What does “at rest” mean involving data encryption?
I've been reading the Salesforce Security Guide and it mentions involving Salesforce Shield and Platform Encryption that it
allows you to natively encrypt your most sensitive data at rest across
all your Salesforce apps.
What does "at rest" mean? How is this different than an encrypted field?
platform-encryption shield
add a comment |
I've been reading the Salesforce Security Guide and it mentions involving Salesforce Shield and Platform Encryption that it
allows you to natively encrypt your most sensitive data at rest across
all your Salesforce apps.
What does "at rest" mean? How is this different than an encrypted field?
platform-encryption shield
add a comment |
I've been reading the Salesforce Security Guide and it mentions involving Salesforce Shield and Platform Encryption that it
allows you to natively encrypt your most sensitive data at rest across
all your Salesforce apps.
What does "at rest" mean? How is this different than an encrypted field?
platform-encryption shield
I've been reading the Salesforce Security Guide and it mentions involving Salesforce Shield and Platform Encryption that it
allows you to natively encrypt your most sensitive data at rest across
all your Salesforce apps.
What does "at rest" mean? How is this different than an encrypted field?
platform-encryption shield
platform-encryption shield
edited Mar 2 at 22:56
Tyler Zika
asked Mar 2 at 22:42
Tyler ZikaTyler Zika
1,0791927
1,0791927
add a comment |
add a comment |
1 Answer
1
active
oldest
votes
The "encrypted fields" feature use encryption keys managed by Salesforce, only works for custom fields, and can show masked data (e.g. ***-**-1234
instead of the full 9 digit number). Platform encryption uses encryption keys defined by the customer, can encrypt many standard and custom fields and file types, but cannot show masked data.
Data at rest simply refers to data that is stored in the database (i.e. while is is on the hard drive of one of the servers). It is decrypted on demand when the records are retrieved from storage, and encrypted on demand when stored to the database.
Encrypted fields is primarily for HIPAA and other privacy requirements, while platform encryption is primarily for complying with government and security regulations regarding how data is stored when placed on permanent storage.
Note that "permanent storage" does not mean the data can never be altered or removed, but simply means that when the servers are rebooted, that data is not lost. This is opposed to temporary storage (e.g. RAM) that may be lost in the event of power failure, a reboot, etc.
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "459"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsalesforce.stackexchange.com%2fquestions%2f252312%2fwhat-does-at-rest-mean-involving-data-encryption%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
The "encrypted fields" feature use encryption keys managed by Salesforce, only works for custom fields, and can show masked data (e.g. ***-**-1234
instead of the full 9 digit number). Platform encryption uses encryption keys defined by the customer, can encrypt many standard and custom fields and file types, but cannot show masked data.
Data at rest simply refers to data that is stored in the database (i.e. while is is on the hard drive of one of the servers). It is decrypted on demand when the records are retrieved from storage, and encrypted on demand when stored to the database.
Encrypted fields is primarily for HIPAA and other privacy requirements, while platform encryption is primarily for complying with government and security regulations regarding how data is stored when placed on permanent storage.
Note that "permanent storage" does not mean the data can never be altered or removed, but simply means that when the servers are rebooted, that data is not lost. This is opposed to temporary storage (e.g. RAM) that may be lost in the event of power failure, a reboot, etc.
add a comment |
The "encrypted fields" feature use encryption keys managed by Salesforce, only works for custom fields, and can show masked data (e.g. ***-**-1234
instead of the full 9 digit number). Platform encryption uses encryption keys defined by the customer, can encrypt many standard and custom fields and file types, but cannot show masked data.
Data at rest simply refers to data that is stored in the database (i.e. while is is on the hard drive of one of the servers). It is decrypted on demand when the records are retrieved from storage, and encrypted on demand when stored to the database.
Encrypted fields is primarily for HIPAA and other privacy requirements, while platform encryption is primarily for complying with government and security regulations regarding how data is stored when placed on permanent storage.
Note that "permanent storage" does not mean the data can never be altered or removed, but simply means that when the servers are rebooted, that data is not lost. This is opposed to temporary storage (e.g. RAM) that may be lost in the event of power failure, a reboot, etc.
add a comment |
The "encrypted fields" feature use encryption keys managed by Salesforce, only works for custom fields, and can show masked data (e.g. ***-**-1234
instead of the full 9 digit number). Platform encryption uses encryption keys defined by the customer, can encrypt many standard and custom fields and file types, but cannot show masked data.
Data at rest simply refers to data that is stored in the database (i.e. while is is on the hard drive of one of the servers). It is decrypted on demand when the records are retrieved from storage, and encrypted on demand when stored to the database.
Encrypted fields is primarily for HIPAA and other privacy requirements, while platform encryption is primarily for complying with government and security regulations regarding how data is stored when placed on permanent storage.
Note that "permanent storage" does not mean the data can never be altered or removed, but simply means that when the servers are rebooted, that data is not lost. This is opposed to temporary storage (e.g. RAM) that may be lost in the event of power failure, a reboot, etc.
The "encrypted fields" feature use encryption keys managed by Salesforce, only works for custom fields, and can show masked data (e.g. ***-**-1234
instead of the full 9 digit number). Platform encryption uses encryption keys defined by the customer, can encrypt many standard and custom fields and file types, but cannot show masked data.
Data at rest simply refers to data that is stored in the database (i.e. while is is on the hard drive of one of the servers). It is decrypted on demand when the records are retrieved from storage, and encrypted on demand when stored to the database.
Encrypted fields is primarily for HIPAA and other privacy requirements, while platform encryption is primarily for complying with government and security regulations regarding how data is stored when placed on permanent storage.
Note that "permanent storage" does not mean the data can never be altered or removed, but simply means that when the servers are rebooted, that data is not lost. This is opposed to temporary storage (e.g. RAM) that may be lost in the event of power failure, a reboot, etc.
answered Mar 2 at 23:05
sfdcfoxsfdcfox
258k12202445
258k12202445
add a comment |
add a comment |
Thanks for contributing an answer to Salesforce Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsalesforce.stackexchange.com%2fquestions%2f252312%2fwhat-does-at-rest-mean-involving-data-encryption%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown