Data Encryption

Question 1

Considerations for custom Encrypted fields option(classic encryption)?

Answer 1

• Encrypted using 128bit AES.
• Customer can import/delete/archive their master encryption key. Key management can be enabled by Salesforce support.
• User Permission required to view the actual data.
• You can use encrypted fields in email templates but the value is always masked regardless of whether you have the “View Encrypted Data” permission.
• If you have the “View Encrypted Data” permission and you grant login access to another user, the user can see encrypted fields in plain text.
• Only users with the “View Encrypted Data” permission can clone the value of an encrypted field when cloning that record
• Not available for standard fields.
• No search, filtering, use in the workflow, mobile.
• Limited to 175 characters. • Fields are still accessible by administrators.
• Encrypted fields are editable regardless of whether the user has the “View Encrypted Data” permission. Use validation rules, field-level security settings, or page layout settings to prevent users from editing encrypted fields.
• Are not available for use in filters such as list views, reports, roll-up summary fields, and rule filters.
• Cannot be used to define report criteria, but they can be included in report results.
• Are not searchable, but they can be included in search results.
• Are not available for: Connect Offline, Salesforce for Outlook, lead conversion, workflow rule criteria or formulas, formula fields, outbound messages, default values, and Web-to-Lead and Web-to-Case forms.
• You can still validate the values of encrypted fields using validation rules or Apex. Both work regardless of whether the user has the “View Encrypted Data” permission.
• Encrypted field data is not always masked in the debug log. Encrypted field data is masked if the Apex request originates from an Apex Web service, a trigger, a workflow, an inline Visualforce page (a page embedded in a page layout), or a Visualforce email template. In other cases, encrypted field data isn’t masked in the debug log, like for example when running Apex from the Developer Console.
• Existing custom fields cannot be converted into encrypted fields nor can encrypted fields be converted into another data type. To encrypt the values of an existing (unencrypted) field, export the data, create an encrypted custom field to store that data, and import that data into the new encrypted field.

Question 2

Shield platform encryption - considerations?

Answer 2

• Data is encrypted using 256 bit AES algorithm
• Allows encryption of both standard and custom fields.
  
  • Standard fields - depends on the object. Check documentation
  • Custom fields -
    
    • Email
    • Phone
    • Text
    • Text Area
    • Text Area (Long)
    • Text Area (Rich)
    • URL
    • Date
    • Date/Time
• it can also encrypt files and attachments stored in Salesforce.

Question 3

What does Event monitoring offer?

Answer 3

Monitor

• Usage
• Security
• Performance

Question 4

Shield - limitation of encrypted fields inflow or PB?

Answer 4

• Can’t be used in filter criteria
• Can’t be used in sort by

Question 5

Shield - Can encrypted fields be referred to in the formula?

Answer 5

No

Question 6

Shield - use of encrypted fields in SOQL & SOSL

Answer 6

• Can’t be used in
  
  • where condition
  • Group by
  • Order by