Imagine walking through the halls of the Louvre Museum in Paris. You’re there to see its most famous resident: the Mona Lisa. As you approach, you notice it’s not just hanging on the wall like the other works of art. It’s shielded by layers of security, like a climate-controlled environment, bulletproof glass, and constant surveillance.
Why the extra protection? Because the Mona Lisa is an irreplaceable asset. Your company’s data is your Mona Lisa. It’s one of your most valuable assets, and it deserves the same multi-layered approach to data protection. And the first step in any data protection strategy is data encryption.
Data encryption: Your first line of defense
Data encryption is the process of converting readable data into an unreadable format. For example, when you enter a credit card number online and see it replaced by asterisks or hashtags, that’s a form of encryption in action. The only way to convert that unreadable text back to its original form is with a unique encryption key.
With today’s evolving security threats and complex regulations, encryption is non-negotiable. It helps you mitigate risks from both external and internal threats, address ever-changing compliance mandates, and, most importantly, maintain the trust of your customers. It’s no wonder that IT leaders rank data encryption as the most effective security tactic to combat evolving threats.
Layering your security: Lessons from the Louvre
Just as the Louvre doesn’t rely on a single locked door to protect its treasures, your data security strategy shouldn’t rely on a single layer of encryption. With Salesforce Shield Platform Encryption, you can apply additional layers of protection based on the sensitivity of your data, all while preserving the power and functionality of the Salesforce Platform.
Let’s go back to our museum analogy to see how this works.
The foundation: Volume encryption
At the end of the day, the Louvre locks its doors, securing everything inside. This is analogous to Volume Encryption which comes standard with your Salesforce licenses. It protects all your data at the infrastructure level with shared encryption keys, guarding against threats like the physical theft of a server disk. It’s efficient and protects everything, from priceless artifacts to the pencils in the gift shop, but it’s a foundational layer, not a targeted one.
Ultimate protection: Shield field-level encryption
The Mona Lisa gets special treatment: bulletproof glass. In terms of your Salesforce data, this is like Field-Level Encryption. You apply it to your most precious and sensitive data fields for the highest level of protection. While this security is unmatched, it comes with certain trade-offs. Just as the glass creates distance between you and the painting, deeply encrypting specific fields can impact some platform functionality. It’s the right choice for your crown jewels, but you wouldn’t put every painting behind bulletproof glass.
The best of both worlds: Shield database encryption
Think about the other paintings in the Louvre. While they don’t have bulletproof glass, they aren’t just bare canvases on a wall. They have protective frames and other transparent measures that shield them from accidental bumps or environmental factors.
This is the role of the new Database Encryption.
As of writing this, 30% of Salesforce sandboxes have the beta option for database encryption. It provides a powerful, additional layer of security with one key difference: it’s completely transparent to your users and your org. This approach offers a balance of security and usability. You get the benefits of dedicated, customer-managed encryption without the trade-offs of field-level encryption. It ensures all your important data has that extra layer of protection, just like a frame on a painting, without diminishing the user experience.

Layers of protection work better together
The most important lesson from the Mona Lisa is that security layers are not an “either/or” choice—they are designed to work together. The painting has its bulletproof glass, which is surrounded by a frame, and is housed within a secure, climate-controlled room, all inside a locked museum.
Similarly, your Salesforce security strategy should be multi-layered. You can use Shield Database Encryption across your database and apply Field-Level Encryption for your most sensitive fields — all running on top of the standard Volume Encryption. You choose the right level of protection for the right data, creating a comprehensive defense.
Future-proof your IT security strategy
Learn how the top security and compliance professionals are securing their data in the AI era.
See Platform Encryption in action at Dreamforce
In addition to Database Encryption, we’ve also recently launched Platform Encryption for Data Cloud. This allows you to transparently encrypt your most sensitive data in Data Cloud with customer-managed keys for greater control and flexibility.
Want to see Platform Encryption for yourself? See a demo of our entire suite of Shield products at Dreamforce.
Seriously secure, from day one
With tools like encryption, activity tracking, and audit logs, Shield gives you everything you need to protect your org’s data and keep moving forward.