Menu
Salesforce expands encryption options with 'bring your own key'

Salesforce expands encryption options with 'bring your own key'

It could help to alleviate data-sovereignty concerns, one analyst says

Salesforce.com is stepping up its efforts to woo security-conscious businesses by adding "bring your own key" encryption to its Salesforce Shield cloud services.

Introduced a year ago, Shield offers encryption, auditing and event-monitoring functions to help companies build cloud apps that meet compliance or governance requirements. Encryption is based on keys generated by Salesforce using a combination of an organization-specific "tenant secret" and a Salesforce-maintained master one. Originally, secrets and keys in Shield were generated and managed through Salesforce's built­-in key-management infrastructure, accessed through a point-and-click interface.

"That satisfied the needs of the vast majority of customers," said Brian Goldfarb, Salesforce's senior vice president for App Cloud marketing. "But in regulated industries, there are some who want more."

Targeting organizations in such tightly controlled industries -- healthcare and life sciences, for example -- BYOK encryption gives users the option of generating and supplying their own tenant secret to create encryption keys in Shield. They can then manage those tenant secrets independently of Salesforce through their existing hardware security module (HSM) infrastructure, through open-source crypto libraries such as OpenSSL, or through third­-party services such as AWS Key Management Service. Salesforce has also partnered with key-brokering companies including Vormetric and Skyhigh as another administration option.

"This is pretty darn important," said John Kindervag, a vice president with Forrester. "Without the ability to control your own key materials, how can you be sure you and only you are controlling access rights and your own data?"

It will benefit any company that uses data that's "somewhat sensitive and could get them in trouble if it leaks," Kindervag said.

The feature could also help alleviate data-sovereignty concerns by making it easier to encrypt data and control the encryption, he added.

"Eventually, everyone will come to their senses and realize that the real solution for sovereignty is encryption, not building data centers in various countries," Kindervag said.

The new BYOK feature is in pilot testing, with general availability planned for later this year. It will be included at no extra charge with the Salesforce Shield platform-encryption module.


Follow Us

Join the newsletter!

Error: Please check your email address.

Tags Salesforce.com

Featured

Slideshows

Looking back at the top 15 M&A deals in NZ during 2017

Looking back at the top 15 M&A deals in NZ during 2017

In 2017, merger and acquisitions fever reached new heights in New Zealand, with a host of big name deals dominating the headlines. Reseller News recaps the most important transactions of the Kiwi channel during the past 12 months.

Looking back at the top 15 M&A deals in NZ during 2017
Kiwi channel closes 2017 with After Hours

Kiwi channel closes 2017 with After Hours

The channel in New Zealand came together to celebrate the close of 2017, as the final After Hours played out in front of a bumper Auckland crowd.

Kiwi channel closes 2017 with After Hours
Meet the top performing HP partners in NZ

Meet the top performing HP partners in NZ

HP honoured leading partners across the channel at the Partner Awards 2017 in New Zealand, recognising excellence across the entire print and personal systems portfolio.

Meet the top performing HP partners in NZ
Show Comments