The Salesforce Shield Key Management Service (KMS) empowers users to control and manage the lifecycle of their encryption keys, offering options like Salesforce-generated keys, Bring Your Own Key (BYOK), and Cache-Only Key Service, all while ensuring data encryption and security. 

Key Features and Options:

  • Salesforce-Generated Keys:Salesforce can generate and manage tenant secrets for you, which are combined with a primary secret to derive data encryption keys (DEKs). 
  • Bring Your Own Key (BYOK):Organizations can leverage their existing key management infrastructure by uploading and managing their own key material outside of Salesforce. 
  • Cache-Only Key Service:This option allows you to store your key material outside of Salesforce and have it fetched on demand, with Salesforce never retaining or persisting the key in any system of record or backups. 
  • Key Rotation:You can rotate keys to enhance security and manage the lifecycle of your encryption keys. 
  • External Key Management:You can use the External Key Management Service or Cache-Only Key Service to fetch your key material on demand from a key service you control. 
  • Key Derivation:Shield Platform Encryption uses a key derivation function (KDF) to derive DEKs on demand from a primary secret and your org-specific key material. 
  • Data Encryption:Shield Platform Encryption encrypts data at rest, including fields stored in the database, documents, search index files, and CRM Analytics datasets. 
  • Security:Your data encryption key material is never saved or shared across orgs, and your org-specific key material is always wrapped. 
  • Compliance:Shield Platform Encryption helps organizations meet regulatory requirements by managing the lifecycle of their encryption keys. 
Related Posts
Salesforce OEM AppExchange
Salesforce OEM AppExchange

Expanding its reach beyond CRM, Salesforce.com has launched a new service called AppExchange OEM Edition, aimed at non-CRM service providers. Read more

The Salesforce Story
The Salesforce Story

In Marc Benioff's own words How did salesforce.com grow from a start up in a rented apartment into the world's Read more

Salesforce Jigsaw
Salesforce Jigsaw

Salesforce.com, a prominent figure in cloud computing, has finalized a deal to acquire Jigsaw, a wiki-style business contact database, for Read more

Service Cloud with AI-Driven Intelligence
Salesforce Service Cloud

Salesforce Enhances Service Cloud with AI-Driven Intelligence Engine Data science and analytics are rapidly becoming standard features in enterprise applications, Read more

Share
author avatar
get-admin
See Full Bio