Several media posted that Salesforce shield is a solution for encrypting mobile apps, which does not really hit the nail. Salesforce shield is a bundle of existing and new features. According to the press release:
● Salesforce Shield will be priced at a percentage of a customer’s total Salesforce product spend. Customers can purchase components of Salesforce Shield together or individually.
● Field Audit Trail, Event Monitoring, and Platform Encryption are generally available today; Data Archive is expected to be generally available next year.
Description of features:
– Field audit trail: currently Salesforce tracks the history of up to 20 fields per object. Field history is available on custom objects and most standard objects, with some exception (such as campaign, campaignMember, order). By using chatter feed tracking, another 20 fields might be made sensitive to changes. Field history is tracked in a separate _history object which can grow to considerable size, which can be expensive in terms of data storage and can cause performane problems. For example, in an organisation with 5 million accounts, the history object could easily grow to 25 or 50 million entries. Currently, very large organisations employ custom archive methods to archive data away from the history objects into archive storage. The field audit trail will allow 60 fields to be monitored. In organisations with compliance regulations this will be a major improvement because 20 fields turned out to be insufficient for many business cases. Field audit trail uses the data archive to overcome size and performance problems and keep full history of whatever size for 10 years. Currently there is still several restrictions, such as no tracking on multi-select picklists, tracking only on the typically largest objects (lead, account, contact, opportunity, case). Product and pricebook can also grow large, but they are not included at this time.
– Data archive
Data archive is expected to be built on the “Big Objects” feature. Big objects was announced in the Summer 15 release notes and is expected to be built on the Apache HBase product stack. Data archive will therefore allow history objects massive scaling beyond existing limitations.
– Salesforce Platform encryption is a more powerful version of field encryption. Custom Field encryption is part of the standard product stack and included in Enterprise Edition and above. See the Salesforce comparison chart for details. Standard encrypted fields have 128 bit encryption and Keys reside inside salesforce (split to two locations). Platform encryption is based on 256 bit encryptions, and allows keys to be residing outside Salesforce and rotatet frequently. Salesforce platform encryption allows search based on encrypted fields (for example: by credit card number).
– Event Monitoring allows capturing events such as API Callouts, SOAP calls, REST usage, Apex triggers, login, logout, login as, report download, attachment downloads etc. Some of these events are today available in debug logs or login history reports, but there is no way for capturing these informations on a complete and systematic basis. Typically this informations would be fed into a secure storage such as Salesforce analytics (Wave) for further analysis. Setup and Configuration changes are availble thru the Audit Trail. Event monitoring is a major improvement for all organisations requiring thorough auditing.