An Overview of Salesforce Shield

Salesforce Shield is designed for organizations needing extra security and compliance. The main component of Salesforce Shield is encryption, which is followed by enhanced field audit trails, event monitoring, and Einstein Data Detect.

Using Salesforce Shield does not guarantee success. It’s one security control, but not the only one. As referred to by our partners, OwnBackup, “The Shield Path To Value” covers both the components that make up Salesforce Shield, as well as tips for getting the most out of your Salesforce Shield investment.

How Does Salesforce Shield Work?

Salesforce Shield provides extra security and compliance requirements for organizations. The four components are as follows:

Platform encryption: Data is natively encrypted “at rest” when it is stored in Salesforce data centers.

Field audit trail: Keeping track of field changes. Data from archived fields can be retained for a period of ten years.

Event monitoring: Preventing and mitigating threats by monitoring user activity.

Einstein Data Detect: Deeper insights can be gained by scanning for sensitive data.

➔ As part of the Salesforce Platform, Shield helps your organization reduce data risks across all Salesforce “cloud” products. The Salesforce Shield product is an add-on, meaning it is a separate cost from the typical Salesforce CRM license.
The four components can be purchased as a whole or separately based on your regulatory and business needs.

Why you need Salesforce Shield?

While Salesforce offers a first-rate infrastructure, hardware, and network service offering, it uses a shared security responsibility model. Salesforce Shield also delivers capabilities that are not provided with Salesforce out of the box (we’ll cover these later). These are especially key for customers who have sensitive data in Salesforce and/or operate in regulated industries.

Salesforce Shield Encryption

Based on five data patterns, Einstein Data Detect automatically scans your Salesforce database and identifies sensitive data:

  1. Credit card numbers
  2. Emails
  3. Social security numbers
  4. URLs
  5. IP addresses

Einstein Data Detect has a very intuitive interface. We will do the following in the example below:

  • Identify the objects we want to scan, such as accounts, cases, and contacts;
  • Create policies defining the types of data you want to scan, such as a policy for sensitive data (Salesforce has predefined logic that allows you to do this);
  • Select the fields to be scanned.

➤ Using the scan results, you will be able to identify sensitive data within your organization that needs to be reviewed.
➤ In the following image, you can see that there are different objects/fields, with 65k records that may contain sensitive information.


How do I know if I have Salesforce Shield?


Quick find search: Use the quick find box in Salesforce Setup to search for “platform encryption”. The shield is installed if you see this option.

Check your Salesforce licenses: Alternately, you can access Company Information from Salesforce Setup. Make sure you have the “Salesforce Shield” license by hovering over “User Licenses”.


* indicates required

Learn more about Trailhead

What Is Trailhead? Is a free app that teaches the skills needed to be successful in the modern world of work, what experts call the Fourth Industrial Revolution, and it’s

 4,006 total views

Read More »