Agents of Shield — The Next Level of Protecting Your Salesforce Data
Agents of Shield — The Next Level of Protecting Your Salesforce Data

Agents of Shield — The Next Level of Protecting Your Salesforce Data

03/21/2022 by Kate Lessard
Salesforce Shield can be a great option for organizations to adhere to security regulations and meet compliance.

Data security is top of mind right now — worldwide.

With so many of us working from home and so much of our business done and stored in the cloud, there are new opportunities for cyber attacks by ransomware and hackers attempting to breach organizational data everywhere. It is our responsibility to protect our constituents and customers- ensuring their personal data can’t be accessed and disseminated. 

Salesforce recently required all customers to utilize multi-factor authentication (MFA) as part of their login process to address this growing concern. Authentication and using tools such as single sign-on (SSO) are one of the ways organizations can add an additional layer of security to their data. Is this enough? What more can we do to keep our data safe? While data security is relevant to any organization operating in the digital space, there are several regulated industries that need to take additional security measures to ensure they are meeting data security standards. Organizations in the healthcare, financial services, and government sectors have additional criteria to meet when it comes to protecting their data. Salesforce Shield can be a great option for these industries in particular that need to adhere to strict regulations and meet compliance.

What is Salesforce Shield?

Shield is a trio of security products designed to take your data security to the next level. You can purchase them a la carte or bundle them together. The products included are: Platform Encryption, Event Monitoring, and Field Audit Trail. Let’s take a look at how each of these products can protect your data.

Platform Encryption

Platform Encryption is one of the most widely used features of Shield. This product allows you to encrypt your most private data while at rest and builds on the Salesforce out-of-the-box encryption options. You can utilize Platform Encryption on custom fields across all of your Salesforce apps. You can even encrypt your important files and attachments! With Platform Encryption, you can generate and control your own encryption keys and Salesforce will maintain the security. It’s the best of both worlds.

Are you wondering where this could be helpful? Let’s go back to those regulated industries I mentioned earlier… Oftentimes organizations in regulated industries are required to encrypt certain data points to protect their patients and customers. Having the capacity to encrypt patient and financial forms is a game-changer for healthcare professionals required to uphold HIPAA compliance regulations and for financial services organizations protecting their customers' financial assets. Identifying your individual compliance needs surrounding data that needs to be encrypted is the first step in deciding if Shield’s Platform Encryption is right for your organization. If you want to learn more about Platform Encryption, check out this Trailhead module.

Event Monitoring

Event monitoring is the second product in the Shield bundle, and it is a helpful tool to keep an eye on your data, who is accessing it, and how it is being used in real time. You can track digital events like logins and log outs, apex executions, report exports, and actions being taken by users in Lightning. With Event Monitoring you can write rules to either alert users that they are performing an action (and that you know about it) or to prevent an action from taking place. One of the most common rules I like to recommend creating is to prevent users from exporting patient or customer data in a report. This prevents data from ever leaving your Salesforce instance and being accessible in a manner that you can’t control. 

I have also seen sales organizations add-on Event Monitoring to their Salesforce instance to keep an eye on client lists being accessed in the event one of the Sales Team Members leaves the organization and has a non-compete clause in place. With Event Monitoring, you can track report exports on specific objects (in this case, Opportunities) and ensure that your data isn’t leaving in the hands of a team member going to a new organization and taking your book of business with them.

Aside from the alerts and actions, you can also access the event log files for the raw data, and Shield also comes with a great analytics dashboard powered by Tableau CRM to help you visualize the activity in your org.

This might feel a little bit like big brother, but Event Monitoring isn’t just to monitor your users and data loss. You can utilize the dashboards to keep an eye on Lightning performance and make changes to optimize your Salesforce instance and increase usage. This Trailhead module will show you how Event Monitoring works and you can try it out for yourself to see if it might be a fit for your organization. If you want to dive deeper into the Event Monitoring Analytics, you can do that in Trailhead too.

Field Audit Trail

The most simplistic of the trio, Field Audit Trail provides additional capabilities to track your field history in Salesforce. Out-of-the-box, Salesforce allows you to set up field history tracking on 20 fields per object. What if you need more? Field Audit Trail allows you to audit and record field history tracking for 10 years on 60 fields per object. You can also set your own data retention policies on an object-by-object basis without impacting your Salesforce storage limitations. This is especially useful if you work for an organization with firm data retention policies.

Questions to Ask Yourself when deciding if Shield is right for your Org

While Shield is the premier option for Salesforce data protection, it is an additional cost and might be overkill for your organization. Here are some questions you can ask your legal and operations teams to determine if Shield is the right fit for you:

  • Do we have sensitive field-level data that should be encrypted/hidden from users that still should see the object record?
  • Do we need additional insight into the actions users are taking (such as exporting reports, spending time on specific pages, and how they are accessing the CRM)?
  • Do we have internal data retention policies that we aren’t currently able to meet?
  • Are we unable to track field-level data that we need to retain history on?

The need for increased data security is not going away. In fact, I wouldn’t be surprised if we see tighter data regulations across all industries and not just the heavily regulated ones that Shield might be best utilized for at this point in time. 

Losing sleep over data security stress? I want to hear about it — let me know on Twitter @salesforceK8 or LinkedIn.