Skip to main content
Security

Shield Platform Encryption

Shield Platform Encryption encrypts sensitive data at rest in Salesforce using tenant-specific encryption keys, protecting it beyond standard database-level encryption.

Term Context

Category

Security

7 terms in this category

Related Terms

3

connected concepts

Glossary

66

total definitions

Shield Platform Encryption Explained

Shield Platform Encryption is part of the Salesforce Shield add-on suite (alongside Event Monitoring and Field Audit Trail). It applies AES-256 encryption to data at rest for supported field types, including text, text area, date, datetime, email, phone, URL, and certain standard fields like Name and Description on select objects. Unlike classic Salesforce encryption (which used a masked, unencryptable field type), Shield encryption preserves field functionality: encrypted fields can still appear in list views, reports, and be used in some SOQL filters.

Key management is critical. Salesforce offers a default key management service, but organizations with strict compliance requirements can bring their own keys via the Cache-Only Key Service or use customer-supplied key material. Encrypted data counts double against storage limits, and certain platform features (like formula field references, SOQL LIKE filters, and aggregate queries) are limited on encrypted fields. Shield Platform Encryption is common in healthcare, financial services, and government orgs where regulatory frameworks mandate encryption at rest.

Related Salesforce Terms

3 terms

Field-Level Security (FLS)

Security

Field-Level Security controls which users can see and edit specific fields on Salesforce objects, enforced at the profile and permission set level.

Organization-Wide Defaults (OWD)

Security

Organization-Wide Defaults define the baseline record access level for each object, establishing the most restrictive sharing setting before other mechanisms open access.

Profile

Administration

A Profile in Salesforce defines the baseline set of permissions, page layout assignments, and system settings that apply to every user assigned to it.

Learn More

Salesforce ServicesAI Salesforce Admin

More in Security

View all →

Field-Level Security (FLS)

Field-Level Security controls which users can see and edit specific fields on Salesforce objects, enforced at the profile and permission set level.

Organization-Wide Defaults (OWD)

Organization-Wide Defaults define the baseline record access level for each object, establishing the most restrictive sharing setting before other mechanisms open access.

Sharing Rule

A Sharing Rule in Salesforce automatically extends record access to specific groups of users beyond what Organization-Wide Defaults and the role hierarchy provide.

Connected App

A Connected App is a configuration framework that enables an external application to integrate with Salesforce using OAuth 2.0, SAML, or other standard protocols.

Getting Started

Ready to transform your Salesforce?

Join hundreds of teams using Clientell AI to automate workflows and boost productivity.

Start free trialTalk to Sales

Unlimited messages  ·  No credit card required

SOC 2
HIPAA
GDPR
Salesforce Partner