Newer Version Available

This content describes an older version of this product. View Latest

What’s the Difference Between Classic Encryption and Shield Platform Encryption?

With Shield Platform Encryption, you can encrypt a variety of widely used standard fields, along with some custom fields and many kinds of files. Shield Platform Encryption also supports person accounts, cases, search, approval processes, and other key Salesforce features. Classic encryption lets you protect only a special type of custom text field, which you create for that purpose.
Available as add-on subscription in: Enterprise, Performance, and Unlimited Editions. Requires purchasing Salesforce Shield. Available in Developer Edition at no charge for organizations created in Summer ’15 and later.
Available in both Salesforce Classic and Lightning Experience.

Feature Classic Encryption Shield Platform Encryption
Pricing Included in base user license Additional fee applies
Encryption at Rest Checkmark Checkmark
Native Solution (No Hardware or Software Required) Checkmark Checkmark
Encryption Algorithm 128-bit Advanced Encryption Standard (AES) 256-bit Advanced Encryption Standard (AES)
HSM-based Key Derivation Checkmark
“Manage Encryption Keys” Permission Checkmark
Generate, Export, Import, and Destroy Keys Checkmark Checkmark
PCI-DSS L1 Compliance Checkmark Checkmark
Masking Checkmark Checkmark
Mask Types and Characters Checkmark
“View Encrypted Data” Permission Required to Read Encrypted Field Values Checkmark Checkmark
Encrypted Standard Fields Checkmark
Encrypted Attachments, Files, and Content Checkmark
Encrypted Custom Fields Dedicated custom field type, limited to 175 characters Checkmark
Encrypt Existing Fields for Supported Custom Field Types Checkmark
Search (UI, Partial Search, Lookups, Certain SOSL Queries) Checkmark
API Access Checkmark Checkmark
Available in Workflow Rules and Workflow Field Updates Checkmark
Available in Approval Process Entry Criteria and Approval Step Criteria Checkmark

Beginning with Spring ’17, Shield Platform Encryption no longer masks encrypted data. This may affect some users’ ability to work with encrypted data. If you have data you don’t want specific users to see, revisit their field-level security settings, record access settings, and object permissions.

Note