Tuesday, 16 Jul 2024

Salesforce Classic vs. Salesforce Shield Platform Encryption: Which One Should You Use?

salesforce classic encryption

Salesforce offers a couple of encryption options to add extra protection to your Salesforce platform. Let’s dive into the differences between Salesforce Classic encryption and Salesforce Shield Platform Encryption to understand which one is right for your organization.

Salesforce Classic Encryption

Salesforce Classic Encryption protects data from your existing Salesforce users by providing masking capabilities, which allow you to hide the original data with random characters. This out-of-the-box functionality can be used to encrypt custom fields with 128-bit Advanced Encryption Standard (AES). Subsequently, if users are assigned the correct permission set, they will only be able to see the encrypted data.

Advantages of Salesforce Classic Encryption:

  • Is included in Base License cost of Salesforce.
  • Provides masking of custom fields to protect against internal Salesforce users seeing specific data.
  • Is excellent for masking sensitive data, such as credit card or SSN fields.

Disadvantages of Salesforce Classic Encryption:

  • Can only encrypt custom fields.
  • Limits custom field encryption to 175 characters.
  • Needs profiles and permission sets to be configured for Salesforce users.
  • Cannot be used in workflows or formula fields.

How Does Salesforce Classic Encryption Affect Your Weekly Export Backups?

The encrypted fields in your backups will be dependent on the authenticated user who is performing the export. If the system admin who is performing the weekly export has the “View Encrypted Data” permission, then the encrypted field will be backed up in its decrypted format. If that user does not have the correct permission, the backups will be shown in the masked format, so that user will be pulling random data rather than the actual data.

Tham Khảo Thêm:  Set Password After Creating an Account with Google

Salesforce Shield Platform Encryption

Salesforce Shield Platform Encryption protects Salesforce data at rest using either a generated or an uploaded encryption key. Shield Platform Encryption provides the additional option of Bring Your Own Key (BYOK), allowing customers to manage their own encryption keys. Shield Platform Encryption is an additional feature that provides 256-bit encryption with a broader range of core Salesforce functionality, including search, lookups, validation rules, and Chatter. No masking is applied to Shield encrypted fields, so visibility needs to be controlled with field-level security.

Advantages of Salesforce Shield Platform Encryption Provides:

  • The ability to encrypt standard fields, custom fields, files, and attachments.
  • Can be used in workflows and formula fields.
  • Offers a higher level of encryption (256-bit AES) than Salesforce Classic Encryption.

Disadvantages of Salesforce Shield Encryption:

  • There is an additional cost.
  • Does not provide masking, so Field Level Security (FLS) needs to be set to control visibility of fields.
  • Does not work with certain third-party apps.
  • Includes additional considerations that can be found here on Salesforce’s Help Center.

How Does Shield Platform Encryption Affect Your Weekly Export Backups?

All Shield-encrypted fields will be exported in a decrypted format. In addition to backing up your Salesforce data, it is recommended that you back up your tenant secret key. In the case that you accidentally destroy a tenant secret, Salesforce is unable to retrieve it for you and you will lose all access to data encrypted with that key.

If you decide to go with Shield Platform Encryption, consider using a third-party backup service, like Own, to ensure you never lose access to your data. Own (formerly OwnBackup) is the perfect complement to Salesforce Shield as it performs daily automated backups of all of your data and metadata, including your tenant secrets. This way, you will never lose access to the encrypted data that is critical to your business operations.

Tham Khảo Thêm:  How to Know If Your Snapchat is Hacked - 5 Ways Your Snapchat Is Hacked

Frequently Asked Questions

Q: Can Salesforce Classic Encryption encrypt standard fields?

A: No, Salesforce Classic Encryption can only encrypt custom fields.

Q: What is the cost of Salesforce Shield Platform Encryption?

A: Salesforce Shield Platform Encryption has an additional cost.

Q: Can Salesforce Shield Platform Encryption be used in workflows and formula fields?

A: Yes, Salesforce Shield Platform Encryption can be used in workflows and formula fields.


In conclusion, both Salesforce Classic Encryption and Salesforce Shield Platform Encryption offer different features and benefits. Salesforce Classic Encryption is included in the Base License cost of Salesforce and is great for masking sensitive data. On the other hand, Salesforce Shield Platform Encryption provides a higher level of encryption and can be used with a broader range of core Salesforce functionality.

Consider your organization’s specific needs and requirements to determine which encryption option is right for you. And remember, always ensure you have a reliable backup solution to protect your encrypted data.