Salesforce Shield Platform Encryption is a popular solution for many of our clients in highly secure industries concerned about data encryption and security (i.e. healthcare and financial services). Although Salesforce Shield is a very helpful tool that can greatly increase the security of any customer’s Salesforce data, it comes with its limitations and challenges just like any solution.
After helping many clients implement Salesforce Shield Platform Encryption over the years, we began to see the same challenges over and over. This is mostly due to the exhaustive set of rules within Salesforce Shield regarding which fields can and cannot be encrypted. It’s difficult to easily see:
- Which fields are already encrypted by Salesforce Shield
- Which fields can be encrypted
- Which fields could be encrypted, but require mitigation before encrypting
- Which fields could negatively impact the organization if encrypted (e.g. fields that are referenced in report filters or list views)
Over time, we developed internal checklists and guides to make this process less painful for our clients, but it still required a lot of manual effort and time. The manual process can also result in human error that may not be apparent until after encryption, causing major negative effects across the business.
Looking For a Better Solution:
We knew there had to be a better solution for these challenges but didn’t find anything on the market. We saw this as a great opportunity to put our talented developers and business technologists to work on a repeatable and scalable solution. RevCult held an internal hackathon with the goal of creating a Salesforce app that solved these Salesforce Shield deployment pain points.
The result of this effort was incredible. Our team figured out a way to use the internal Salesforce APIs to automatically determine which fields can be encrypted and why some can’t based on Salesforce Shield’s rule set. The app immediately proved valuable as we began using it with our Shield implementations.
Shield Security Cockpit:
The App has become a very streamlined way to enable a conversation around Data Classification and then easily compare what you want to encrypt vs what you actually can encrypt. Shield Security Cockpit provides a central viewpoint that shows you the fields that are already encrypted, fields that are ready for encryption, fields that require mitigation before being ready for encryption and fields that might negatively impact your organization if encrypted. For those fields that aren’t ready for encryption Shield Security Cockpit shows you what needs to be fixed for it to be encrypted (Watch the Demo to see Shield Security Cockpit in action).
You also have the ability to download a report of the current state of your instance including what fields are already encrypted. You can run the tool as often as you need and provide the output to your security team to show what fields are fully protected at the database level.
Shield Security Cockpit provides ongoing assurance that you’re secure and completely up to date with the latest rules for Salesforce Shield. For every Salesforce release, there’s a release of Shield Security Cockpit with the latest rule set. You can then run Shield Security Cockpit to quickly see which fields can be encrypted with the new release.
Overall, we are seeing tremendous results from clients that leverage Shield Security Cockpit with Salesforce Shield Platform Encryption. It has saved up to 4 months of implementation time and 80% reduction of ongoing maintenance of Salesforce Shield Platform Encryption. We’re very proud of this new App and we can’t wait to see more people use it to save time and become more secure.