Govern and Secure Your Data
Learning Objectives
After completing this unit, you’ll be able to:
- Define the principle of least privilege.
- Explain data spaces key features and identify beneficial business scenarios.
- Describe the main concepts of data governance in Data 360.
As of October 14, 2025, Data Cloud has been rebranded to Data 360. During this transition, you may see references to Data Cloud in our application and documentation. While the name is new, the functionality and content remains unchanged.
Before You Start
This badge is part of the Data 360: Explore Setup to Activation trail. This trail is designed to give you hands-on experience with the core functionalities of Data 360. In this badge, you learn how to keep your data safe and secure, and restrict access to only those who need it.
Learn About the Salesforce Value of Trust
Salesforce values trust as its top priority, which is demonstrated through its commitment to data security, privacy, and compliance.
This foundation ensures that the company’s operations and AI-driven decisions are reliable and compliant, running on secure and well-governed data. Salesforce defines trust through four components: status, security, compliance, and availability, with security integrated into every part of the business. Learn more at Salesforce Security.
Explore the Principle of Least Privilege
A core concept that is practiced across Salesforce is the principle of least privilege, which means giving users only the access they need to perform their tasks. This reduces risks, stabilizes org processes, and supports compliance requirements. Governance generally starts by providing users with established permission sets to control access. This works great in traditional environments, but monitoring access using just permissions can become inflexible and not scalable given the increased volume and complexity of data.
Go Beyond Permissions
In a complex landscape of real-time data ingestion and large language models (LLMs), a more modern approach to governance is needed to cover a range of scenarios, from complex consent management to sensitive data storage. Additionally, one of the benefits of Data 360 is that it can help unlock trapped data. But that trapped data is stored in disparate locations, under a variety of security protocols, guardrails, and policies.
Understandably, there is fear of AI exposing personal customer data and eroding customer trust. According to the Salesforce State of IT report, 48% of IT leaders believe their data isn’t ready for AI, and 55% lack confidence in applying proper guardrails. With Data 360, your data is protected using the Einstein Trust Layer. However, data security and governance extends beyond AI use cases. Many industries need to provide access based on departments, divisions, and locations for a variety of internal and external data privacy regulations and laws. How do you manage governance given these challenges?
Use Data Spaces
From a user access perspective, Data 360 offers data spaces. A data space is a logical partition that organizes your data so you can segregate your data, metadata, and processes by categories such as brand, region, or department. Data spaces help you meet your business and compliance requirements through autonomy, user access control, and a streamlined architecture. When users view data in Data 360, they see only the data assigned to the data spaces they can access.
Data spaces are particularly useful when:
- You use a single Data 360 instance but need the flexibility to manage multiple regions, departments, or brands.
- Your business requires users to see and work only with the data relevant to their region or brand.
Data spaces aren’t useful to:
- Segregate data based on geographic boundaries to meet data residency requirements.
Learn About Data 360 Governance
For more flexible and granular control, a governance framework is available to secure and manage your data within Data 360. This framework combines tags, classifications, user attributes, and policies to make sure governance is applied consistently. This capability addresses the challenge of consistently enforcing governance across various data types.
Both unstructured and structured data are systematically labeled, allowing field, object, or record level policies to be applied consistently across all of Data 360. You can tag data manually or use AI to automate the process for greater efficiency. Overall, Data 360 governance helps ensure that the right people can get the right data, at the right time, keeping your data secure, compliant, and well-governed.
This flexible governance framework allows for a variety of use cases across industries.
- Enforce attribute-based access control (ABAC) so marketers only see customer data for their specific country or region following local privacy laws.
- Classify patient records as HIPAA-sensitive so only authorized care teams see relevant data.
- Tag product, inventory, and preference data as PII or region-specific.
- Encrypt financial data with customer- or externally managed keys.
- Connect to external systems and data warehouses via private connectivity, ensuring regulatory compliance and secure data exchange.
Expand Data Security
In addition to data spaces, tagging, and other data governance features, some companies, based on their industry, need more protection. Platform Encryption for Data 360 gives you full control over the keys used to encrypt your data. To provide more secure connectivity, Private Connect for Data 360 provides secure connections to virtual private clouds (VPCs), preventing data exposure to the public internet. Learn more about Private Connect capabilities in this blog and help article.
What’s Next
You learned about the features that help you govern and secure your data in Data 360. Next up, learn more about Data 360 governance capabilities and you explore encryption in Platform Encryption for Data 360: Quick Look.