Salesforce Encryption

StratoKey is a CASB that provides Encryption, Monitoring, Analytics and Defensive (EMAD™) capabilities for Salesforce® and Force.com applications. With StratoKey, organizations gain control over their data security through FIPS certified Encryption (and optional Tokenization) that protects the confidential information input into Salesforce. This data protection ensures the information you store in Salesforce is encrypted and you have sole control of the encryption keys. StratoKey helps organizations meet stringent regulatory and compliance requirements (such as HIPAA, ITAR, CCPA, PIPEDA and GDPR) through selective encryption and clearly defined encryption key separation, including on-premise key storage.


Meeting Compliance Requirements

EMAD™ provides organizations with a complete set of powerful security controls designed to prevent data breaches and meet stringent compliance requirements. StratoKey helps organizations meet data privacy requirements specified by HIPAA, ITAR, CCPA, PIPEDA and GDPR. When an organization deploys StratoKey, in addition to field and attachment encryption, organizations immediately gain real-time user monitoring, security analysis of interactions, detailed audit trails and automated security rule and policy enforcement. This is all provided in a scalable, high-throughput, zero maintenance deployment.

Salesforce Integration

Encryption of fields and attachments

Mobile App support

Lightning and Classic

Salesforce Data loader

Single Sign On support (SSO)

High performance, low latency

Security Rule and Policy Enforcement

Apex, Trigger, Workflow support



Onshore storage & encryption for regulated Salesforce data

StratoKey has the capability to store locally (onshore) sensitive data that would normally reside in Salesforce. Using the StratoKey onshoring solution, organizations can store any sensitive data in their own database. This database can be hosted either on premise or in a private cloud environment. The StratoKey data onshoring solution is designed to assist organizations in meeting strict data privacy regulations and 'Safe Harbor' requirements.

StratoKey also provides data (field) encryption that can be utilized to control access to sensitive data. Unlike typical SaaS platform encryption, the client has complete control over data decryption. Encryption keys never leave the organizations control and Salesforce (the company) never has access to your encryption keys or decryption capabilities. All encryption and decryption of data is performed by your own StratoKey Gateway, that is hosted in your own infrastructure.



StratoKey solves regulatory compliance requirements that are easily overlooked. Requirements that are not solved by platform encryption, Shield or BYOK.


(1) Data Storage Location: You determine where your sensitive data is stored.
(2) Privacy of data: Encrypting or tokenizing (onshoring) ensures your data is always private and no-one except for the users you directly provision has access.
(3) Offshore support staff: When your data is encrypted or tokenized by StratoKey you control who has access. If you do not provision a user in your StratoKey Gateway, they never see sensitive data in plain text. It's always either encrypted or tokenized.
(4) Government access: By storing or encrypting data locally you prevent third party governments from accessing your sensitive data. In some countries this restriction is required (EU GDPR since Schrems II) by data privacy law.


Contact us to learn more about how we can help you with your Salesforce data protection requirements.


Salesforce GDPR Encryption Salesforce GDPR Encryption

DOWNLOAD CASB GUIDE

* EMAD™ is a trademark of StratoKey Pty Ltd.