For those of you who are eager to learn why Shield is changing the way we do encryption in Salesforce and are interested in implementing it in your own org, here is a quick summary of what you can expect from this amazing new tool.
Comparing Classic and Platform Encryption
In comparison to Classic encryption; which lets you protect a certain type of custom text field that was created for that purpose; Platform Encryption enables you to encrypt a variety of standard and custom fields as well as all different kinds of files. Furthermore, accounts, contacts, cases, search, workflow, approval processes, and other Salesforce functions are supported by Platform Encryption. Although some AppExchange apps may interact with Shield encryption, it is best practice to investigate how the data is being processed and what information is protected.
The IT Leader's Guide to Multicloud Readiness
This guide provides practical key insights and important factors to consider to make informed decisions in your multicloud journey.
Diving in to Salesforce Shield
Salesforce Shield helps you to not only encrypt certain fields in the objects cited above, but also encrypt custom field types in the Salesforce data model, such as email, phone, text, text area, text area long and URL. Be warned however, when a custom field has been encrypted you can no longer change its field type or format. In addition, current or previously encrypted custom fields cannot be used in custom formula fields or criteria-based sharing rules.
If you are looking to enable Platform Encryption in your Salesforce org and you already have existing file and field data, these will not be encrypted automatically. An update of all past records in Salesforce will need to be done to trigger the encryption so that data is encrypted at rest[i]. Watch out though, the update will not encrypt existing files. To encrypt existing files, you will have to contact Salesforce.
If you are a little anxious about turning on Platform Encryption, not to worry, Salesforce will automatically check the normal operation of your Salesforce organization and let you know of any risks or impacts. If you are deploying Platform Encryption from one organization to another (Sandbox to Production), the results of the deployment will depend upon whether Platform Encryption is enabled in the target organization. If encryption is disabled, the encrypted field attribute will be ignored.
Salesforce Shield has given companies amazing new abilities in the area of encryption but it is strongly recommended to fully understand and dissect the small print of the Salesforce Security Implementation Guide before enabling it.
[i] Data at rest generally refers to data stored in persistent storage (disk, tape)