Key Management for Salesforce

Promote this Nomination

Additional Info

CompanyThales e-Security
Company size (employees)62,000 employees
Type of solutionHybrid


Enterprises that are moving to cloud and SaaS applications get it – Their data needs to be encrypted, and they need to control access to it by managing their own encryption keys. In our 2016 Data Threat Report, we found that this was the top control enterprises need to increase their cloud and SaaS adoption.

Salesforce got the message, and now makes this possible for the industry’s leading SaaS application with their introduction of BYOK for Salesforce Shield. Salesforce Shield Platform Encryption enables enterprises using Salesforce to natively encrypt data at rest across their Salesforce apps without compromise to business functionality.

The Vormetric Key Management for Salesforce offering from Thales, enables enterprises that must meet PII, PCI, ePHI, GDPR and other compliance requirements, or just pursue best practices for data protection, to meet this need to protect data with encryption, control access to critical information within their Salesforce instances, and properly manage the encryption keys that control access with a hosted SaaS application. The solution enables them to safely store, manage and maintain the Salesforce tenant secrets used to derive the encryption keys that protect data within the Salesforce environment.

The result is a Salesforce environment with enhanced compliance controls that can be easily verified by regulators and auditors. Key Management for Salesforce is available both “As A Service” and on-premises, is instantly scalable and enables lifecycle key management including key creation, uploading, updating, storing and deletion. To further increase privacy, the service supports multiple Salesforce instances by allowing users to create different KMaaS administrators with keys that align to each enterprise organization.

How we are different

• Timely innovation: This is one of the first solutions available to provide enterprises with both full SaaS functionality (for Salesforce in this case), and the capability to meet detailed best practice and compliance requirements for controlling access to sensitive data. Until now, enterprises with heavy regulatory requirements, and the strictest security needs, were prohibited from using SaaS solutions that accessed sensitive data. They were required to instead choose in-house or hosted solutions that provided them with the required degree of control or risk de-certification, non-compliance and loss of business.

• Completeness of solution: Allows enterprises to retain management and control of encryption keys & policies mapped against Salesforce users and roles. Managing and controlling the creation, storage, rotation, deactivation and destruction of their keys. Separate encryption key management based on organizational requirements and locale. And enabling the detailed auditing of key management activities required by compliance, regulation and best practice, even those requiring FIPS 140-2 L3 management compliance.

• Flexible and easy to use: The solution supports both an on premises option for the most highly regulated and most risk averse enterprises and an “as-a-service” option for Key Management as a Service (KMaaS) from a cloud solution. The KMaaS option enables rapid deployment of the solution, eliminating the time and resources needed for installation and on-going maintenance. Physical hardware acquisition, configuration and integration are eliminated, along with ongoing infrastructure management, maintenance and upgrade costs. The experts deploy and maintain KMaaS infrastructure, while enterprises simply use the application to protect their critical data in Salesforce.