Encryption keys generated and approved by account owner
Data encrypted using customer keys, not derivatives or composite keys
Encryption keys rotated and destroyed according to the organization’s schedule, or on-demand
Two-person key revocation/purge
Dedicated data tenancy encrypted using customer-provided encryption key
OwnBackup allows customers to encrypt their backup data using own Base64-formatted string of a 256-bit secret.
OwnBackup will backup and recover Salesforce Shield encrypted fields, when granted permissions.
OwnBackup will backup and recover Salesforce Shield encryption keys, in their cipher-text form.
OwnBackup can set notifications upon changes to Salesforce Shield encryption keys.
Easily manage and archive master encryption keys in the Account Settings dashboard. Use this dashboard to quickly find out which keys are Active, Canceled, or Archived.
A two-person process ensures authorized master encryption key revocation.
Encryption in transit via TLS1.1 or TLS1.2
2FA and IP Restriction support (or SSO via SAML 2.0)
Backups are restored at Amazon Web Services (independent from Force.com)
All customer activities audited and logged
Comprehensive information security program with SOC2 Type II third-party audit