Salesforce Shield Encryption Vs Hyperforce Encryption

Salesforce offers multiple encryption solutions to secure your data. Some of these encryption solutions appears very similar but these provide distinct purposes. In this article, we are going to quickly compare Salesforce Platform Shield Encryption solution with Hyperforce Volume Based Encryption.

Salesforce Hyperforce is a public cloud infrastructure and Salesforce is gradually transitioning to Hyperforce from private data centers. We can consider Hyperforce as a next generation infrastructure solution provided by Salesforce on public cloud infrastructure. Data on Hyperforce is encrypted by default and we do not have to use any additional encryption solution for most of the scenarios.

Hyperforce Encryption

Hyperforce is Salesforce’s infrastructure redesign that provides enhanced security and compliance. It Offers encryption as part of its cloud infrastructure and provides more comprehensive encryption across the entire Salesforce platform. Hyperforce provides volume-level encryption for data at rest by default. This means that all data stored within Salesforce’s infrastructure is encrypted at the storage level and it ensures baseline security across the platform. Hyperforce encryption is managed by Salesforce, and it doesn’t offer granular control over specific data elements or encryption keys.

Hyperforce Encryption can meet our encryption requirements if we are looking for comprehensive data protection at infrastructure level. You want a consistent encryption solution across Salesforce services. This does not require any additional configuration, and it is automatically applied to all data stored.

Shield Platform Encryption

Shield Platform Encryption offers advanced encryption capabilities. It allows us to encrypt sensitive data at the field and file level. It uses AES 256-bit encryption and supports deterministic and probabilistic encryption methods. It provides control over encryption keys. It also provides options for key rotation and the ability to bring your own key (BYOK). This level of control helps in complying with specific regulatory requirements and internal security policies

Shield is designed for Organizations with high compliance requirements, particularly for Healthcare and Financial Services. We cannot encrypt all the fields using Shield Platform Encryption and we may get limitations for using encrypted fields in some of the automations or SOQL. Sheild requires additional license, so it requires additional cost on top of Salesforce licenses.

Decision Making: Shield Encryption Vs Hyperforce Volume based Encryption

We need to consider several factors when we decide if we have to use Shield Platform Encryption or out of the box Volume based Encryption should be sufficient. Some of the key decision Factors are listed below:-

  • Compliance Requirement: Assess your organization compliance requirements. Is it OK to use Salesforce managed key or you have explicit requirements to use your own key.
  • Data Sensitivity: Do you manage very sensitive data in Salesforce. Encryption requirement for some of the key fields like SSN, Financial Data may be very complex, and it may require using your own key
  • Infrastructure Level Encryption or Field Level Encryption: Shield allows to define encryption at field level while Hyperforce volume encryption is at infrastructure level
  • Performance & Scalability: Shield Encryption is having known performance issues and limitations. Hyperforce encryption is more seamlessly integrated into the infrastructure
  • Cost: Do you have any budget constraints? Sheild will require additional license while Hyperforce is available out of the box

Recommendations

It is very important to conduct a detail security assessment and compliance requirements. Work with Salesforce architects to understand the complexity and other implementation complications. It is very important to consider the performance impact and then decide the optimal solution.

One of the recommended approaches is to use combination of both Platform Shield Encryption & Hyperforce to solution the encryption requirement. While Hyperforce Volume Based Encryption is going to secure your entire infrastructure, you can leverage Shield Platform Encryption to identify some of the very sensitive information and encrypt the corresponding fields using your own managed key with Shield Platform Encryption.

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top