Have heard about, and implemented, Shield Platform Encryption (SPE), Right? No? No worries – Trailhead is at your rescue! Trailhead has an amazing module Get Started with Shield Platform Encryption. The module will teach you the ins and outs of platform encryption!
In this blog, my primary focus is to show you how we can use Process Builder to access encrypted data. But before we explore this concept, let us take a closer look at Platform Encryption. To state briefly, Platform Encryption gives your data a new layer of security while preserving most of the Salesforce functionality you rely on. It enables you to encrypt sensitive data at rest – and not just when transmitted over a network. As a result, your organization can confidently comply with regulatory requirements, privacy policies, and contractual obligations for handling private data.
One of the salient features of SPE is that it helps you to build on the data encryption options that Salesforce already offers out of the box. Data stored in many standard and custom fields, and in files and attachments, are encrypted using an advanced Hardware Security Modules – based key derivation system. As a result, the data is protected even when other lines of defense have been compromised. Another critical feature of SPE is that your data encryption key is never saved or shared across organizations; instead, it is derived on demand from a master secret and your organization-specific tenant secret. And then, the key is cached on an application server.
Preceding screenshot displays how fields get encrypted when SPE is enabled for an object. People with the View Encrypted Data permission can see the data of encrypted fields. You can control it by implementing Permission Set.
Please note, if you enable Turn Off Masking for Encrypted Data – Critical Updates then, field masking will be decoupled from SPE. As a result, the View Encrypted Data permission, and its resulting masking behavior will no longer be available in SPE.
As a result – of enabling ‘Turn Off Masking for Encrypted Data – Critical Update’ – now you have to use field-level security and object-level security features to control who can Read the rest of this entry!