|
|
|
|
|
|
by kbolino
737 days ago
|
|
|
It sounds like it is in addition to full-disk encryption, not instead of it. Encrypting each field with a distinct key that an attacker cannot glean by simply exfiltrating all the data on disk and/or all the data in RAM protects against online attacks in a way that full-disk encryption cannot. The real question is: does Salesforce do this properly? |
|
|
I can’t speak for the implementation, but my guess is that it’s been very thoroughly vetted by both internal security and external pen tests. They wouldn’t market a high profile security feature without that.
(1: I am an ex-Heroku / Salesforce employee)