With the launch of Salesforce Shield customers are now able to easily build Apps that can meet their compliance and governance requirements. This is an extension to the Salesforce1 platform and therefore any application built within the platform can take advantage of it.
Salesforce Shield features
There are four key features of which three will be available immediately: Data archiving is not available until sometime in 2016. The four features are Platform Encryption, Data Archive, Field Audit Trail and Event monitoring.
This is the core of the new product and evolves the classic encryption available on Salesforce to something much more powerful. The platform encryption is now native to the Salesforce1 platform allowing customers to quickly modify existing or build new apps to incorporate the new features. The data is encrypted at rest in the Salesforce data store.
Not all data needs to be encrypted though. Salesforce allows users to choose which fields they wish to encrypt, this includes a number of key fields and also a set of custom fields by field type.
They accomplish this by the use of metadata which defines which fields are encrypted. This allows searches and even partial searches to work as expected along with easily set up permissions so that users who do not have access to view certain information will not view the data. It is not only fields that can be encrypted, files and attachments can also be encrypted should customers choose to do so. For those customers who have a document management system built into their Salesforce implementation this will be useful.
As with any encryption Salesforce was forced to choose between probabilistic and deterministic encryption. They chose the former using Advanced Encryption Standard (AES) with 256-bit keys using CBC mode, PKCS5 padding, and random initialization vector (IV). This means that some functionality is lost to the field encrypted, notably sort and group by, this decision will influence customers decision on which fields they wish to encrypt. It will be interesting to see whether Salesforce increases flexibility in the future for customers who may wish to retain thse features for certain applications.
Salesforce has also chosen to provide full key management in the module, something that corporate customers are increasing asking for. This includes the use of hardware security modules that means customer data is always encrypted unless unlocked by client keys. This protects the data from being viewed by Salesforce DBA’s and other employees previously able to access data and hinders external hackers getting access to the data.
Field Audit Trails
Tracking changes within data bases over a ten year period is important especially in Health Care. In fact one wonders whether Salesforce will expand the time limit within the next ten years as certain data does need to be retained longer.
This feature of Salesforce Shield will be welcomed by a number of industries. Data is stored in nearline storage with Saleforce committing to an enquiry for any data never taking longer than 120 seconds.
With this feature it is possible to set data retention policies on objects such as Accounts, Cases, contacts, leads, opportunities and even custom objects. The devil is in the detail though as standard Field history retention stores changes in up to 20 fields per object for 18 months for all Salesforce modules. The Field Audit Trail add on for can store 60 fields per object for the EE, UE, and PXE modules but is likely to cost more. So while the headline says 10 years, this can only be accomplished with additional cost.
This may be a blow to a number of application monitoring providers as Salesforce seeks to replace them within its new product. This new module provides three key benefits to customers
- Optimise processes : By capturing information about how Salesforce is being used, customers will be able to tell how users are utilising the application, how often they are using it and for how long. This will enable managers to assess whether staff are using mobile apps effectively, compare different users usage and a host of other things.
- Provide support : The module can flag whether screens take too long to load and may identify the reasons for that happening. Traditionally application monitoring solutions have provided this kind of functionality. Salesforce is now able to capture this part of the market. It will be interesting to see whether they replace any other solutions and increase revenue with this product.
- Audit and Compliance : With the ability to track changes in data, this audit function will enable customers to identify when and where users access their systems. One benefit of this will be the ability to identify unusual and potentially fraudulent behaviours. This will be useful to spot where data sets are being extracted from the data base through reports or other means as leavers potentially collect information on customers.
This module is not yet available, in fact Salesforce have not even put a release date on it. There is little information available on the solution other than what is included in the press release: “Using Data Archive, customers can store long-lived business data in the Salesforce1 Platform, while still benefiting from maximum app performance and data availability. For example, hospitals are required to store patient data for decades, but they can transfer that patient data into nearline storage and access it via simple queries when necessary.”
First Data and Genomic Health show the way
Salesforce Shield is available to the whole partner ecosystem, as part of the Salesforce1 platform and any app built natively can tap into the capabilities. Both Independent Software Vendors (ISV’s) and system integrators (SI’s) can take advantage of the new solution. However they will need to consider the pricing uplifts that this may mean to their products.
Two companies already leading the way in development of apps using Salesforce Shield are First Data and Genomic health.
Steve Petrevski, senior vice president of Technology, First Data commenting in the release said: “As a leading payments technology company serving millions of business owners around the globe, First Data adheres to rigorous federal and international compliance standards, … Salesforce1 Platform allows us to incorporate compliance capabilities into our apps to better serve the needs of our global client base.”
Genomic Health, founded in 2000, is a global cancer research company that focuses on the development and commercialization of genomic-based clinical laboratory services that analyze the underlying biology of cancer allowing physicians and patients to make individualized treatment decisions.
Paul Aldridge, chief information officer, Genomic Health commented: “Salesforce Shield is going to provide a significant contribution to our infrastructure as we continue to enhance our systems and processes to support the growing demand for our products and services,… The new platform allows us to transition more of our business into the cloud environment, utilizing Salesforce technology to continue delivering practice-changing information to deliver care for cancer patients around the world.”
How much does Salesforce Shield cost
Salesforce have used a pricing methodology that is different and sensibly does not penalise smaller companies who wish to generate and run their software using the new functionality. It will be interesting to see whether the Data Archive option follows the same model, this is unlikely as data archive requirements are likely to vary enormously between clients. Salesforce Shield will be priced at a percentage of a customer’s total Salesforce product spend.
It is possible to purchase individual components of Salesforce Shield and no doubt some customers will want to take advantage of this. However it will be interesting to see whether this functionality and therefore cost can be turned on and off for clients.
Salesforce Shield is a step forward for Salesforce despite only three of the four modules being available now. The encryption module will be of interest to industries such as financial services, healthcare, life sciences, manufacturing, technology, and government.
The event monitoring especially could be more widespread as it may enable companies to look at making savings in other software applications to fund the purchase. The field audit trail module is interesting but companies wishing to store that data longer than 18 months will need to be aware of the additional costs. Detailed pricing for the new platform was not available from Salesforce but should be available soon and the model for the pricing will be of interest to both large and small companies.