is a set of three related services that add another layer of data security to Salesforce apps.
Shield includes the following services, which businesses purchase individually or as a group.
- Shield Event Monitoring: Track who interacts with data and how, and take action on user behaviors.
- Shield Platform Encryption: Secure sensitive stored data, such as personally identifiable information (PII), while still preserving many business tasks in Salesforce.
- Shield Field Audit Trail: Keep a record of data for any date, at any time, going back up to 10 years.
Watch this short video to see how the three Shield services build on the already impressive data security of Salesforce.
With these three Shield services, businesses are in a prime position to be their own data detectives.
Ready to take a closer look at each Shield service? Good, because you’re hot on the trail of Shield Event Monitoring.
Track and Take Action on User Behaviors with Shield Event Monitoring
Shield Event Monitoring is like using a magnifying glass to examine:
- Who accesses data in Salesforce
- Which data employees access
- How employees use data
- Where employees access data from
Specifically, businesses track user behaviors, known as events, including those that can put sensitive data at risk. Events include:
- Logins
- Logouts
- Web clicks
- Report exports
- Attachment downloads
For example, businesses see if employees export reports containing leads or other proprietary information. Events are stored in records called event log files, which businesses use to investigate individual events or to analyze broader trends.
What’s a gumshoe to do with all of these clues? With Shield Event Monitoring, businesses don’t stop at just tracking data—they go one step further and take action. For example, depending on what a business discovers about its data, it can:
- Block users.
- Modify policies.
- Troubleshoot problems.
- Increase adoption initiatives.
Shield Event Monitoring gives businesses more control over their data. Shield Platform Encryption does that, too. Let’s see how.
Secure Data with Shield Platform Encryption
Shield Platform Encryption protects data by turning it into a code that only authorized users can view. This is done with encryption keys, which are like nifty decoder rings that scramble and unscramble sensitive data. Businesses decide when to create, change, and destroy keys—and who controls them.
The difference between Shield Platform Encryption and other services is that it protects data that’s at rest, or stored within Salesforce. Salesforce data that’s traveling through networks outside of Salesforce is always encrypted in transit.
Shield Platform Encryption gives businesses the power to choose which sensitive data to encrypt. Salesforce administrators encrypt:
- Standard field types
- Custom field types
- Files and attachments in Salesforce.
Businesses should encrypt only when it’s necessary, considering factors such as likely threats to data and compliance requirements. For example, businesses in the healthcare industry are required to encrypt patients’ medical records to protect privacy and meet security regulations.
Even though businesses love having all of this control over their data, they often are concerned about encryption affecting functionality. No worries! Shield Platform Encryption keeps data safe without blocking common Salesforce business tasks, such as:
- Search
- Lookups
- Validation rules
- Chatter posts
By now you probably feel pretty safe and secure, but we’re not done yet. Let’s learn about the third service, Shield Field Audit Trail.
Keep a Record of Data with Shield Field Audit Trail
With Shield Field Audit Trail, businesses keep a full, detailed record of changes to data for any date, at any time, for up to 10 years. It’s like taking a snapshot of your data’s lifecycle. This service is useful for businesses in highly regulated industries, such as finance and healthcare, that need to frequently audit data. It also helps businesses that need to see a record of events related to sales or service cases.
With Shield Field Audit Trail, businesses create policies for retaining data elements such as:
- Accounts
- Cases
- Contacts
- Leads
- Opportunities
- Products
Now that you know the basics of Shield, perhaps you think it sounds like an awesome episode of DSI: Data Scene Investigation! OK—that’s not really a thing, but it totally should be.
Read on to find out what value being a data detective has for businesses.
