Skip to main content
Responda nuestra encuesta de la comunidad en 10 minutos. Disponible ahora y hasta el 19 de julio. Haga clic aquí para participar.

Get to Know Trusted Services

Learning Objectives

After completing this unit, you’ll be able to:

  • Describe what Trusted Services is and the security and compliance challenges it addresses.
  • Explain the Trust lifecycle framework and how Trusted Services products map to it.
  • Distinguish between built-in Salesforce security features and Trusted Services products.

Meet Trusted Services

Whether you’re a Salesforce admin, security engineer, developer, architect, or compliance professional, you know your org holds some of your company’s most sensitive data. This sensitive data often looks like customer records, financial transactions, health information, and proprietary business intelligence. While protecting that data is a good practice, it's also a legal and regulatory obligation.

Salesforce provides a strong security foundation out of the box. But as your organization scales, handles regulated data, or faces increasingly sophisticated threats, you need more specialized tools. That's where Trusted Services comes in.

Trusted Services is a suite of products that helps organizations protect and govern data in Salesforce. These products provide comprehensive capabilities across discovery, monitoring, encryption, auditing, detection, retention, backup, privacy management, masking, and governance. Together, these capabilities let you confidently meet compliance requirements, protect sensitive data, and recover quickly from data loss.

The Trust Lifecycle Framework

Enterprise security is an ongoing cycle of discovery, protection, monitoring, and response. Trusted Services products are organized around a lifecycle approach that mirrors how mature security programs operate. This framework helps you understand how the products work together to create layered, comprehensive protection.

The foundation of the lifecycle is data classification. You can’t protect what you don’t know you have. Products like Data Detect and Privacy Center help you discover sensitive data across your org and apply classification categories. These tools help you identify which fields contain personally identifiable information (PII), protected healthcare information (PHI), financial data, or other regulated information. This discovery and classification step enables every security capability that follows.

Once you know what data you have, the lifecycle moves through four key phases.

Phase

What It Means

Prevent

Stop threats and data exposure before they happen.

Detect

Identify risks, anomalies, and policy violations in real time.

Respond

Take action when issues are found: remediate, notify, contain.

Recover

Restore data and resume operations after loss or corruption.

Each Trusted Services product maps to one or more phases, and understanding where they fit helps you build a layered defense strategy, rather than piling on tools without a plan.

Built-In Security Versus Trusted Services

Salesforce includes powerful security features at no additional cost. Before exploring Trusted Services, it's important to understand what the platform already provides, and where those capabilities reach their limits.

What You Get for Free

Capability

Built-In Feature

What It Does

Access control

Profiles, Permission Sets, Organization-Wide Defaults (OWD)

Controls who can see and do what

Login security

Multi-Factor Authentication (MFA), Login IP Ranges, Session Settings

Protects account access

Field-level security

Field-Level Security (FLS), Page Layouts

Restricts field visibility

Audit trail

Setup Audit Trail, Field History Tracking

Tracks admin config changes (180 days)

Data retention

Recycle Bin

Recovers deleted records (15 days)

Basic monitoring

Login History, Identity Verification History, Security Health Check

Tracks authentication events and overall security risk scores

Encryption at rest

Cloud-native disk and file storage, Classic Encryption

Encrypts data with a Salesforce-managed key

Built-in features are excellent for standard security postures. But organizations outgrow them when they need to do things like retain audit data beyond 180 days for regulatory compliance, control their own encryption keys, detect anomalous user behavior, and more. When any of these needs arise, Trusted Services provides the specialized, enterprise-grade tools to address them.

The Trusted Services Product Landscape

Not every organization needs every Trusted Services product. The right combination depends on your industry regulations, data sensitivity, org complexity, and recovery requirements. Here's how the full product suite maps to the Trust lifecycle.

Prevent

Product

What It Does

Shield Platform Encryption

Encrypt data at rest with customer-managed keys, including bring your own key (BYOK). Meet compliance mandates that require you, not Salesforce, to control encryption keys.

Data Mask & Seed

Automatically anonymize or pseudonymize sensitive data when refreshing sandboxes. Developers and testers work with realistic data structures without exposure to real PII.

Security Center

Security policy management in a centralized, single comprehensive view, even across multiple orgs. Set security baselines, detect drift, and enforce standards at scale.

Transaction Security

Trigger automated responses, like block transactions, require step-up authentication, and end sessions, when policies are violated.

Detect

Product

What It Does

Event Monitoring

Capture 70+ event types, like logins, report exports, API calls, and record access, with detailed metadata. Stream events in real time or analyze historically.

Threat Detection

Apply machine-learning models to Event Monitoring data to identify credential stuffing, session hijacking, anomalous API behavior, and insider threats.

Data Detect

Scan your org to discover and classify sensitive data across objects and fields. Know what you have so that you can plan and implement the right protections.

Respond

Product

What It Does

Privacy Center

Manage data subject access requests (DSARs), right-to-delete requests, and consent preferences. Automate privacy workflows at scale across objects.

Recover

Product

What It Does

Backup & Recover

Create automated, scheduled backups of your Salesforce data and metadata. Restore individual records, objects, or full orgs to a specific point in time.

Across the Lifecycle

Product

What It Does

Field Audit Trail

Extend field history tracking beyond 18 months. Retain a complete, immutable record of field-level changes for compliance and forensics.

Data Archive

Move historical records to lower-cost archival storage while maintaining searchability and access. Reduce active storage costs without losing data.

Trusted Services products extend platform functionality beyond the platform defaults. They're designed for organizations with specialized compliance, recovery, or governance needs.

Wrap-Up

You now have the big picture: what Trusted Services does, how the Trust lifecycle organizes it, and which products map to which challenges.

Resources

Comparta sus comentarios de Trailhead en la Ayuda de Salesforce.

Nos encantaría saber más sobre su experiencia con Trailhead. Ahora puede acceder al nuevo formulario de comentarios en cualquier momento en el sitio de Ayuda de Salesforce.

Más información Continuar a Compartir comentarios