Shield Platform Encryption In Salesforce

a) What basically Encryption mean?
At its most basic level, encryption scrambles information so that only those people with the right decoder key can unscramble it.

b) What is Shield Platform Encryption?

Salesforce Shield lets customers see who is doing what with sensitive data, know the state and value of their data going back up to ten years, and encrypt sensitive data at rest, while still preserving business functionality. 

c) What Kind of Data We Can Encrypt?
We can encrypt phone numbers, dates, names, text files, images, etc. If it’s recorded digitally, you can encrypt it. Shield Platform Encryption encrypts data at rest, meaning that we encrypt it when it’s being stored within Salesforce.

d) 'Shield Platform Encryption' Basics -

• 'Keys' do the scrambling and unscrambling, and 'Secrets' keep your keys safe and working properly. Tenant secret partners with the master secret in what’s called a key derivation process to create keys that encrypt and decrypt your data. Master secret gets updated once per release, but you can update your tenant secrets as often as you want.
• Shield Platform Encryption is available for free in Developer Edition orgs. 
• All other editions require you to purchase a license. With Shield Platform Encryption, you can encrypt all kinds of confidential and sensitive data at rest on the Salesforce Platform. “At rest” means any data that’s inactive or stored in files, spreadsheets, standard and custom fields, and even databases and data warehouses.
• The data is encrypted with a stronger 256-bit AES key.
• Shield Platform Encryption even allows you to search for encrypted data in databases.
• To generate 'Tenant Secret' key, goto Setup, enter Platform Encryption in the Quick Find box, then select 'Platform Encryption' and then select 'Generate Tenant Secret'.
• You can 'Export' and also 'Import' the tenant secrets keys in order to regain access to data.
• Best practice is to generate new tenant secret at frequent intervals. This process of generating a new tenant secret and archiving the old one is called key rotation. 
• Archived tenant secrets can’t encrypt new data, but the app uses these archived keys to decrypt the data that was previously encrypted with it.
• Remember, encryption doesn’t take the place of field-level access controls.
• As with encrypted fields, encryption for files and attachments affects only files and attachments created after encryption is enabled. Enabling encryption doesn’t automatically encrypt files and attachments that were already in Salesforce. To encrypt all of those files that lived in Doc’s org before you enabled Shield Platform Encryption, contact Salesforce for help.

e) How to Enable Shield Platform Encryption in Salesforce -

• Provision your license. Contact Salesforce to get one. Shield Platform Encryption is automatically available in Developer Edition orgs created on or after the Summer of 2015.
• Assign permissions - need the “Customize Application” and “Manage Encryption Keys” permissions. However, you likely don’t want everyone managing encryption keys. Assign permissions with these scenarios in mind.

• Enable Shield Platform Encryption for your org.

f) Limitations under Shield Platform Encyption - 
A security solution as powerful as Shield Platform Encryption doesn't come without some tradeoffs.

i) Shield Platform Encryption and the Lightning Experience -
For more details on this, refer to below link
https://help.salesforce.com/articleView?id=security_pe_considerations_lightning.htm&type=5

ii) Field Limits with Shield Platform Encryption -
For more details on this, refer to below link
https://trailhead.salesforce.com/modules/spe_admins/units/spe_admins_get_started

Happy Weekend Friends!!!! 😊