I am looking any backup encryption for this program, and looking into how the backed up data at rest can be encrypted. At the moment, it appears that you have to select individual fields within objects that you wish to be encrypted, and cannot select objects in bulk, instead going one at a time. There is also a limit of 100 fields per object that can be encrypted, so when an objects has more than 100 fields, we have to choose which specific fields we do and don't encrypt. There is also seemingly no way to automate the encryption of new objects/fields/files as they are added, instead if a new object is created it would have to be manually selected for encryption.
I am hoping there could be an addition to allow ALL objects/fields/files to be encrypted with a single button, similar to how encryption works with Veeam Backup and Replication. This applied at the job level, and everything backed up via this job will then be encrypted going forward. It would be good if this feature could also allow for any new object/fields or file types to be automatically added to the encryption as they are added to Saleforce - removing the manual process of adding new items in to be encrypted, and ensuring all backed up data has encryption enabled.
This question was originally raised in support case #07638318.
Thanks,
Owen
-
ohowlett
- Lurker
- Posts: 1
- Liked: never
- Joined: Mar 31, 2025 2:59 pm
- Full Name: Owen Howlett
- Contact:
-
MIvanov
- VP, Product Management
- Posts: 288
- Liked: 78 times
- Joined: Dec 12, 2008 2:39 pm
- Full Name: Maxim
- Contact:
Re: Backup Encryption
Hello Owen, thanks for your question and sorry for the late reply. We will consider your feedback for future iterations.
When you work with Veeam Backup and Replication, the data on the disk is encrypted, you cannot do much with it. However, when you have the right user, you can open the VBR UI, open any backup, read files and restore them. Right?
The same with Veeam Backup for Salesforce. For Data inside the PostgreSQL, if you get the PG database file, you cannot do much with it either, it is protected with the user credentials. However, when you have the right user access, you can access data inside PostgreSQL DB
In other words, if you get the DB and try to connect it to a new PG server, you will not succeed if you don't have correct user credentials.
Additionally to standard db-level encryption, in VBSF you can enable "client-side encryption", for cases when you don't trust the DB admin.
https://www.postgresql.org/docs/current ... tions.html . This option comes at a performance cost and limitation because to allow application to work, some fields must stay unencrypted.
If you want a parallel with Salesforce itself, you cannot encrypt all fields there!
* You setup encryption for some fields and only manually.. but this encryption is transparent to powerful users.
* You can create encrypted text fields which require some extra permission to read, but you are limited to text, special field type and so many use cases...
We will consider your feedback for future iterations.
When you work with Veeam Backup and Replication, the data on the disk is encrypted, you cannot do much with it. However, when you have the right user, you can open the VBR UI, open any backup, read files and restore them. Right?
The same with Veeam Backup for Salesforce. For Data inside the PostgreSQL, if you get the PG database file, you cannot do much with it either, it is protected with the user credentials. However, when you have the right user access, you can access data inside PostgreSQL DB
In other words, if you get the DB and try to connect it to a new PG server, you will not succeed if you don't have correct user credentials.
Additionally to standard db-level encryption, in VBSF you can enable "client-side encryption", for cases when you don't trust the DB admin.
https://www.postgresql.org/docs/current ... tions.html . This option comes at a performance cost and limitation because to allow application to work, some fields must stay unencrypted.
If you want a parallel with Salesforce itself, you cannot encrypt all fields there!
* You setup encryption for some fields and only manually.. but this encryption is transparent to powerful users.
* You can create encrypted text fields which require some extra permission to read, but you are limited to text, special field type and so many use cases...
We will consider your feedback for future iterations.
Who is online
Users browsing this forum: No registered users and 1 guest