Get to Know Trusted Services
Learning Objectives
After completing this unit, you’ll be able to:
- Describe what Trusted Services is and the security and compliance challenges it addresses.
- Explain the Trust lifecycle framework and how Trusted Services products map to it.
- Distinguish between built-in Salesforce security features and Trusted Services products.
Meet Trusted Services
Whether you’re a Salesforce admin, security engineer, developer, architect, or compliance professional, you know your org holds some of your company’s most sensitive data. This sensitive data often looks like customer records, financial transactions, health information, and proprietary business intelligence. While protecting that data is a good practice, it's also a legal and regulatory obligation.
Salesforce provides a strong security foundation out of the box. But as your organization scales, handles regulated data, or faces increasingly sophisticated threats, you need more specialized tools. That's where Trusted Services comes in.
Trusted Services is a suite of products that helps organizations protect and govern data in Salesforce. These products provide comprehensive capabilities across discovery, monitoring, encryption, auditing, detection, retention, backup, privacy management, masking, and governance. Together, these capabilities let you confidently meet compliance requirements, protect sensitive data, and recover quickly from data loss.
The Trust Lifecycle Framework
Enterprise security is an ongoing cycle of discovery, protection, monitoring, and response. Trusted Services products are organized around a lifecycle approach that mirrors how mature security programs operate. This framework helps you understand how the products work together to create layered, comprehensive protection.
The foundation of the lifecycle is data classification. You can’t protect what you don’t know you have. Products like Data Detect and Privacy Center help you discover sensitive data across your org and apply classification categories. These tools help you identify which fields contain personally identifiable information (PII), protected healthcare information (PHI), financial data, or other regulated information. This discovery and classification step enables every security capability that follows.
Once you know what data you have, the lifecycle moves through four key phases.
Phase | What It Means |
|---|---|
Prevent | Stop threats and data exposure before they happen. |
Detect | Identify risks, anomalies, and policy violations in real time. |
Respond | Take action when issues are found: remediate, notify, contain. |
Recover | Restore data and resume operations after loss or corruption. |
Each Trusted Services product maps to one or more phases, and understanding where they fit helps you build a layered defense strategy, rather than piling on tools without a plan.
Built-In Security Versus Trusted Services
Salesforce includes powerful security features at no additional cost. Before exploring Trusted Services, it's important to understand what the platform already provides, and where those capabilities reach their limits.
What You Get for Free
Capability | Built-In Feature | What It Does |
|---|---|---|
Access control | Profiles, Permission Sets, Organization-Wide Defaults (OWD) | Controls who can see and do what |
Login security | Multi-Factor Authentication (MFA), Login IP Ranges, Session Settings | Protects account access |
Field-level security | Field-Level Security (FLS), Page Layouts | Restricts field visibility |
Audit trail | Setup Audit Trail, Field History Tracking | Tracks admin config changes (180 days) |
Data retention | Recycle Bin | Recovers deleted records (15 days) |
Basic monitoring | Login History, Identity Verification History, Security Health Check | Tracks authentication events and overall security risk scores |
Encryption at rest | Cloud-native disk and file storage, Classic Encryption | Encrypts data with a Salesforce-managed key |
Built-in features are excellent for standard security postures. But organizations outgrow them when they need to do things like retain audit data beyond 180 days for regulatory compliance, control their own encryption keys, detect anomalous user behavior, and more. When any of these needs arise, Trusted Services provides the specialized, enterprise-grade tools to address them.
The Trusted Services Product Landscape
Not every organization needs every Trusted Services product. The right combination depends on your industry regulations, data sensitivity, org complexity, and recovery requirements. Here's how the full product suite maps to the Trust lifecycle.
Prevent
Product | What It Does |
|---|---|
Shield Platform Encryption | Encrypt data at rest with customer-managed keys, including bring your own key (BYOK). Meet compliance mandates that require you, not Salesforce, to control encryption keys. |
Data Mask & Seed | Automatically anonymize or pseudonymize sensitive data when refreshing sandboxes. Developers and testers work with realistic data structures without exposure to real PII. |
Security Center | Security policy management in a centralized, single comprehensive view, even across multiple orgs. Set security baselines, detect drift, and enforce standards at scale. |
Transaction Security | Trigger automated responses, like block transactions, require step-up authentication, and end sessions, when policies are violated. |
Detect
Product | What It Does |
|---|---|
Event Monitoring | Capture 70+ event types, like logins, report exports, API calls, and record access, with detailed metadata. Stream events in real time or analyze historically. |
Threat Detection | Apply machine-learning models to Event Monitoring data to identify credential stuffing, session hijacking, anomalous API behavior, and insider threats. |
Data Detect | Scan your org to discover and classify sensitive data across objects and fields. Know what you have so that you can plan and implement the right protections. |
Respond
Product | What It Does |
|---|---|
Privacy Center | Manage data subject access requests (DSARs), right-to-delete requests, and consent preferences. Automate privacy workflows at scale across objects. |
Recover
Product | What It Does |
|---|---|
Backup & Recover | Create automated, scheduled backups of your Salesforce data and metadata. Restore individual records, objects, or full orgs to a specific point in time. |
Across the Lifecycle
Product | What It Does |
|---|---|
Field Audit Trail | Extend field history tracking beyond 18 months. Retain a complete, immutable record of field-level changes for compliance and forensics. |
Data Archive | Move historical records to lower-cost archival storage while maintaining searchability and access. Reduce active storage costs without losing data. |
Trusted Services products extend platform functionality beyond the platform defaults. They're designed for organizations with specialized compliance, recovery, or governance needs.
Wrap-Up
You now have the big picture: what Trusted Services does, how the Trust lifecycle organizes it, and which products map to which challenges.