Frequently Asked Questions
Remedyforce Frequently Asked Questions regarding Remedyforce & Salesforce Shield
05 March 2018
Frequently Asked Questions regarding Salesforce Shield
PAGE 2 OF 12 CONFIDENTIAL
Table of Contents Salesforce Shield _______________________________________________________________________________________ 4
Platform Encryption ............................................................................................................................................................................ 4 Event Monitoring ................................................................................................................................................................................. 4 Field Audit Trail .................................................................................................................................................................................... 5
Remedyforce and Salesforce Shield _______________________________________________________________________ 5 Frequently Asked Questions _____________________________________________________________________________ 5
1. Is Salesforce Shield an additional cost? .......................................................................................................................................... 5 2. Is Salesforce Platform Encryption an additional cost? .................................................................................................................... 5 3. Is Salesforce Event Monitoring an additional cost? ......................................................................................................................... 5 4. Is Salesforce Field Audit Trial an additional cost? ........................................................................................................................... 5 5. Can I buy Salesforce Platform Encryption from BMC? ................................................................................................................... 5 6. Can I buy Salesforce Shield from BMC? .......................................................................................................................................... 5 7. Can I buy each of the point products that make up Shield individually? For example, I only want to purchase Event Monitoring? ............................................................................................................................................................................................ 2 8. Why would a customer need Platform Encryption or encrypt data at rest? ................................................................................... 2 9. Can I encrypt everything?................................................................................................................................................................. 3 10. Can I encrypt managed package fields? ....................................................................................................................................... 3 11. I have Platform Encryption enabled but I still cannot encrypt a managed package field. What’s going on? ............................. 3 12. I see that I can have Salesforce generate a Key for me, but can I bring and manage my own Keys? ....................................... 3 13. I encrypted a field, why can my staff still see the data? ................................................................................................................ 3 14. Are there limitations? ...................................................................................................................................................................... 4 15. What is the order of enabling encryption in my Org? .................................................................................................................... 4 16. How do I encrypt the fields that hold the data provided in Service Requests? ............................................................................ 5 17. Can I encrypt Rich Text Fields? ..................................................................................................................................................... 5 18. So if I use Rich Text Fields in Service Requests what can I do? .................................................................................................. 5 19. What about Rich Text Email (incoming and outgoing)? ................................................................................................................ 5 20. I encrypted a field and now I’m getting an error when I try and use the Remedyforce Console! It says something about “Object type not accessible. Please check permissions and make sure the object is not in development mode: SELECT <field> FROM <object> WHERE <field=data>……” ........................................................................................................................................ 6 21. I elected to encrypt a field is my data automatically encrypted? ................................................................................................... 6 22. Are there resources available to learn more around Salesforce Platform Encryption? ............................................................... 6 23. Do I need to back up my Platform Encryption Key?...................................................................................................................... 6 24. If WHERE clause is not supported for encrypted fields, then how does this impact search for things like Knowledge Articles? ................................................................................................................................................................................................................ 6 25. How does Platform Encryption work with Sandboxes? ................................................................................................................ 7 26. How can I trial Salesforce Shield and Platform Encryption. .......................................................................................................... 7 27. Can Remedyforce Support answer questions around Event Monitoring and Field Audit Trial. .................................................. 7
Secure Your Apps with Salesforce Shield .................................................................................................................................... 7 Event Monitoring ............................................................................................................................................................................ 7 Field Audit Trail ............................................................................................................................................................................... 7
Frequently Asked Questions regarding Salesforce Shield
PAGE 3 OF 12 CONFIDENTIAL
Document Information
Version: 7.0
Created by: Virginia Leandro
Last Modified on: 05 March 2018
Modified by: Virginia Leandro
Frequently Asked Questions regarding Salesforce Shield
PAGE 4 OF 12 CONFIDENTIAL
Salesforce Shield Salesforce is the world’s #1 trusted customer success platform. Salesforce has well over eighteen years of innovation
on the world’s most trusted cloud. Some customers may have compliance requirements that go beyond all the
security that Salesforce offers today.
Salesforce has always ensured that all customers have the highest level of data protection, availability, and
performance. From two factor authentication, to rigorous password policies, all customers get the same trust
capabilities in the platform. While Salesforce Trust provides for what most customers need, some companies in
regulated industries have compliance requirements that go beyond.
Salesforce Shield was introduced to help these highly regulated industries such as Financial Services, Healthcare, and
Public Sector who must meet regulations that govern how sensitive data is managed and accessed. Salesforce Shield
is a premium set of integrated services that are built natively on Salesforce. It lets customers see who is doing what
with sensitive data, know the state and value of their data going back up to ten years, and encrypt sensitive data at rest,
while still preserving business functionality.
The three core services include:
• Platform Encryption
• Event Monitoring
• Field Audit Trail
Platform Encryption Platform Encryption allows you to natively encrypt your most sensitive data at rest across all your Salesforce apps.
This helps you protect PII, sensitive, confidential, or proprietary data and meet both external and internal data
compliance policies while keeping critical app functionality — like search, workflow, and validation rules. You keep full
control over encryption keys and can set encrypted data permissions to protect sensitive data from unauthorized users.
Event Monitoring Event Monitoring gives you access to detailed performance, security, and usage data on all your Salesforce apps.
Every interaction is tracked and accessible via API, so you can view it in the data visualization app of your choice. See
who is accessing critical business data when, and from where. Understand user adoption across your apps.
Troubleshoot and optimize performance to improve end-user experience. Event Monitoring data can be easily imported
into any data visualization or application monitoring tool like Wave Analytics, Splunk, or New Relic. There is no user
interface to Event Monitoring. It is considered an API-only feature. Customers will have to take on responsibility of
using REST APIs to gain access to the data. Additionally, Salesforce now offers an Event Monitoring App that is a part
of Salesforce Analytics.
Frequently Asked Questions regarding Salesforce Shield
PAGE 5 OF 12 CONFIDENTIAL
Field Audit Trail Field Audit Trail lets you know the state and value of your data for any date, at any time. You can use it for regulatory
compliance, internal governance, audit, or customer service. Built on a big data backend for massive scalability, Field
Audit Trail helps companies create a forensic data-level audit trail with up to 10 years of history, up to 60 fields per
object, and set triggers for when data is deleted. There is no user interface to the Field Audit Trail data. Customers
can export the data or use REST APIs to gain access to the information.
Customers can either purchase Salesforce Shield (which includes Encryption, Event Monitoring, and Field Audit Trail)
or they can buy each product individually (for example, a customer may only want Platform Encryption).
Remedyforce and Salesforce Shield With our Remedyforce Summer 17 release we now actively support Salesforce Platform Encryption. Customers who
opt to purchase Salesforce Platform Encryption or Salesforce Shield (which includes Platform Encryption) should be
able to use Remedyforce and encrypt select fields within Remedyforce. Additional features such as Email
Conversation, Service Level Agreements, Service Requests, etc. will work within the encryption environment.
We have also done analysis and confirmed that Event Monitoring and Field Audit Trail can be used with Remedyforce;
however, there is no “user interface” for those two features. Customers will need to either use REST APIs or a third-
party analytics tool to process and assess the data. If customers have questions about Event Monitoring or Field Audit
Trail, they will be referred to information from Salesforce as we do not provide developer support for those two features.
Frequently Asked Questions
1. Is Salesforce Shield an additional cost? Yes, but the customer gets all three point products, Encryption, Event Monitoring, and Field Audit Trail.
2. Is Salesforce Platform Encryption an additional cost? Yes.
3. Is Salesforce Event Monitoring an additional cost? Yes.
4. Is Salesforce Field Audit Trial an additional cost? Yes.
5. Can I buy Salesforce Platform Encryption from BMC? Yes. If you or a customer are interested in Salesforce Platform Encryption, you can reach out to your Remedyforce
Business Relationship Manager who can get you in touch with your BMC Account Executive for a quote.
6. Can I buy Salesforce Shield from BMC? Yes. This recently changed as of February 1, 2018.
Frequently Asked Questions regarding Salesforce Shield
PAGE 2 OF 12 CONFIDENTIAL
7. Can I buy each of the point products that make up Shield individually? For example, I only want to purchase Event Monitoring? Yes. If you want to purchase Salesforce Shield Event Monitoring, or Field Audit Trail please reach out to your
Remedyforce Business Relationship Manager who can get you in touch with a BMC Account Executive who can get
you a quote.
8. Why would a customer need Platform Encryption or encrypt data at rest? Salesforce is the World’s #1 trusted customer success platform. They provide a full set of tools to ensure reliability as
well as security.
The Platform Encryption solution is typically adopted by enterprise organizations in highly regulated industries such as
financial, insurance, healthcare, and government. Platform Encryption adds an extra layer of security to their private,
sensitive and proprietary data.
Frequently Asked Questions regarding Salesforce Shield
PAGE 3 OF 12 CONFIDENTIAL
9. Can I encrypt everything? The approach Salesforce has taken is that you should encrypt as little data as possible. Salesforce gives customers
control over what data they encrypt. Your organization’s security officer or administrator chooses whether to turn on
encryption for standard fields, customer fields, files, and attachments. Customers also choose which specific fields to
encrypt at rest. The driving principle is to encrypt as little as possible to preserve functionality while keeping private,
sensitive, confidential, and regulated data safe.
10. Can I encrypt managed package fields? Remedyforce managed packaged fields can be encrypted. The data types supported for encryption are:
• Date
• Date/Time
• Phone
• Text
• Text area
• Text area (long)
• URL
As Salesforce supports more data types, we’ll make sure that Remedyforce is kept up to date and support any added
types.
11. I have Platform Encryption enabled but I still cannot encrypt a managed package field. What’s going on? Once you purchase Salesforce Shield or Platform Encryption and Salesforce enables it for your Org, you will need to
contact Remedyforce Support who can submit a case to Salesforce on your behalf to enable Encryption of Managed
Package Fields.
12. I see that I can have Salesforce generate a Key for me, but can I bring and manage my own Keys? Absolutely. Salesforce supports both Self-Signed Certificates as well as CA Certificates. You control the Key and how
often you rotate your keys. Salesforce does advise that if you manage your own keys that you export and backup your
keys to a keystore for safe.
13. I encrypted a field, why can my staff still see the data? Don’t confuse encryption of “data at rest” with “data masking”. If you need to restrict who can see data, you should
utilize Salesforce’s object, record, or field level security. Additionally, Salesforce offers a data type called “Text
(Encrypted)” that applies masking. For additional details refer to What’s the Difference Between Classic Encryption and
Shield Platform Encryption?
Frequently Asked Questions regarding Salesforce Shield
PAGE 4 OF 12 CONFIDENTIAL
14. Are there limitations? Yes. Due to the strength and nature of the encryption algorithm being used there are a number of limitations. We
suggest you refer to Salesforce General Shield Platform Encryption Considerations. Additionally, please refer to the
Remedyforce Documentation around support for Platform Encryption. We have distinguished fields that hold data that
can be encrypted and fields that how metadata (data about data) that are integral to the running of Remedyforce and
should not be encrypted.
15. What is the order of enabling encryption in my Org? Before you enable Platform Encryption, there’s definitely some leg work and planning that needs to happen.
Frequently Asked Questions regarding Salesforce Shield
PAGE 5 OF 12 CONFIDENTIAL
16. How do I encrypt the fields that hold the data provided in Service Requests? While Service Requests share the Incident object, the “user input” is actually held in the Request Detail Inputs object.
Trying to encrypt Request Definitions is considered metadata and should not be encrypted else it will cause failures.
Instead, you’ll want to encrypt the fields of the Request Detail Inputs object. The fields that can be encrypted are:
• Input/Prompt
• NewResponse
• Response
• Stored Value
Please be aware that if you map these inputs to fields of other objects such as Incident, Task, or Change, for example,
that the receiving field is also encrypted else you run the risk of that data not being encrypted at rest when used in
another object.
17. Can I encrypt Rich Text Fields? Not today. Rich Text Fields are not supported as one of the data types that Salesforce Platform Encryption supports.
18. So if I use Rich Text Fields in Service Requests what can I do? First, make sure you run the Encryption Impact Report from General Application Settings. This will report on where you
are using Text Area (Rich) fields in Service Requests.
Once you have that list you will need to convert those input fields within each Request Definition from being a Text Area
(Rich) to Text Area.
19. What about Rich Text Email (incoming and outgoing)? When you select the Support Salesforce Platform Encryption in Remedyforce from the General Applications Settings a couple of things happen with RTF emails.
• Any incoming emails that are Rich Text, will be converted to plain text when added to the module’s History
object if the Note field on the history object is encrypted.
• Any outgoing emails that are Rich Text, will be sent in Rich Text, but recorded in the module’s History object as
plain text when the Note field on the history object is encrypted.
• No data will be stored in the Rich Text Note field and the value will be blank.
Remember, that RichTextNote on History objects are of data type Rich Text Area and not supported for encryption.
Frequently Asked Questions regarding Salesforce Shield
PAGE 6 OF 12 CONFIDENTIAL
20. I encrypted a field and now I’m getting an error when I try and use the Remedyforce Console! It says something about “Object type not accessible. Please check permissions and make sure the object is not in development mode: SELECT <field> FROM <object> WHERE <field=data>……” Typically, when this error happens, it means you have encrypted a field that was being used in a Salesforce list view.
Unfortunately, Salesforce removes the field from the Filter Criteria of the list view so there is no way to know which list
view had the field as part of the Filter Criteria. The only work around is to go through and re-saving any List Views you
think may be causing the problem. We’ve reported this to Salesforce but they have not taken action on it at this time.
You can let Salesforce know this issue is impacting you by going here and attaching yourself to the Known Issue.
https://success.salesforce.com/issues_view?id=a1p3A0000008ggtQAA
21. I elected to encrypt a field is my data automatically encrypted? No. Once you encrypt a field, only new records or updated records after the encryption will be encrypted. If you need
your existing data encrypted, submit a case to Remedyforce Support to have them work with Salesforce to perform a
Mass Encryption action which will update and encrypt the data for you.
22. Are there resources available to learn more around Salesforce Platform Encryption? Check out these resources from Salesforce and the Remedyforce online documentation.
• Salesforce Shield Platform Encryption Architecture
• Salesforce Security Guide
• Salesforce Shield Platform Encryption Implementation Guide
• Salesforce Shield Platform Encryption Online Help
In addition, as it relates to Remedyforce support of Salesforce Platform Encryption, you can reference our online
help.
23. Do I need to back up my Platform Encryption Key? Yes. You should have a plan in place to ensure that you not only backup your Platform Encryption Key but that it is
kept or stored in a safe key repository. You are solely responsible for the backup and safe keeping of your key.
Salesforce will not be able to restore your keys if the security admin destroys the key and there is no backup.
See “Back Up Your Tenant Secret” in the Salesforce Platform Encryption Implementation Guide.
24. If WHERE clause is not supported for encrypted fields, then how does this impact search for things like Knowledge Articles? We use SOSL for full text searches which uses the FIND API. Something like Incident Description would be passed as
“what to find” argument and not in the WHERE clause.
Frequently Asked Questions regarding Salesforce Shield
PAGE 7 OF 12 CONFIDENTIAL
25. How does Platform Encryption work with Sandboxes? Refreshing a sandbox from a production organization creates an exact copy of the production organization. If Shield
Platform Encryption is enabled on the production organization, all encryption settings are copied, including tenant
secrets created in production. For more details please refer to:
https://help.salesforce.com/articleView?id=security_pe_sandboxes.htm&language=en_US&type=0
26. How can I trial Salesforce Shield and Platform Encryption. Salesforce currently doesn’t offer trials of Salesforce Shield or the point products. However, you could potentially spin
up a Salesforce Developer Edition Org which has Platform Encryption, install Remedyforce and do limited testing.
Please be aware that Salesforce Developer Edition Orgs are restricted to 200MB of data as they are only to be used for
testing.
27. Can Remedyforce Support answer questions around Event Monitoring and Field Audit Trial. While we resell Event Monitoring and Field Audit Trail, our Remedyforce Support team is not equipped to answer
questions. There are a number of Salesforce resources available that can help you in implementing those products.\
Secure Your Apps with Salesforce Shield
https://trailhead.salesforce.com/en/trails/shield?trailmix_creator_id=005500000060cdlAAA&trailmix_id=remedyforce-salesforce-shield
Event Monitoring
https://developer.salesforce.com/docs/atlas.en-us.210.0.api.meta/api/sforce_api_objects_eventlogfile.htm
Field Audit Trail
https://help.salesforce.com/articleView?id=field_audit_trail.htm&type=5
BMC delivers software solutions that help IT transform digital enterprises for the ultimate competitive business advantage. We have
worked with thousands of leading companies to create and deliver powerful IT management services. From mainframe to cloud to
mobile, we pair high-speed digital innovation with robust IT industrialization—allowing our customers to provide amazing user
experiences with optimized IT performance, cost, compliance, and productivity. We believe that technology is the heart of every
business, and that IT drives business to the digital age.
BMC – Bring IT to Life.