You are using an older browser that might negatively affect how this site is displayed. Please update to a modern browser to have a better experience. Sorry for the inconvenience!

Platform Encryption in Salesforce


Platform Encryption in Salesforce

For Security control, Salesforce offers an out of the box feature called PLATFORM ENCRYPTION. It provides an advanced level of security to the data across the organizations. The Platform Encryption presents the great space for data sharing model with the best business solution. The Security model includes sharing of file, attachment as well as standard & custom field’s value with certain conditions.

Based on purpose, the Encryption can be classified into two types:

1. Classic Encryption –  A special type that encrypts the custom text fields.

2. Platform Encryption – This encrypts a larger set of standard fields, along with some custom fields and as well as various type of files and attachments.

Let us see the overview and built-in functionality of Platform Encryption.

Encrypted Standard Fields 

Platform Encryption supports for the following standard objects with these specific set of fields.

Account

1. Account Name

2. Phone

3. Fax

4. Website

5. Description

Contact 

1. Name (First Name, Middle Name, Last Name)

2. Mailing Address

3. Phone

4. Fax

5. Mobile

6. Home Phone

7. Other Phone

8. Email

9. Description

Case

1. Subject

2. Description

Case Comment

1. Body

Encrypted Custom Fields

These are custom field types can be encrypted.

1. Email

2. Phone

3. Text Type (Text, Text Area & Text Area (Long))

4. URL

Note: 

1. Custom Email field values would be limited to 70 characters that includes only non-ASCII characters.

2. Custom Phone field values would be limited to 22 characters that includes only non-ASCII characters.

3. Encrypted custom fields can’t be using in custom formula fields or criteria-based sharing rules.

4. The encrypted fields can’t be created using the Schema Builder.

5. Some custom fields can’t be encrypted as below:

1. External data objects

2. Custom formula fields

3.  Unique (or) External ID attributes

Encrypt Files and attachments

In your organization, the Platform encryption is enabled. The body of each file & attachment is to be encrypted before the uploading with the certain limits.

Encryption is supported for following types of File/Attachments:

1. Records

2. Chatter posts & comments

3. Feeds

4. Content

5. Libraries

6. Salesforce Files Sync

7. Body of notes using the new Notes tool

Encryption is not supported for following File Types/Attachments:

1. Documents

2. Chatter group photos

3. Chatter profile photos

4. Body of notes using the old Notes tool

Below are the required user permissions, related to the Platform Encryption setup.

1. View data in encrypted fields

2. View Platform Encryption Setup Page

3. Edit Platform Encryption Setup page, excluding key management

4. Generate, destroy, export and import tenant secrets

5. Query Tenant Secret object via the API

Considerations for Platform Encryption

  1. Encrypted fields can’t be used in the following conditions.
  • Matching rules in Duplicate management
  • Criteria based sharing rules
  • External lookup relationship fields
  • Filter criteria in data management tools
  • Salesforce1 mobile app
  • Live agent chat transcripts by using rest.

2. Report & Dashboard components are not displayed.

3. Page layout & List view are not supported.

4. Campaign member doesn’t support the encrypted field search.

5. Encrypted fields can’t be used in SOQL & SOSL clauses, like the WHERE, GROUP BY & ORDER BY.

6. Encrypted fields can’t be used for the aggregate functions like Max(), Min( ) & Count( ).

7. Body of the files/attachments can be encrypted with the new Notes tool, but not with the old Notes tool.

8. The encrypted fields values are included in email templates. When the Standard Email field is encrypted, Email to Salesforce can’t receive inbound emails.

9. When the Person Account is enabled, the following Account field can be encrypted. The same applies for Contact fields also.

1. Name

2. Description

3. Phone

4. Fax

Limitations of Platform Encryption

Many of the applications are currently not supported, but they need to be encrypted by REST.

1. Chatter Desktop

2. Connect Offline

3. Pardot

4. Data.com

5. Work.com

6. Visual Workflows

7. Process Builder

8. Flows

9. Salesforce to Salesforce

10. Salesforce for Outlook

11. Salesforce Classic

12. Lightning Components

13. Salesforce IQ

14. Wave

15. Exact Target

16. Exchange Sync

17. Organization Sync

18. Partner portals, Customer portals & Self-Service portals

  • Live agent chat transcript can’t be encrypted by REST.
  • Web-to-Case is supported, but the Web Company, Web Email, Web Name and Web Phone fields are not encrypted by REST.

Reference Link:

https://releasenotes.docs.salesforce.com/en-us/spring16/release-notes/rn_security_pe.htm