What is Salesforce?
“Salesforce is the world’s leading customer relationship management technology, helping you build and improve your customer relationships. Our Starter Suite makes it easy for small businesses to get organized and grow with the #1 AI CRM. And we’re helping organizations of all sizes unify their data and re-imagine their business for the world of AI with Agentforce, providing autonomous AI agents that take action for your employees and customers.” Link to their products page Beyond core CRM functionality, Salesforce includes a broad ecosystem of products such as:- Sales Cloud
- Service Cloud
- Marketing Cloud
- Platform Services (including the Salesforce AppExchange).
What is BYOK?
“When you supply your own tenant secret or data encryption key (DEK), you get the benefits built into Salesforce Shield Platform Encryption, plus the extra assurance that comes from exclusively managing your own key material. Depending on the feature, BYOK supports derived keys and DEKs. To be compatible with Salesforce BYOK, use a PKCS#8 encrypted, Base64 encoded 4096 RSA key pair with appropriate headers and footers.” Link to their help documentation on BYOKUsing the HSM for BYOK integration
Using the HSM for Salesforce BYOK
Salesforce BYOK allows customers to control the encryption keys that protect their data. In this integration, the AES-256 tenant secret is generated externally, while the HSM is used to securely manage and wrap the key using Salesforce’s public RSA key. By leveraging the HSM, organizations can maintain full control over their tenant secrets and upload them to Salesforce.Guardian integration
The Guardian Series 3 introduces mission-critical viability to core cryptographic infrastructure, including:- Centralization of device management
- Elimination of points of failure
- Distribution of transaction loads
- Group-specific function blocking
- User-defined grouping systems