Salesforce Shield Implementation Guide 2024

Salesforce Shield Implementation Guide 2024

Data security and compliance are more critical in today’s digital landscape than ever. According to a recent study by IBM, the average data breach cost in 2021 was $4.24 million, with the healthcare industry experiencing the highest average cost at $9.23 million per incident. Salesforce, the world’s leading Customer Relationship Management (CRM) platform, offers a powerful solution to address these concerns: Salesforce Shield. 

A survey by Salesforce found that 60% of customers would stop doing business with a company if they experienced a data breach. In this blog post, we’ll explore Salesforce Shield, how it works, and how you can implement it to enhance your organization’s data security and compliance posture.

What is Salesforce Shield?

Salesforce Shield is a set of advanced security and compliance features that extend the Salesforce platform’s already robust security capabilities. It provides organizations with enhanced data protection, monitoring, and governance tools, enabling them to meet stringent industry regulations and protect sensitive data.

How does Salesforce Shield work?

Let’s take a closer look at how each of the Salesforce Shield components work:

Platform Encryption:

  • Encrypts data using a unique tenant secret derived from a master secret owned and managed by the customer.
  • Supports deterministic (exact-match) and probabilistic (fuzzy-match) encryption for different use cases.
  • Encrypts data in transit using TLS and at rest using AES-256.
  • Preserves critical platform functionality like search, validation rules, and workflow rules.

Event Monitoring:

  • Captures detailed data about user activity in real time.
  • Provides event log files that can be exported to external security information and event management (SIEM) systems for further analysis.
  • It supports real-time event monitoring and alerts using the Event Monitoring Analytics App.

Field Audit Trail:

  • Tracks change to data at the field level for up to 60 fields per object.
  • Provides a full audit trail of changes, including the old and new values, the change date and time, and the user who made the change.
  • It retains field history for up to 10 years and can purge data after a specified retention period.
  • Supports compliance with regulations like GDPR, HIPAA, and SOX.

Also Read – Salesforce CPQ Implementation Guide

How to implement Salesforce Shield?

Implementing Salesforce Shield involves the following key steps:

Assess your security and compliance requirements:

  • Identify the types of sensitive data you store in Salesforce (e.g., PII, PHI, financial data).
  • Determine which regulations and industry standards you must comply with (e.g., GDPR, HIPAA, PCI-DSS).
  • Define your data retention and audit requirements.


Purchase and provision Salesforce Shield licenses:

Salesforce Shield is an add-on license that needs to be purchased separately.

Work with your Salesforce account executive to determine the appropriate license type and quantity based on your needs.

Enable and configure Platform Encryption:

  • Identify the fields you want to encrypt based on your security and compliance requirements.
  • Generate and manage your tenant secret using a Hardware Security Module (HSM) or a Key Management Service (KMS).
  • Enable and configure encryption for the selected fields.
  • Test your encryption configuration to ensure critical platform functionality is preserved.

Set up and configure Event Monitoring:

  • Determine the event types you want to monitor based on your security and compliance requirements.
  • Enable Event Monitoring in your Salesforce org.
  • Configure event log file generation and storage.
  • Set up real-time monitoring and alerting using the Event Monitoring Analytics App.

Enable and configure Field Audit Trail:

  • Identify the objects and fields you want to track based on your compliance and audit requirements.
  • Enable Field Audit Trail for the selected objects and fields.
  • Configure field history retention policies based on your data retention requirements.
  • Set up custom reports and dashboards to monitor field history data.

Train your users and administrators:

  • Educate your Salesforce users on data security and compliance best practices.
  • Train your administrators on how to use and manage Salesforce Shield features.
  • Establish policies and procedures for incident response and reporting.

Following these steps, you can effectively implement Salesforce Shield and enhance your organization’s data security and compliance posture.

Also Read – Salesforce B2B Commerce Implementation Guide

What are the key features of Salesforce Shield?

– Platform Encryption for sensitive data at rest

– Event Monitoring for user activity tracking and threat detection 

– Field Audit Trail for granular data change history

– Shield Platform Encryption for enhanced encryption key management

– Real-Time Event Monitoring for immediate alerts on suspicious activity

How do I enable field history tracking in Salesforce Shield?

To enable Field Audit Trail:

  1. From Setup, enter “Field Audit Trail” in the Quick Find box
  2. Click on “Field Audit Trail”
  3. Click “Enable Field Audit Trail”
  4. Select the objects and fields you want to track
  5. Click “Save”

Is Salesforce Shield necessary for compliance with GDPR?

The General Data Protection Regulation (GDPR) is a comprehensive data protection law that applies to organizations that process the personal data of EU citizens, regardless of where the organization is located. GDPR requires organizations to implement appropriate technical and organizational measures to ensure personal data security, confidentiality, and integrity.

While Salesforce Shield is not explicitly required for GDPR compliance, its features can significantly help organizations meet several key GDPR requirements:

Data Protection by Design and Default (Article 25):

  • Platform Encryption helps ensure that personal data is protected at rest by default.
  • Event Monitoring and Field Audit Trail provide granular monitoring and auditing capabilities to detect and investigate potential data breaches.

Security of Processing (Article 32):

  • Platform Encryption helps ensure the pseudonymization and encryption of personal data.
  • Event Monitoring enables the ability to ensure the ongoing confidentiality, integrity, availability, and resilience of processing systems and services.
  • Field Audit Trail helps ensure the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident.

Data Breach Notification (Articles 33 and 34):

  • Event Monitoring and Field Audit Trails can help detect and investigate potential data breaches and provide supervisory authorities and data subjects with the necessary information to notify them of breaches.

Data Protection Impact Assessments (Article 35):

  • Salesforce Shield features can help assess the effectiveness of technical and organizational measures for ensuring the security of processing personal data.

Record Keeping (Article 30):

  • Field Audit Trail helps maintain a record of processing activities, including the categories of personal data processed, the purposes of processing, and the recipients of personal data.

Related Read – Salesforce Implementation With AI Guide

It’s important to note that while Salesforce Shield provides powerful tools to help with GDPR compliance, it is not a complete solution. Organizations must still implement appropriate data protection policies, procedures, and training to comply with GDPR fully.

Additionally, organizations should thoroughly assess their specific data processing activities and compliance requirements to determine whether Salesforce Shield is necessary for their particular situation. Factors to consider include the types of personal data processed, the scale and complexity of processing, and the risks to the rights and freedoms of data subjects.


Salesforce Shield is a powerful suite of security and compliance features that can help organizations protect sensitive data, monitor user activity, and maintain detailed audit trails. By implementing Salesforce Shield, you can enhance your data security posture, meet stringent industry regulations, and give your customers and stakeholders confidence in your commitment to data protection.

To learn more, sign up with today.

Frequently Asked Questions (FAQs)

1. Is Salesforce Shield included with all Salesforce licenses?

No, Salesforce Shield is an add-on package that requires separate licensing.

2. Can I encrypt all my Salesforce data with Platform Encryption?

While Platform Encryption supports a wide range of standard and custom fields, some limitations exist. Be sure to review the list of supported fields before enabling encryption.

3. How long does Salesforce retain Event Monitoring data?

Event Monitoring data is retained for 30 days by default, but you can purchase additional storage to extend this period.

4. Can I selectively enable Field Audit Trail for specific fields?

Yes, you can choose which objects and fields to track with Field Audit Trail, giving you granular control over your auditing scope.