Which type of encryption is preferred in Salesforce to ensure Higher standards of security?

Hi Manpreet,

It depends on what you aspire as both products have merit depending on your specific business' needs. Both of these services are trustworthy and they functionally do similar things.

Salesforce Shield is a product offering from Salesforce that provides data encryption at rest. It sits within the Salesforce cloud, but you have control of your encryption keys. Every field that is marked for encryption is encrypted using two keys where one is generated by Salesforce and the other is known as the tenant key. Tenant keys can be generated every four hours and these are not familiar to Salesforce and are exported by clients and then deleted from Salesforce. If it’s deleted from Salesforce, then any data encrypted using that key cannot be decrypted unless the same key is imported. Recently, Salesforce brought in the BYOK( Bring Your Own Key) factor, where clients can generate keys and supply it to Salesforce for encryption purpose.

CipherCloud is a third party product that provides data encryption and tokenization at rest and is typically installed on-premise within your company's data center and your keys are managed within that environment. All your data go through it to salesforce and CipherCloud transparently inspects data and applies granular protection policies before data is sent to Salesforce.

Hope this helps.

Thanks,
Subhendu