When we talk about Encryption in Salesforce, There are typically three kinds of encryption you may need to secure your data:
- Encription at rest
- Encription during transit
- Encription during usuage
Here we will be going to talk about Encryption at rest which is provided by Salesforce Shield which provides 3 products:
- Event Monitoring
- Field Audit Trail
- Encryption
Encryption
Protect data at rest – Encrypt standard & custom fields, files & attachments
Natively to Salesforce features like Search, Chatter, Relationship work with encrypted data
Bring your Own Key: Customer can manage keys, Customer-driven encryption key lifecycle management
Find more details at https://developer.salesforce.com/docs/atlas.en-us.securityImplGuide.meta/securityImplGuide/salesforce_shield.htm
There are two types of Shield Encryption: Deterministic & Probabilistic. Deterministic encryption is for the field which you need in the where clause in a query but the Probabilistic type ensures extra security than the Deterministic type.
Don’t get confused between Classic encryption and Shield platform encryption, Classic encryption is also provided on top of the platform with no cost but it doesn’t support the Standard field, File, also it provides 128 bit AES and user access to the encryption field is managed by permission set