Salesforce Encryption
StratoKey is your all-in-one cloud data protection solution for Salesforce. The StratoKey Cloud Data Protection (CDP) platform provides Encryption, Tokenization, Monitoring, Analytics, and Defensive capabilities for Salesforce® and Force.com applications. With StratoKey you gain granular control over data security through FIPS-validated Encryption and Tokenization that secures sensitive data destined for Salesforce before it leaves your environment.
Request the Salesforce Shield Comparison Brochure
Please provide your details one of our team members will reach out via email.
Meeting Compliance Requirements for Salesforce
StratoKey helps organizations meet stringent regulatory and compliance requirements such as HIPAA, ITAR, CMMC and GDPR. It does this by providing organizations with selective encryption and tokenization to secure and onshore sensitive data. In addition to data protection, StratoKey also delivers a suite of tools to layer controls such as user access, monitoring and visibility and security policy enforcement. With StratoKey, you gain granular control over who can access sensitive information in Salesforce and can meet a wide range of compliance requirements.
A Complete Cloud Data Protection Toolkit for Salesforce
The CDP platform's EMAD™ features provide organizations with a complete set of powerful layered security controls, designed to prevent data breaches and meet stringent compliance requirements.
As well as end-to-end FIPS-validated encryption organizations immediately gain real-time user monitoring, security analysis of interactions, detailed audit trails, and automated security rule and policy enforcement. This is all provided in a scalable, high-throughput, zero maintenance deployment.
.png?width=600&height=400&name=salesforce-encryption-with-stratokey(2).png)
Encryption & Tokenization for Salesforce
Secures sensitive data with FIPS-validated encryption or tokenization before data leaves your control, helping keep it secure for its entire lifecycle.
Access Controls for Sensitive Data
CDP platform can enforce user identification, group policies, and advanced authentication to keep access to sensitive data secure.
Audit Logs for Salesforce
Log every user interaction with secured data within Salesforce. Logs are useful for forensic analysis and quick response in third-party breach scenarios.
Monitoring & Policy Enforcement
Get analytics and immediate policy enforcement to detect and prevent unauthorized access to sensitive data in Salesforce.
.webp?width=421&height=550&name=salesforce-integration-stratokey2(1).webp)
Salesforce Integration Features
- Encryption of fields and attachments
- Encryption of custom fields and records
- Search and sort capabilities for encrypted fields and files
- Tokenization support for local storage
- Encryption key separation (CMEK, BYOK)
- Real-time user monitoring and detailed audit trails
- Security analytics of interactions
- Security Rule and Policy Enforcement
- Support for Lightning and Classic
- Single Sign On support (SSO)
- High performance and low latency
- Apex, Trigger, and Workflow support
How Does Salesforce Shield Compare?
Salesforce Shield offers built-in security for data protection and governance on the Salesforce platform, but StratoKey’s Cloud Data Protection solution provides broader and deeper capabilities. StratoKey fully replaces and surpasses Shield, making it the preferred choice for organizations with stringent compliance, sovereignty and data protection requirements.
Request the Salesforce Shield Comparison Brochure
Salesforce Shield
- Does not provide a separation of the encryption system from the data. The potential to access sensitive data by Salesforce is still there.
- Does not support partial word search on encrypted fields or sorting of encrypted data.
- Does not provide tokenization solutions for data onshoring or sovereignty (relies on Salesforce data centres that are exposed to the Cloud ACT).
- Does not extend data protection to integrations and external systems. Is limited to Salesforce.
StratoKey CDP Platform
- Provides end-to-end encryption (with FIPS 140-3 validated libraries) at arm's length. Protected data is never exposed to Salesforce.
- Supports full-text and partial word search as well as sorting for encrypted fields.
- Provides a tokenization engine to onshore sensitive data and store it within your designated environment and jurisdiction.
- Secures data across your cloud applications, including Salesforce, NetSuite, Jira, Confluence, ServiceNow, etc.
StratoKey is Your Key to Hardening Access into Salesforce
Onshore Storage & Encryption for Regulated Salesforce Data
StratoKey enables organizations to store sensitive data locally (onshore) that would otherwise reside in Salesforce data centers. With the StratoKey onshoring solution, you can keep sensitive data in your own database, hosted either on-premise or in your own private cloud environment.
Meeting Safe Harbor and Data Privacy Requirements
The data onshoring solution is designed to help organizations meet stringent data privacy regulations and ‘Safe Harbor’ requirements. This is particularly relevant for compliance with frameworks such as HIPAA, ITAR, CMMC, GDPR, and others.
Retaining Full Control Over Data Access
Unlike standard SaaS platform encryption, StratoKey puts you in full control of access to sensitive data. Encryption is performed separately from Salesforce, so Salesforce never has access to unencrypted data or your encryption keys. All encryption and decryption is handled by your own StratoKey Gateway, securely hosted within your own infrastructure.
Privacy of Data
Encrypting or tokenizing (onshoring) ensures your data is always private and no-one except for the users you directly provision has access to the plaintext data.
Government Access
Storing or encrypting data locally prevents third-party governments from accessing your sensitive data. In some countries this restriction is required by data privacy law.
Choose Your Data Storage Location
You determine where your sensitive data is stored. The database can be hosted either on premise or in a private cloud environment.
Mitigate Offshore Support Risk
When data is encrypted or tokenized by StratoKey you control who has access. If a user is not provisioned in your StratoKey Gateway, they never see sensitive data in plaintext. It's always either encrypted or tokenized.
Frequently Asked Questions About the Stratokey Salesforce Integration
Can Salesforce staff access our sensitive data?
With StratoKey, no they cannot.
Encrypted fields are stored as ciphertext in Salesforce.
Tokenized field data is stored within your own database. Anonymized tokens are stored in Salesforce instead.
Sensitive data never enters Salesforce’s servers.
Decryption requires your privately managed key, and StratoKey gateway access, which is controlled entirely by your organization.
Why choose an encryption gateway over Salesforce Shield?
When you host the encryption gateway you retain full control of the encryption system and create separation between the data protection and the third-party system - in this case Salesforce. This can mitigate breach risk, reduce access outside of the gateway and help adhere to compliance requirements.
Moreover, the encryption keys are never exposed in any form to Salesforce. And, if compelled Salesforce cannot hand over your decrypted data - as they simply do not have access.
How is StratoKey costed compared to Salesforce Shield?
A fraction of the cost.
The full Shield suite (Platform Encryption + Event Monitoring + Field Audit Trail) is typically priced at 30% of your net Salesforce product spend (Sales Cloud, Service Cloud, etc.). As product spend increases, a customer’s Shield fees increase along with it.
Event Monitoring: 10% of net spend.
Field Audit Trail: 10% of net spend.
Platform Encryption: 20% of net spend.
Additional features like security center and privacy center are 10% and 15% respectively.
Example: If you spend $1M/year on Sales Cloud, Shield could cost $300K/year.
StratoKey is a fraction of the cost of Shield for organizations.
Unlike Shield's percentage-based model, StratoKey uses license fees decoupled from Salesforce product spend, avoiding cost escalations. Moreover, there is no feature bundling. StratoKey users get all Cloud Data Protection features with their license.
Is StratoKey different from Salesforce Shield?
Yes. StratoKey provides true arms-length encryption and compliance controls - at a fraction of the cost of Shield.
Encryption keys: StratoKey gives you complete control over encryption keys. They are stored in your infrastructure, while Salesforce Shield uses Salesforce-managed keys, unless using BYOK (which still operates within their environment).
Search capabilities: StratoKey enables full-text/partial searches of protected data, while Shield restricts searches to exact matches on encrypted fields.
Cost: StratoKey's licensing model avoids Shield's cost coupling, which is tied to product spend. StratoKey licensing includes all StratoKey features.
Compliance: Onshoring solves true data sovereignty gaps that Shield simply can't address for many organizations.
Ready to secure your Salesforce data?
Get in touch to learn how StratoKey can secure your sensitive data and help with your compliance requirements.