Blog Posts

Maximize Data Security with Salesforce Shield and GRAX

Extend Salesforce data protection with unlimited tracking and complete data ownership

Source: Image created by OpenAI’s DALL-E, January 19, 2024

Millions of people around the world rely on Salesforce. The data they generate, track, and analyze is critical to business operations, compliance, and success. That’s why doing everything you can to protect it is so important.

The challenge is that Salesforce does not include robust data protection in its core platform. Like many SaaS vendors, they use a shared responsibility model. While Salesforce manages the security of the platform itself, customers are responsible for securing their own data.  

Salesforce Shield can help.

What is Salesforce Shield?

Salesforce Shield is an add-on set of security features. It helps organizations better meet their part of the shared responsibility equation with tools that improve data protection within the Salesforce environment. We’ll talk later in this blog about how to protect and control your data outside your Salesforce instance using GRAX.

Are you making these backup mistakes?

Discover the 3 biggest ones and how you can course-correct

Learn more

Tailored for industries with strict compliance requirements, such as healthcare, finance, and government, Salesforce Shield provides enhanced data encryption, event monitoring, and field auditing capabilities. It helps organizations meet regulatory standards, protect sensitive information, and enhance overall data integrity.

4 Key Components of Salesforce Shield

1. Platform Encryption

Salesforce Shield includes robust data encryption mechanisms to safeguard data at rest, in transit, and during processing. Platform Encryption lets you selectively encrypt fields. It ensures that even if unauthorized access occurs, the data remains unreadable without the appropriate decryption keys.  

Shield Platform Encryption represents a significant advancement over Salesforce Classic Encryption. While Classic Encryption limits protection to specific custom fields, Platform Encryption includes numerous standard fields and custom fields. It addresses diverse use cases, ensuring encrypted data functions seamlessly in search, workflows, and approvals. The feature also allows for customization and fine-tuning of data validation. 

Another benefit is that Shield Platform Encryption uses 256-bit AES encryption standards, compared to Classic’s 128-bit AES. You can also set, store, and retrieve custom key information on-demand, both within the Salesforce instance and externally. 

2. Enhanced Field Audit Trail

Field audit trails are critical for maintaining data integrity and meeting compliance requirements. Out-of-the-box, Salesforce lets you set up basic history tracking for objects and fields. You can track what data changes, when, by whom, and in what field. 

Salesforce Shield extends some of the platform’s base-level capabilities in several ways. Below is how it compares to out-of-box field auditing: 

  • Tracked Fields: Instead of tracking a maximum of 20 fields per object, Salesforce Shield allows up to 60 fields per object. 
  • Field History Retention Period: Shield extends Salesforce’s base-level, 18-24 month retention period to up to 10 years using the Salesforce API / Data Loader. 
  • Character Limit: With both out-of-box and Shield, you can track old and new values in fields that have up to 255 characters. However, for fields with over 255 characters, Salesforce only captures the fact that it was edited. It doesn’t record the new and old values themselves. 
    This inability to track actual changes made over time can impair historical analysis. It can also make it hard to comply with industry and government regulations and to pinpoint and resolve problems due to incorrect or deleted entries. 

Your Data, Your Rules

Remove the limits on Salesforce history object storage

Discover how

3. Event Monitoring

Event Monitoring provides detailed insights into user activities within the Salesforce environment to prevent and mitigate threats. It tracks 50+ types of user events. These include login history, configuration changes, web clicks, API calls, data access, and report runs. 

Organizations can monitor what users do in real time. This way, you can quickly identify potential security threats and unauthorized access, and block users from continuing. 

Salesforce stores the information gathered by the event logs in an API object called EventLogFile. Customers can import the data API tracks into any data visualization or application monitoring tool. 

Event Monitoring seamlessly integrates into the Salesforce platform. This way, you can leverage its capabilities without disrupting your workflows.

Source: Image created by OpenAI’s DALL-E, January 19, 2024

4. Einstein Data Detect

Einstein Data Detect uses machine learning to identify and mitigate potential risks related to sensitive data.  It scans and automatically detects unusual access patterns, anomalous behavior, and potential data breaches, enabling organizations to respond swiftly to security incidents. You can also use it to find misplaced data in fields, attachments, and documents. 

With Einstein Data Detect, you can quickly locate sensitive data, such as credit card numbers and social security numbers, no matter where they’re entered in your org. You can then apply data classification categories right from the UI and adjust privacy and security controls as necessary. This may include, for instance, reviewing detected fields and deciding which to encrypt at rest with Shield Platform Encryption.

What Does Salesforce Shield Cost?  

Salesforce Shield is not sold as a standalone product. It’s only available as an add-on to existing Salesforce licenses. 

Shield pricing is calculated as a percent of your total Salesforce spend. Customers can purchase the following components separately or bundled:

Event Monitoring10% of net spend
Enhanced Field Audit Trail10% of net spend
Platform Encryption20% of net spend
Bundle: Event Monitoring + Enhanced Field Audit Trail + Platform Encryption 30% of net spend

Implementation Considerations

Salesforce Shield provides important data protection and compliance benefits. Keep in mind, however, that implementation can be quite complex. For instance, the Salesforce Shield Enhanced Encryption Implementation Guide alone is 99 pages

You may need to devote significant time and resources to configuring and customizing the features. Additionally, the enhanced security measures may impact performance, especially for organizations with large datasets and complex workflows.

GRAX Extends Salesforce Shield’s Benefits

GRAX complements Salesforce Shield by providing additional layers of security. It gives you greater protection and control over your historical data and ensures it’s always available in your own storage environment. 

With GRAX, it is easy to maintain and access detailed historical records for compliance, auditing, and regulatory purposes – and to use them to enhance overall decision-making and data analysis.

Here’s how we do it:

  1. Own your Salesforce data in your own cloud environment, outside of Salesforce. Easily deploy GRAX to AWS, Azure, GCP, and others, for complete data protection.
  2. Immutable object storage, via GRAX’s High Trust feature, prevents any changes to Salesforce data objects once they are written to your storage.
  3. Eliminates Shield’s Field Audit Trail’s field and character limits. This enables you to retain detailed historical records. 
  4. Unlimited data retention of Salesforce history objects. Automated backups capture your Salesforce field history datasets and retain them for as long as you need.

Contact us today to find out how Salesforce Shield + GRAX can protect your business-critical data.

See how GRAX can help

Start your risk-free trial and experience the GRAX difference yourself

Start my free trial
See all

Join the best
with GRAX Enterprise.

Be among the smartest companies in the world.