Salesforce Bring Your Own Key (BYOK)
Salesforce is a leading cloud-based customer relationship management (CRM) platform that offers a comprehensive suite of applications for sales, service, marketing, and more. It enables businesses to manage customer interactions, data, and analytics in a unified environment, enhancing operational efficiency and customer engagement. Salesforce provides robust solutions for various industries, leveraging cloud computing, artificial intelligence, and data analytics to drive business growth and innovation.
Bring Your Own Key (BYOK) is a security procedure that allows organizations to manage their encryption keys independently, enhancing control over data protection. Salesforce Shield Platform Encryption with BYOK enables customers to use their own encryption keys to safeguard sensitive data stored in Salesforce. This ensures that organizations maintain compliance with regulatory requirements and internal security policies, offering an additional layer of data security. By allowing customers to import, rotate, and revoke their encryption keys, Salesforce Shield Platform Encryption with BYOK provides a flexible and secure approach to data encryption, meeting the stringent needs of businesses dealing with sensitive information.
Securosys CloudHSM is a Hardware Security Module (HSM) available as cloud service. You don't have to worry about time consuming things like evaluation, setup, operation, redundancy and maintenance of the HSM infrastructure. Securosys CloudHSM is built with a geo-redundant architecture and scales according to your needs.
This guide describes how to integrate Securosys CloudHSM (HSM as a Service) or an on-premise Primus HSM cluster with Salesforce BYOK.
Architecture
When using BYOK with Salesforce, you create a key on an external HSM controlled by you (and not Salesforce). You then import this key into Salesforce. Note that this means that Salesforce receives a copy of the secret key.
Using BYOK with Salesforce has the following advantages:
- Use an existing key and bring it to Salesforce (for example, an existing PKI signing key)
- Keep a copy of the key outside of Salesforce (for example, for disaster recovery)
- Generate the key with a trusted source of entropy
- Meet regulatory requirements
Target Audience
This document is intended for Securosys Primus HSM or CloudHSM users and IT professionals. The Salesforce BYOK Procedure requires that you are already familiar with Salesforce.
For on-premise HSMs, administrative skills with the Primus HSMs are required.
Support Contact
If you encounter a problem, please make sure that you have read the documentation. If you cannot resolve the issue, contact Securosys Customer Support.
What's Next
- Consult the Quickstart page for a quick overview.
- Follow the Installation guide.
- Step through the Tutorial.
Enjoy a 3-month free trial of CloudHSM Sandbox, compatible with Salesforce BYOK.
- Sign-up and download the HSM credentials within minutes.
- Browse CloudHSM Sandbox service description