EducationEducation
- AppExchange Partners (ISV)
-
Resellers
-
Reseller Marketing Journey
- Get_Organized_Before_You_Get_Started
- Incorporating_Salesforce_Into_Your_Brand
- Crafting_Your_Marketing_Strategy_And_Plan
- Announcing_Your_Salesforce_Partnership
- Build_Sales_Pipeline
- Executing_Lead_Gen_Email_Campaign
- Building_A_Social_Media_Prescence
- Host_a_Learning_Event_About_the_Power_of_Salesforce_Sales_Cloud
-
Reseller Marketing Journey
-
General Topics
-
Topics (A-Z)
- AppExchange_Listing
- AppExchange_Cha
- AppExchange_Tech_Talks
- Branding_Guidelines
- Case_Packs
- Consent Compliance Lead and Project
- COVID_19
- Custom_Metadata_Types
- Customer_Stories
- Digital Marketing Program
- Due_Diligence_Review_new
- Drive_Global_Impact_with_AppExchange_v2
- Education Home Page
- Einstein_Account_Based_Marketing
- Environment_Hub
- GDPR
- Industries
- Innovate_with_Cutting-Edge_Platform_Technology_v2
- Legal_Center
- Lightning_Bolts_Launch
- Lightning_Ready
- Maps_Education_new
- Maps_Education
- MuleSoft
- NewsRoom
- Partner_Ohana_Hub
- Pardot_Integrations
- Partner_Account_Manager
- Partner_Business_Org
- Partner_Communications
- Partner Community Admin Overview
- Partner_Community_User_new
- Partner_Community_User
- Partner_Connect
- Pardot_Resource_Central
- Pardot_B2B_Marketing_Analytics
- Partner_Marketing_Center_new
- Partner_Orgs_new
- Partner_Program
- Partner_Referral_Benefit_Overview
- Partner_Social_Impact_Center
- Partner_Experience
- Partner_Success_Services
- Partner_Support_new
- Partner_User_Groups
- PR_Guidelines
-
Products
- B2C_Commerce_for_LINK_Tech_Partners
- Community_Cloud
- Datorama Education
- Datorama_Education_new
- Einstein
- Einstein_Analytics
- Heroku
- Live_Message
- Marketing_Cloud
- myTrailhead
- Pardot
- Premier_Success
- Quip
- Sales_Cloud
- Salesforce1
- Salesforce_Advantage
- Salesforce_CPQ
- Salesforce_DMP
- Salesforce_IoT
- Salesforce_Platform
- Service_Cloud
- Training_Reseller
- Work_com
- Product_Development_Outsourcer
- Release_Readiness_for_Partners
- Sales_Central
-
Salesforce.org
- CumulusCI
- Education_Cloud_Academy
- Education_Training
- Nonprofit_Cloud_Academy
- Nonprofit_Training
- Salesforce_Advisor_Link
- SFDO_Accounting_Subledger
- SFDO_Admissions_Connect
- SFDO_Consulting_Enablement
- SFDO_Elevate
- SFDO_EMEA_Fundraising
- SFDO_Grants_Management
- SFDO_Insights_Platform
- SFDO_K12
- SFDO_Marketing_and_Engagement_Academy
- SFDO_PMM_Case_Management
- SFDO_Release_and_Roadmap
- Salesforce_Engage
- Salesforce_Orgs
- Salesforce_DX
- Salesforce_Proficiency_Pack
- Scale_and_Access_New_Markets_v2
- SPCMA
- Talent_Exchange
- Training
- Webassessor_for_Partners
- Talent_Alliance
- Partner_Learning_Camp
- Architect_Success_Program
- shareddiscovery
- Datorama_Service_Order_Submission_and_Non-Renewal_Instructions_for_AppExchange_Partners
- Partner_Advisory_Board
- Accredited Professional
- Test_Drive_Education
-
Topics (A-Z)
- AMP
Platform Encryption for Partners

This pragmatic approach includes three requirements shared by a wide variety of customers in regulated industries such as Financial Services, Healthcare, and Life Sciences, Manufacturing, Technology, and Government:
- Encrypt sensitive data when it’s stored at rest in the Salesforce Platform.
- Support customer-controlled encryption key life cycles.
- Preserve application and Salesforce Platform functionality.
Platform Encryption takes place between database and application layers to preserve functionalities as much as possible while providing a very high level of security when accessing data and files.
Please review the Platform Encryption for AppExchange Partners (ISVs) Webinar (see "Media"), the What You Need to Know to understand how to enable Platform Encryption in your org, Resources (like the Implementation Guide), and an FAQ.
- - All partner contracts state that any public mention of salesforce.com or any of its brands MUST be approved by Salesforce
- - All materials must be submitted via our Google form to obtain approval for any public mention of Salesforce.
Submit content via Google Form >
- - Approval of partner press releases can take up to 14 days for Summit and Crest level partners, and up to 30 days for all other partners.
- - All partner contracts state that any public mention of salesforce.com or any of its brands MUST be approved by Salesforce
- - All materials must be submitted via our Google form to obtain approval for any public mention of Salesforce.
Submit content via Google Form >
- - Approval of partner press releases can take up to 14 days for Summit and Crest level partners, and up to 30 days for all other partners.
Value for AppExchange Partners (ISVs)
- Encryption at rest becomes a requirement, like SSL/TLS is today for network communications
- Allows you to position your app ahead of the industry
- Reveal new opportunities
- Major key differentiator of your app
- Big customers choose to encrypt
Action for AppExchange Partners (ISVs)
- Enable Platform Encryption in your org. Keep in mind that Platform Encryption may break core functionality within your app
- Test your app with Platform Encryption
- If changes are required, update your packages accordingly to support Platform Encryption
- Engage with other partners in the Platform Encryption Group
How to Enable Platform Encryption in Your Org
- Sign up for a new org here.
- Grant Manage Encryption Keys to the Encryption Admin (Spring '16): Permission Set or Profile.
- Go to Setup and search for ‘Encrypt’
- Select Platform Encryption.
- Click Generate Tenant Secret.
- Select Encrypted Fields.
- Click Edit.
- Select all possible fields and Save.
- Click on Back to Platform Encryption.
- Enable Files and Attachments Encryption
- Select Save to save your choice.
- Update existing data or upload new data so that the crypto service will kick in and encrypt it.
- Grant View Encryption Data to users.
- Summer '16 Platform Encryption Strategy
- Platform Encryption Group
- How Platform Encryption Works
- Platform Encryption Terminology
- Implementation Guide
- Whitepaper (Platform Encryption Architecture)
- Killer Animated Video
- DF15: Demystifying Key Management
- DF15: PE for Devs and Admins
- Best Practices
- Considerations
Q: What's the difference between Platform Encryption and Classic Encryption?
A: Classic encryption lets you protect a special type of custom text fields, which you create for that purpose. With Platform Encryption, you can encrypt a variety of widely-used standard fields, along with some custom fields and many kinds of files.Platform Encryption also supports person accounts, cases, search, workflow, approval processes, and other key Salesforce features. See this table to understand the differences.
Q: Why should I support Platform Encryption?
A: Encryption at rest becomes a requirement, like SSL/TLS is today for network communications, it allows you to position your app ahead of the industry, reveals new opportunities, big customers choose to encrypt, and it can be a key differentiator of your app.
Q: Can we selectively encrypt files?
A: No, you can only encrypt all files.
Q: Can you encrypt custom fields in custom settings?
A: Yes, you can apply encryption on custom fields added to custom settings but remember it is subscriber-control, meaning the customer can apply encryption on it in their org (as long as the custom field made encryptable and listed in the supported fields).
Q: Will global search find document CONTENT, or just tags of documents in Box?
A: Yes, it supports full text search within documents on Box. Files Connect on Box global searches would work analogous to how it is supported for Google Drive and Sharepoint.
Q: Does Workflow support all actions on PE orgs?
A: Only Email alerts and Outbound messaging are supported in PE orgs.
Q: Which standard objects' standard fields are encryptable in Spring '16?
A: On the Account object, Account Name, Fax, Website, Phone are encryptable. On the Contact object, Description, Email, Fax, Home Phone, Mailing Address (Encrypts only Mailing Street and Mailing City), Mobile, Name (Encrypts First Name, Middle Name, and Last Name), Other Phone, and Phone are encryptable. On the Case object, Subject and Description are encryptable. On Case Comments, Body is encryptable.
Q: What data type of custom field can be encrypted?
A: You can encrypt the contents of these custom field types: Email, Phone, Text, Text Area, Text Area (Long), and URL. You cannot use currently or previously encrypted custom fields in custom formula fields or criteria-based sharing rules. In addition, you cannot use Schema Builder to create an encrypted custom field. Keep in mind that some custom fields can’t be encrypted such as fields that have the Unique or External ID attributes or include these attributes on previously encrypted custom fields, fields that are used in custom formula fields, and fields on external data objects.
Q: Can customer encrypt managed package's custom field?
A: Not at this time.
Q: Why can't I see "Custom Field" when selecting Setup | Platform Encryption | Encrypt Fields?
A: Encryption of custom field is available from the object | Field itself. Check the box "Encrypt the contents of this field".
Q: Does Platform Encryption, replace or enhance other AppExchange Partner (ISV) apps like CipherCloud and Perspecsys?
A: Many of these vendors are partners on our AppExchange and can add value to your use of Salesforce, with regards to to DLP and policy enforcement. When it comes to strongly encrypting data and making it available throughout the Salesforce Platform services functionalities, this brittle technology tends to break quite often, especially when we release software out to customers. The way in which these vendors interact with Salesforce to encrypt your data results in complex, costly projects, a fragile integration that can be difficult for these vendors to maintain, weakened encryption security, and a loss of functional capabilities. Based on our experience with similar technology, we believe that the native encryption-as-a-service is the most secure, robust, scalable and functional solution customers can use to add another level of security and protection to their private, regulated and sensitive data.
Q: Can Platform Encryption be undone?
A: Since Platform Encryption is enabled at the customer org level, your customer has to open a case directly with Salesforce in order to get it deactivated. If they have no direct support from Salesforce, then you will need to submit this case.
Q: Does Platform Encryption replaces FLS and other security rules?
A: No, Platform Encryption extends current security rules (sharing model, object/field level security, data residency options) and facilitates regulatory compliance, unauthorized access to database, contractual obligations, PII & data privacy rules.
Q: What happens if a package uses an encrypted field in an unsupported way?
A: Package installation will fail.
Q: What happens if my customer tries to encrypt a field used in a package (or their own code) in an unsupported way?
A: Encryption will be rejected.
Q: Will "Where", "Order by" or "Group by" SOQL clauses be natively supported in future?
A: These clauses are hard limitations. We won't be able to offer a native solution anytime soon.
Q: What happens if Dynamic SOQL uses an encrypted field in a "Where", "Group by" or "Order by" clause?
A: An exception is thrown at run-time. Keep in mind that there is no exception during package installation.
Q: How can I tell if a field is encrypted or not?
A: There's a describe method where the field level that will let you know if the field is encrypted or not. Based on this you can implement a similar pattern for unsupported SOQL:
if (field.isencrypted()) {
static soslapex filtering logic
} else {
dynamic soql
}
Q: When will the Lightning Experience be supported?
A: The Lightning Experience is on the roadmap. Some areas will be supported in Summer '16.
Q: What should I do if I have additional questions about Platform Encryption?
A: Ask your questions in the Platform Encryption Group on the Partner Community.