<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=2038511469714819&amp;ev=PageView&amp;noscript=1">

The Limitations of Salesforce Platform Encryption

5 Oct., 2017

If you've spent any amount of time recently reading about the GDPR and how it's going to affect companies large and small all around the world, you've likely experienced data overload given the extent of the GDPR's rules and regulations. To put simply, the GDPR is so thorough and far-reaching that it's going to affect companies all over the world in almost every industry.

And while keeping track of data that your company hosts internally can be a pretty massive undertaking, making sure that data hosted remotely via cloud services is safe and compliant can seem like a near impossible task.

Take Salesforce for instance. A recent study which was based on surveys with more than 1,700 Salesforce customers globally finds that 75% of companies increasing investment in data analytics can cite revenue gains as a measurable business outcome - and that means that more and more data will migrate into the cloud.

Utilizing Salesforce Cloud, however, means that a lot of customer data is being stored (either permanently or temporarily) in the cloud. And storing data in the cloud just became a lot more complicated with the introduction of the EU's GDPR which provides even stricter provisions for the protection of personal data of EU citizens and imposes high fines for compliance and data protection violations.

How Salesforce Platform Encryption Works

"But doesn't Salesforce already provide encryption for their cloud platform?" Technically, yes. But because the GDPR regulations are so broad, they specifically require data controllers to be the party to take the necessary steps to protect their data - regardless of where it's being processed or stored. They also conclude that encrypted data be stored separately from the encryption key, and that's where Salesforce platform encryption (along with Salesforce Shield Encryption) falls short.

Encrypted data is great. But if hackers gain access to encryption keys for that data on the same server or platform, then the security of your data isn't really there. To safeguard against that, Salesforce recently rolled out a pilot program called "Bring Your Own Key" (BYOK) to allow data controllers the ability to use and store their own encryption key to meet more stringent compliance regulations. It's pretty obvious that this was a quick solution to Salesforce customers requesting access to encryption keys so that they can begin the process of meeting cloud service compliance regulations. But it also highlights an incredibly important aspect of ensuring GDPR compliance for all companies: don't assume that your cloud service providers are taking all of the necessary steps to keep your data safe and compliant with state, national, and global regulations. Cybersecurity guidelines are increasingly placing a shared responsibility of maintaining secure data with the data controller and processor.

How to Close the Loop on Salesforce Platform Encryption

The easiest and most secure way to ensure that your company is meeting the GDPR's requirements for encrypting data in the cloud is to implement a separate encryption of your Salesforce data and manage the encryption keys separately from the Salesforce cloud platform. This is best achieved by using a third-party encryption service that can encrypt your data and either store the encryption key on their services (separate from your Salesforce hosted data) or allow you to hold on to your encryption key internally. Either way, your encryption key stays far away from your encrypted data, utilizes best practices for data encryption, and is compliant with the EU's GDPR requirements. 

eperi Cloud Data Protection for Salesforce can help take care of your cloud services encryption needs, keeping your data safe and helping to make sure that one piece of the compliance puzzle is taken care of.

Share Button: LinkedIn Share Button: XING