Salesforce erects Shield for better enterprise-app security

New suite targets companies with regulatory, compliance or governance requirements

The Field Audit Trail feature in Salesforce Shield.

The Field Audit Trail feature in Salesforce Shield.

Security has been an increasingly dominant theme in the enterprise software chorus in recent months, and on Tuesday Salesforce added a new voice to the mix with Shield, a set of platform services designed to help companies build secure apps.

Designed as part of the Salesforce1 platform, Shield offers four security-minded components intended to make it easier for companies with regulatory, compliance or governance requirements to build cloud apps with built-in auditing, encryption, archiving and monitoring functions.

A platform encryption feature, for instance, means that companies can easily designate sensitive data to be encrypted while preserving key business capabilities and workflow. A health insurance company, say, could manage personally identifiable information (PII) and protected health information (PHI) without compromising its agents' ability to perform key functions using that data, such as searching claims, determining coverage eligibility and approving payments.

Event monitoring, meanwhile, gives IT organizations a way to see which users are logging into Salesforce along with what information they are accessing, from where, and through what channel. Financial management firms, for instance, could use the capability to determine whether their financial advisors are capturing the right client data in Salesforce and also when employees are downloading sensitive customer information unnecessarily, including pinpointing the exact time and location.

A data archive feature allows organizations to store long-lived business data in the Salesforce1 platform without compromising app performance or data availability.

Finally, Salesforce Shield's field audit trail component is designed to help businesses comply with industry regulations by tracking data changes at the field level for up to 10 years and setting different policies for each Salesforce object to ensure data is purged when it's no longer needed.

Salesforce Shield extends to all native Salesforce1 apps, including those created by the company's partners. It will be priced at a percentage of a customer's total Salesforce expenditures.

Salesforce Shield's four component services can be purchased together or individually. All of them are now available, with the exception of the data archive capability, which is due next year.

Join the CSO newsletter!

Error: Please check your email address.

Tags application developmentsecuritySalesforce.comsoftwarecloud computinginternet

More about

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Katherine Noyes

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place