- What level of encryption is used? AES-256, etc.
Advanced Encryption Standard (AES) with 256-bit keys using CBC mode, PKCS5 padding, and random initialization vector (IV)
- Who holds the encryption keys?
The AES-256 keys used to encrypt customer data aren’t persisted. Instead, they’re derived on demand from secrets generated by logically and physically separated HSMs. The master secret is generated at the start of each Salesforce release and stored securely in Salesforce’s internal system. The customer-specific tenant secret is generated by customers on demand and stored securely in the database. These secrets, along with a master salt generated at the start of each release, are used as inputs to Password-Based Key Derivation Function 2 (PBKDF2) to derive data encryption keys. PBKDF2 is run on a key derivation server in a Salesforce data center. Once derived, data encryption keys are sent (encrypted) back to the encryption service running on the App Cloud and stored in the cache of a platform application server until the cache is flushed.
- Data transmission does not use old SSL protocols, even as fallback? SSLv2, etc.
Salesforce.com invests heavily in network defense. We use the same world-class security as global banks do for their banking. For example, we encrypt all data transmissions that involve our systems using SSL 3.0/TLS 1.0 global step-up certificates from VeriSign to ensure that prying eyes cannot use data that might be intercepted. We employ perimeter firewalls and edge routers to block unused transmission protocols, and use internal firewalls to segregate traffic between the application and database tiers.
Have more questions? Submit a request