Menu
Salesforce expands encryption options with 'bring your own key'

Salesforce expands encryption options with 'bring your own key'

It could help to alleviate data-sovereignty concerns, one analyst says

Salesforce.com is stepping up its efforts to woo security-conscious businesses by adding "bring your own key" encryption to its Salesforce Shield cloud services.

Introduced a year ago, Shield offers encryption, auditing and event-monitoring functions to help companies build cloud apps that meet compliance or governance requirements. Encryption is based on keys generated by Salesforce using a combination of an organization-specific "tenant secret" and a Salesforce-maintained master one. Originally, secrets and keys in Shield were generated and managed through Salesforce's built­-in key-management infrastructure, accessed through a point-and-click interface.

"That satisfied the needs of the vast majority of customers," said Brian Goldfarb, Salesforce's senior vice president for App Cloud marketing. "But in regulated industries, there are some who want more."

Targeting organizations in such tightly controlled industries -- healthcare and life sciences, for example -- BYOK encryption gives users the option of generating and supplying their own tenant secret to create encryption keys in Shield. They can then manage those tenant secrets independently of Salesforce through their existing hardware security module (HSM) infrastructure, through open-source crypto libraries such as OpenSSL, or through third­-party services such as AWS Key Management Service. Salesforce has also partnered with key-brokering companies including Vormetric and Skyhigh as another administration option.

"This is pretty darn important," said John Kindervag, a vice president with Forrester. "Without the ability to control your own key materials, how can you be sure you and only you are controlling access rights and your own data?"

It will benefit any company that uses data that's "somewhat sensitive and could get them in trouble if it leaks," Kindervag said.

The feature could also help alleviate data-sovereignty concerns by making it easier to encrypt data and control the encryption, he added.

"Eventually, everyone will come to their senses and realize that the real solution for sovereignty is encryption, not building data centers in various countries," Kindervag said.

The new BYOK feature is in pilot testing, with general availability planned for later this year. It will be included at no extra charge with the Salesforce Shield platform-encryption module.


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags Salesforce.com

Featured

Slideshows

EDGE 2018: Kiwis kick back with Super Rugby before NZ session

EDGE 2018: Kiwis kick back with Super Rugby before NZ session

New Zealanders kick-started EDGE 2018 with a bout of Super Rugby before a dedicated New Zealand session, in front of more than 50 partners, vendors and distributors on Hamilton Island.​

EDGE 2018: Kiwis kick back with Super Rugby before NZ session
EDGE 2018: Kiwis assess key customer priorities through NZ research

EDGE 2018: Kiwis assess key customer priorities through NZ research

EDGE 2018 kicked off with a dedicated New Zealand track, highlighting the key customer priorities across the local market, in association with Dell EMC. Delivered through EDGE Research - leveraging Kiwi data through Tech Research Asia - more than 50 partners, vendors and distributors combined during an interactive session to assess the changing spending patterns of the end-user and the subsequent impact to the channel.

EDGE 2018: Kiwis assess key customer priorities through NZ research
Show Comments