Vormetric is participating in a pilot program to offer key management-as-a-service (KMaaS) for Salesforce Shield Platform Encryption.
Salesforce Shield Platform Encryption enables enterprises using Salesforce to natively encrypt data at rest across their Salesforce apps without compromise to business functionality. Vormetric Key Management-as-a-Service for Salesforce, available via channel partners, adds controls that enable organizations to help meet compliance and best-practice requirements by storing, managing and maintaining tenant secrets used to derive encryption keys within a secure Vormetric-hosted environment.
In order to meet compliance mandates, data residency requirements and best practices, enterprises using Salesforce Shield Platform Encryption may need to address some additional requirements for managing keys:
- Encrypted keying material storage separated from key usage locations
- Segregated management of tenant secret creation, rotation, deactivation and destruction
- Separation of duties for key management based upon organization and locale
- Auditing of encryption key management, usage and access
Vormetric’s KMaaS enables organizations to easily meet these requirements, while making use of Salesforce’s SaaS-based platform to eliminate the need to deploy, maintain and resource encryption key management tasks.
As identified in the 2016 Vormetric Data Threat Report, complexity is the top concern that organizations identified when considering the use of encryption and other data protection solutions. Vormetric KMaaS for Salesforce helps eliminate this complexity, enabling rapid deployment directly integrated with Salesforce and simplifying interfaces that can help organizations immediately begin protecting their sensitive data stored within Salesforce applications.
Vormetric’s management of tenant secrets used to derive encryption keys also eliminates the problems organizations typically encounter with on-premises installations, including integration and configuration of physical hardware and software. In addition, dedicated interfaces for Salesforce Shield Platform Encryption make it easier for security administrators to fully utilize encryption key management tasks.
“Past data encryption options for SaaS resulted in reductions to business functionality, as encryption services were not integrated with SaaS infrastructure,” said Vormetric vice president of cloud, CJ Radford. “This combined solution with Salesforce represents a new milestone – offering a complete, flexible encryption solution. Salesforce Shield Platform Encryption provides the robust encryption service, while Vormetric provides complementary capabilities to further address needs to meet compliance and best practices for managing of encryption key lifecycles outside of Salesforce. And all without the need for enterprises to become cryptographic experts.”