Salesforce Security with Visibility,
Control & Data Protection

Go Beyond Salesforce Native Security with Visibility and Data Protection that You Control

Privacy regulations and corporate data governance issues continue to block many enterprises from realizing the full business benefits of the cloud. Salesforce may encrypt your data at rest, but that protection ends whenever your data is in use or accessed by the cloud app.

CipherCloud helps remove these barriers by scanning for compliance violations, enforcing policy-based protections for sensitive fields and files, and monitor the activity of users and administrators for anomalous behavior.

With CipherCloud for Salesforce you can:

  • Discover what your users are doing in the cloud and prevent data loss with detailed and precise visibility over all activity in Salesforce.
  • Protect your cloud data with strong encryption (FIPS 140-2 validated), tokenization, and malware protection tokenization, and malware protection.
  • Ensure that no unauthorized users can access sensitive information because you never share the keys.
  • Monitor cloud usage with complete visibility over user activity and anomaly detection of user and administrator behaviors.


Download our


CipherCloud Active Encryption™ vs. 
Salesforce Platform Encryption

CipherCloud for Salesforce

(Click to Advance)

At A Glance

  • Protects

    Salesforce Sales Cloud
    Salesforce Service Cloud
    Salesforce Marketing Cloud
    Salesforce Chatter
    Salesforce 1 Platform

  • Capabilities

    Cloud Data Loss Prevention (DLP)
    AES 256-bit Encryption, FIPS 140-2 Validated
    Key Management
    Cloud Malware Detection
    User Activity Monitoring
    Anomaly Detection

Cloud Data Loss Prevention

The Cloud Data Loss Prevention (DLP) module enables you to extend your corporate data security policies to the cloud, providing detailed visibility over sensitive business data in Salesforce and Salesforce Chatter. The solution is tightly integrated with the entire Salesforce platform and understands all types of objects and data stored in the cloud. With a single click, you can scan your Salesforce Orgs and Salesforce Chatter content to quickly spot violations of your content policies.

CipherCloud provides out-of-the-box DLP controls and policies that can detect compliance violations of HIPAA/HITECH, GLBA, PCI, ABA, SWIFT, and NDC codes. The module can also integrate enterprise DLP systems, such as Symantec, RSA, or Intel Security (McAfee).

Results are delivered in clear, intuitive, and configurable dashboards. Easy drill-downs let you view specific user information and spot the exact source of policy violations directly in Salesforce. Any information captured by CipherCloud can be easily exported to a range of report formats.

Data Protection: Encryption, Tokenization, Malware Detection

CipherCloud gives you a control point for corporate data going to and from the cloud. All your users—internal, remote, or mobile—can seamlessly access Salesforce and Salesforce Chatter, while enabling you to enforce your company’s security policies.

CipherCloud Data Protection provides FIPS 140-2 validated encryption or tokenization for data before the data goes to the cloud. Granular controls let you select protection options on a field-by-field basis for structured or free-form Salesforce data. CipherCloud offers multiple strong encryption options that preserve formats, partial field encryption, and Searchable Strong Encryption (SSE). You can mix and match encryption or tokenization methods to meet your specific data protection requirements.

When you encrypt Salesforce data, the encryption keys always remain within your control. Only your authorized users have access to protected data in Salesforce. Unauthorized users will only see indecipherable codes.

CipherCloud also provides tokenization to meet the most stringent data residency requirements. With tokenization, randomly generated values are substituted for the original data, which does not leave the enterprise. The original data and mappings for the tokens are stored locally in a JDBC-compliant database.

CipherCloud’s patented technology enables you to retain the format and functioning of Salesforce, even when data is encrypted or tokenized. This enables your Salesforce users to search, sort, and report on protected data in Salesforce.

Malware detection is also available as an added safeguard, scanning your data for threats before it goes into Salesforce. High-performance scanning engines detect the latest threats (viruses, spyware, network worms, Trojans, bots, rootkits, and more) and clean or quarantine infected content on-the-fly, without adding noticeable latency.

Activity Monitoring and Anomaly Detection

No protection solution is complete without ongoing usage and activity monitoring. The Activity Monitoring and Anomaly Detection modules provide you with the tools to quickly and effectively respond to security events or policy violations.

The interactive dashboard provides complete visibility into ongoing user activity, along with anomaly detection that can help you identify system misuse in real-time. Events are monitored against historic usage patterns, identifying anomalous behaviors that could be a sign of malicious use or an account breach.

You can easily configure thresholds and dashboard alerts on any unusual user activity that might indicate problems. This includes activity such as excessive downloads, after-hours activity, or unauthorized access to sensitive content. Thresholds can be automatically or manually configured to minimize false positives.

Broad Support for the Salesforce Platform

CipherCloud works with the entire Salesforce Platform, providing deep integration with popular Salesforce products including Sales Cloud, Service Cloud, Marketing Cloud and Chatter. In addition, the CipherCloud Extensible Platform can support any type of custom application built on the Salesforce1 Platform, as well as a wide range of third-party applications available on the AppExchange ecosystem.

CipherCloud for Salesforce includes deep integration with Chatter, providing Cloud DLP, encryption, tokenization, and activity monitoring for unstructured Chatter posts and file attachments. The solution provides seamless support for Chatter # tags and @ mentions, maintaining the searchability of encrypted Chatter posts.


CipherCloud for Salesforce is typically deployed as an in-line solution between users and Salesforce. Acting as a gateway, CipherCloud for Salesforce is positioned to transparently inspect data and apply data protection policies before the data goes to Salesforce. Designed for high-performance and availability, the CipherCloud for Salesforce gateway adds virtually zero latency, maintaining the normal Salesforce user experience. CipherCloud for Salesforce integrates with your existing single sign-on tools and, with only a simple URL redirect required, your users can access Salesforce as usual and without change to the user experience.

Using both an API model and in-line architecture, CipherCloud is able to monitor and analyze Salesforce content and all user activity. Deeply integrated with Salesforce, the solution is aware of all your Salesforce data fields and files, enabling it to monitor and analyze data sent to the Salesforce cloud.


Cloud Data Discovery

CipherCloud can query any Salesforce organization and provide real-time, drill-down information about where your data is going and what your users are doing in the cloud. Customizable dashboards let you easily track the information most important to your organization.

AES 256-bit Encryption

CipherCloud uses standards-based FIPS 140-2 validated AES 256-bit encryption,  and has been extensively reviewed and tested by many independent organizations. This encryption standard has been widely deployed for secure government and civilian applications globally.
Learn more about AES Encryption >

Tokenization Options

For organizations with strict data residency requirements, CipherCloud also provides tokenization – substituting randomly generated values for the original data, which never leaves the enterprise. The original data and mappings are stored locally in a JDBC-compliant database.
Learn more about Tokenization >

Enterprise Key Management

The solution includes enterprise-grade key management in compliance with NIST SP 800-57 standards. Keys can be stored securely on the CipherCloud Platform or separately on a KMIP-compliant server. Keys can be split between multiple custodians, rotated or expired without affecting legacy data.

High-Performance Architecture

The CipherCloud platform is highly scalable, supporting large scale, high throughput deployments with extremely low latency. A stateless architecture requires no local database for encryption.

Multi-Org Support

Organizations often have many separate Salesforce Orgs that have been deployed by separate departments. CipherCloud can manage multiple Salesforce Orgs or cloud applications with a single system, providing centralized policy controls and company-wide enforcement.

Flexible Policy Controls

Security can be applied on a granular per-field, per-word, or per-character basis. A range of security options let you precisely set the level of security and search-ability for each data type, supporting both structured fields in Salesforce and unstructured data, such as Salesforce Chatter posts.

Advanced Function Preservation

Security that breaks applications is pointless. CipherCloud avoids this by integrating tightly with Salesforce, preserving format, search, sort and other key functions. CipherCloud supports full wild-card searches, and advanced report filters (such as “less than” or “greater than”).

Cloud Malware Detection

Cloud applications often bypass conventional network-based anti-virus systems, but CipherCloud adds integrated malware protection for all content going in and out of your cloud applications, with zero-day protection against cloud viruses, spyware, Trojans, bots, rootkits, and more.
Learn more about Malware Detection >

User Activity Monitoring and Anomaly Detection

CipherCloud provides complete and real-time visibility into ongoing user activity, along with anomaly detection that can spot unusual user and data activity in real-time – often an indicator of security or compliance problems. Easy controls allow you to set appropriate thresholds for anomaly detection. Customizable reports can be output in a wide range of format.

Broad Support for Mobile Devices

CipherCloud enables you to continue to access Salesforce seamlessly from mobile devices, supporting mobile clients and Salesforce Touch.

Extensible Platform for Custom Integration

The CipherCloud platform can be easily extended to support any kind of external cloud application, database, or third-party Salesforce AppExchange solution, enabling you to extend security for the entire Salesforce ecosystem.

Multiple Deployment Options

The CipherCloud platform can be installed on a physical server or virtual machine behind your corporate firewall, or deployed in a virtual private cloud (such as Amazon Web Services). The solution can also be hosted by third-party providers such as Rackspace or NTT.