Presentation on Platform Encryption feature of Salesforce platform.
"Encryption as a Service" on Salesforce combines strong encryption and customer ownership of keys with ease of implementation.
This presentation is oriented toward non-technical administrators who will need to understand the basic features of Platform Encryption, and what it means to maintain their org when using it.
2. bit.ly/sf-help-platform-encryption
Safe Harbor
Safe harbor statement under the Private Securities Litigation Reform Act of 1995:
This presentation may contain forward-looking statements that involve risks, uncertainties, and assumptions. If any such uncertainties
materialize or if any of the assumptions proves incorrect, the results of salesforce.com, inc. could differ materially from the results expressed or
implied by the forward-looking statements we make. All statements other than statements of historical fact could be deemed forward-looking,
including any projections of product or service availability, subscriber growth, earnings, revenues, or other financial items and any statements
regarding strategies or plans of management for future operations, statements of belief, any statements concerning new, planned, or upgraded
services or technology developments and customer contracts or use of our services.
The risks and uncertainties referred to above include – but are not limited to – risks associated with developing and delivering new functionality
for our service, new products and services, our new business model, our past operating losses, possible fluctuations in our operating results
and rate of growth, interruptions or delays in our Web hosting, breach of our security measures, the outcome of intellectual property and other
litigation, risks associated with possible mergers and acquisitions, the immature market in which we operate, our relatively limited operating
history, our ability to expand, retain, and motivate our employees and manage our growth, new releases of our service and successful customer
deployment, our limited history reselling non-salesforce.com products, and utilization and selling to larger enterprise customers. Further
information on potential factors that could affect the financial results of salesforce.com, inc. is included in our annual report on Form 10-Q for the
most recent fiscal quarter ended July 31, 2012. This documents and others containing important disclosures are available on the SEC Filings
section of the Investor Information section of our Web site.
Any unreleased services or features referenced in this or other presentations, press releases or public statements are not currently available
and may not be delivered on time or at all. Customers who purchase our services should make the purchase decisions based upon features that
are currently available. Salesforce.com, inc. assumes no obligation and does not intend to update these forward-looking statements.
5. Encryption
Authentication & SSO
Two factor Auth
Profiles/Permissions
Sharing & FLS
Setup Audit Trail
Field History Tracking
Event Monitoring
Identity
Encryption
6. bit.ly/sf-help-platform-encryption
Encryption as a Service Principles
• Privileged Users
• Encrypt data “at rest”
• Encrypt Fields
• Encrypt Files
• Granular Encryption
• Org Key Ownership
• Preserve Platform Functionality
• Config and Maintenance is Point and Click or API
10. • Files enabled separately
– Attachments
– Chatter
– Files
– Libraries
• All or none
Granular Control
• Individual Fields
– Text
– Text Area Long
– Email
– Phone
– URL
– Some Standard Fields
• Enabled with flag
11. bit.ly/sf-help-platform-encryption
Encryption Key
• Master Secret
– Rotated each release by Salesforce
– Owned by Salesforce
• Tenant Secret
– Rotated by customer
– Up to once per day
– Stored encrypted in DB
• Encryption Key
– Derived from Secrets
– Stored in memory
Understand before we even discuss this that platform encryption sits in the context of all the other security controls that exist in the Force.com Platform
This is a laundry list of items that will be discussed over the following slides.
There are two user types that have have permissions that relate to the features of platform encryption.
View encrypted data users will have access to encrypted fields in clear text. Without this permission this data is masked
Manage encryption keys is for users who will administrate the encryption keys.
Encrypt at rest means that the data stored in the database is unreadable if it were directly accessed without the appropriate encryption key. In the context of field data, this means data stored in the database.
The encryption service is responsible for encrypting or decrypting the data as it is read from or written to the database. It includes dedicated devices called Hardware Security Modules.
Animations: Any user with write (create/edit) permissions for the object and the field can still do so regardless of whether they have the View Encrypted Data permission.
When data is saved the encryption service takes clear text and stores it as encrypted text in the field.
When retrieved, the encryption service retrieves the data from the database and turns it into clear text. If the data is accessed by a user that without View Encrypted Data, the data appears masked to the user.
Notes about encryption service: . Hardware security modules contain features to generate strong keys. They store keys in protected parts of memory which contain countermeasures in case attempts are made to tamper with the device. If tampering is detected, the keys are deleted from that device.
Encrypt at rest means that the data stored in the database is unreadable if it were directly accessed without the appropriate encryption key.
In the case of encrypted files, this means the file is encrypted on the file system in the Salesforce data center.
User access differs from fields. All users who are authenticated and have read access to a given file will still be able to access the unencrypted file. View Encrypted Data has no bearing on readability of file data.
About encrypted fields and files:
Left hand column is about fields.
Right hand column about files.
“All or none” in the context of files means that once enabled, every new file added to the system will be encrypted, you can’t pick which are and which aren’t. But files added before this flag is enabled are not encrypted.
Analogy: In a safe deposit box, the bank has a key. You keep a key. In order to open the box, both keys are required.
In platform encryption, it is similar where Salesforce has a key and the customer has a key. These keys are referred to as “secrets”. The master secret is the one that Salesforce maintains. The customer maintains the tenant secret. The two secrets, along with some randomly generated data are used by a key creation algorithm to generate the actual key that is used to encrypt data.
To extend the analogy, using the secrets to “open the box” really just means you’ve been given access to the actual key that you will use to get to the data.
Should go without saying, but this presentation is just a summary. There is a lot of information to acquaint yourself with about this feature.
Make certain you plan your approach taking into account current ways that platform encryption may limit your other plans like list views, and formula fields.
Without your secret, we cannot get to your clear text data. If we could, then we build this wrong.