Menu
Salesforce expands encryption options with 'bring your own key'

Salesforce expands encryption options with 'bring your own key'

It could help to alleviate data-sovereignty concerns, one analyst says

Salesforce.com is stepping up its efforts to woo security-conscious businesses by adding "bring your own key" encryption to its Salesforce Shield cloud services.

Introduced a year ago, Shield offers encryption, auditing and event-monitoring functions to help companies build cloud apps that meet compliance or governance requirements. Encryption is based on keys generated by Salesforce using a combination of an organization-specific "tenant secret" and a Salesforce-maintained master one. Originally, secrets and keys in Shield were generated and managed through Salesforce's built­-in key-management infrastructure, accessed through a point-and-click interface.

"That satisfied the needs of the vast majority of customers," said Brian Goldfarb, Salesforce's senior vice president for App Cloud marketing. "But in regulated industries, there are some who want more."

Targeting organizations in such tightly controlled industries -- healthcare and life sciences, for example -- BYOK encryption gives users the option of generating and supplying their own tenant secret to create encryption keys in Shield. They can then manage those tenant secrets independently of Salesforce through their existing hardware security module (HSM) infrastructure, through open-source crypto libraries such as OpenSSL, or through third­-party services such as AWS Key Management Service. Salesforce has also partnered with key-brokering companies including Vormetric and Skyhigh as another administration option.

"This is pretty darn important," said John Kindervag, a vice president with Forrester. "Without the ability to control your own key materials, how can you be sure you and only you are controlling access rights and your own data?"

It will benefit any company that uses data that's "somewhat sensitive and could get them in trouble if it leaks," Kindervag said.

The feature could also help alleviate data-sovereignty concerns by making it easier to encrypt data and control the encryption, he added.

"Eventually, everyone will come to their senses and realize that the real solution for sovereignty is encryption, not building data centers in various countries," Kindervag said.

The new BYOK feature is in pilot testing, with general availability planned for later this year. It will be included at no extra charge with the Salesforce Shield platform-encryption module.


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags Salesforce.com

Featured

Slideshows

Malwarebytes shoots the breeze with channel, prospects

Malwarebytes shoots the breeze with channel, prospects

A Kumeu, Auckland, winery was the venue for a Malwarebytes event for partner and prospect MSPs - with some straight shooting on the side. The half-day getaway, which featured an archery competition, lunch and wine-tasting aimed at bringing Malwarebytes' local New Zealand and top and prospective MSP partners together to celebrate recent local successes, and discuss the current state of malware in New Zealand. This was also a unique opportunity for local MSPs to learn about how they can get the most out of Malwarebytes' MSP program and offering, as more Kiwi businesses are targeted by malware.

Malwarebytes shoots the breeze with channel, prospects
EDGE 2019: Channel forges new partnerships during evening networking

EDGE 2019: Channel forges new partnerships during evening networking

Partners, vendors and distributors reconnected during a number of social gatherings during EDGE 2019. The first evening saw the channel congregate for a welcome party at the Hamilton Island yacht club, while the main poolside proved to be the perfect stop for a barbecue on the final night.

EDGE 2019: Channel forges new partnerships during evening networking
Show Comments