Among the many cloud applications now in widespread use within the enterprise, Salesforce stands out as both leader and pioneer, offering cloud-based platforms for salesforce automation and CRM, helpdesk and support applications, digital marketing, community building, Big Data business intelligence and analytics, and even cloud application development. But spinning up a Salesforce cloud (or two, or five) means putting sensitive or protected corporate data into the cloud. Protecting that data demands encryption. Here are five tips to encrypting data in Salesforce so that you can safely get the most out of your Salesforce deployments.
- Identify which data must be encrypted
The first step in any effective cloud encryption strategy is identifying data to be encrypted and classifying it according to risk. Not all data destined for a Salesforce cloud needs to be encrypted, after all, and attempting to encrypt it all would be an unwieldy and ultimately unworkable task. Catalog all data types that you plan to put into Salesforce and evaluate them based on factors such as compliance requirements, sensitivity, value to attackers, and the risk to the organization should the data be exposed.
- Encrypt on the client side
Salesforce offers a number of encryption options for data fields in its cloud, but your organization must not cede control of its data protection or encryption efforts, since server-side encryption may not fully protect your data. Additionally, server-side encryption leaves the encryption keys in the hands of the CSP. Salesforce data encryption should start at your perimeter and ensure the encryption keys remain in your exclusive control.
- Consider functionality when applying encryption
To get the most out of your Salesforce investment, you’ll have to balance Salesforce functionality against your cloud data security. Many types of encryption can result in some performance impact, ranging from increased latency to a loss of functionality. For data types that will be needed for frequent or critical processing or reporting, consider using Searchable Strong Encryption (SSE) to retain functionality without sacrificing data security.
- Lock down user access
All the encryption in the world won’t keep your Salesforce data secure if too many people have access to that data in the clear. Insider threats aren’t the only reason to be wary of overly permissive access policies: even well-meaning employees may pose a threat to the confidentiality and integrity of sensitive corporate data if they’ve adopted shadow IT or are working in an environment with a shadow IT problem. Use the user authentication and access control tools at your disposal to lock privileged data access down to the strictest “need-to-know” basis possible in order to limit the possibility of leaks and breaches.
Over the past decade, Salesforce has proven itself as an empowering force for the enterprise. With the right encryption and data protection measures in place, your organization can reap all the rewards of Salesforce’s cloud services without compromising data security or privacy.
Ready to learn more about securing sensitive data in the cloud? Download our free whitepaper, “Best Practices in Securing Your Customer Data in Salesforce.com,” today.