Salesforce Shield is a group of three products –
- Event Monitoring
- Field Audit Trail
- Platform Encryption
These three products provide security controls in your Salesforce instance in addition to the strong security which is already built in Salesforce environment.
Salesforce Shield is an extra cost product and you have to explicitly request Salesforce to enable it for your Salesforce Org.
Here are some resources to help you get started.
1. Event Monitoring
Event Monitoring provides continuous monitoring, plus real time alerts for your Salesforce Org.
When Salesforce Event Monitoring is enabled in your Salesforce Org, data about what’s happening in your Org starts getting collected. This data is made available to you to download in the form of CSV files every 24 hours. Each file will be available to you for the next 30 days. You would need to set up an ETL job to import this data regularly in a database and create reports using a BI tool to visualize the information.
In addition, Event Monitoring also provides the ability to set up real-time alerts for specific events in your Salesforce instance. This is called Transaction Security. You would need to set up policies to customize Transaction Security real-time alerts for your Salesforce Org.
Salesforce has also created a visualization tool called Event Monitoring Wave App which gives you pre-built dashboards based on the data collected by Event Monitoring in your Salesforce Org.
Many Salesforce partner ISVs have built extensive dashboards and enhanced alerting tools using the Salesforce Event Monitoring. Cloudlock, Splunk and FairWarning are examples of some of these tools.
Create your Own Reports & Dashboards using Event Monitoring Data in Logs
- Event Monitoring Quick Start Guide or How to get from zero to dashboard in 10 minutes or less: http://www.salesforcehacker.com/2015/03/event-monitoring-quick-start-guide.html
- Salesforce Event Monitoring ELF Browser – This tool lets you download the Event Monitoring data in your Org for a quick look: https://salesforce-elf.herokuapp.com/ Please note however, that ideally you would want to set up a programmatic scheduled job to download your data automatically everyday. Here are some example scripts to automate the download: http://www.salesforcehacker.com/2014/11/downloading-event-log-files-using-script.html
- Event Monitoring Trailhead Module: https://developer.salesforce.com/trailhead/module/event_monitoring
Event Monitoring using Partner Apps
Event Monitoring using Pre-Built Analytics dashboards from Salesforce
Please note that Salesforce Event Monitoring Wave App was previously known as Admin Analytics.
Transaction Security – Real-time Events, Alerts, Actions, Notifications
2. Salesforce Platform Encryption
Salesforce Platform Encryption allows you to encrypt sensitive data at rest in your Salesforce Org. You can also encrypt files and attachments.
- What’s the Difference Between Classic Encryption and Shield Platform Encryption? https://help.salesforce.com/HTViewHelpDoc?id=security_pe_comparison_table.htm&language=en_US
- Which Fields Can I Encrypt? https://help.salesforce.com/apex/HTViewHelpDoc?id=security_pe_overview_fields.htm&language=en_US
- Limitations and Considerations for Platform Encryption: https://help.salesforce.com/HTViewHelpDoc?id=security_pe_considerations.htm&language=en_US
- Platform Encryption Best Practices: http://help.salesforce.com/HTViewHelpDoc?id=security_pe_best_practices.htm
- Platform Encryption Implementation Guide: https://resources.docs.salesforce.com/200/latest/en-us/sfdc/pdf/salesforce_platform_encryption_implementation_guide.pdf
3. Field Audit Trail
Field Audit Trail allows you to preserve the past values of specific fields in a record.
Get Started with Field Audit Trail
- Field Audit Trail: Which fields can be tracked: https://help.salesforce.com/HTViewHelpDoc?id=field_audit_trail.htm&language=en_US
- Field Audit Trail Implementation Guide: https://developer.salesforce.com/docs/atlas.en-us.field_history_retention.meta/field_history_retention/
Field Audit Trail vs Field History Tracking
All Salesforce.com editions come with Field History Tracking out of the box, with up to 20 fields per object selected for tracking changes. Tracked changes may be displayed in a related History list and are stored in a related object, object__history, for up to 18 months.
Field Audit Trail gives you the ability to track 3x more fields in a Force.com production org and control how long those field history records are retained in the org before being archived to longer-term storage:
- Maximum time to retain field history records in production org is 18 months
- Overall maximum time to retain a field history record is 10 years
- Up to 60 fields per object may be selected for tracking changes
Summary
Salesforce Shield is a group of three products –
- Event Monitoring
- Field Audit Trail
- Platform Encryption
These Salesforce Shield products allow you to build very strong security for the sensitive data in your Salesforce Org.
Here are some additional resources for you: