Frequently Asked Questions

Remedyforce Frequently Asked Questions regarding Remedyforce & Salesforce Shield

05 March 2018

Frequently Asked Questions regarding Salesforce Shield

PAGE 2 OF 12 CONFIDENTIAL

Table of Contents Salesforce Shield _______________________________________________________________________________________ 4

Platform Encryption ............................................................................................................................................................................ 4 Event Monitoring ................................................................................................................................................................................. 4 Field Audit Trail .................................................................................................................................................................................... 5

Remedyforce and Salesforce Shield _______________________________________________________________________ 5 Frequently Asked Questions _____________________________________________________________________________ 5

1. Is Salesforce Shield an additional cost? .......................................................................................................................................... 5 2. Is Salesforce Platform Encryption an additional cost? .................................................................................................................... 5 3. Is Salesforce Event Monitoring an additional cost? ......................................................................................................................... 5 4. Is Salesforce Field Audit Trial an additional cost? ........................................................................................................................... 5 5. Can I buy Salesforce Platform Encryption from BMC? ................................................................................................................... 5 6. Can I buy Salesforce Shield from BMC? .......................................................................................................................................... 5 7. Can I buy each of the point products that make up Shield individually? For example, I only want to purchase Event Monitoring? ............................................................................................................................................................................................ 2 8. Why would a customer need Platform Encryption or encrypt data at rest? ................................................................................... 2 9. Can I encrypt everything?................................................................................................................................................................. 3 10. Can I encrypt managed package fields? ....................................................................................................................................... 3 11. I have Platform Encryption enabled but I still cannot encrypt a managed package field. What’s going on? ............................. 3 12. I see that I can have Salesforce generate a Key for me, but can I bring and manage my own Keys? ....................................... 3 13. I encrypted a field, why can my staff still see the data? ................................................................................................................ 3 14. Are there limitations? ...................................................................................................................................................................... 4 15. What is the order of enabling encryption in my Org? .................................................................................................................... 4 16. How do I encrypt the fields that hold the data provided in Service Requests? ............................................................................ 5 17. Can I encrypt Rich Text Fields? ..................................................................................................................................................... 5 18. So if I use Rich Text Fields in Service Requests what can I do? .................................................................................................. 5 19. What about Rich Text Email (incoming and outgoing)? ................................................................................................................ 5 20. I encrypted a field and now I’m getting an error when I try and use the Remedyforce Console! It says something about “Object type not accessible. Please check permissions and make sure the object is not in development mode: SELECT <field> FROM <object> WHERE <field=data>……” ........................................................................................................................................ 6 21. I elected to encrypt a field is my data automatically encrypted? ................................................................................................... 6 22. Are there resources available to learn more around Salesforce Platform Encryption? ............................................................... 6 23. Do I need to back up my Platform Encryption Key?...................................................................................................................... 6 24. If WHERE clause is not supported for encrypted fields, then how does this impact search for things like Knowledge Articles? ................................................................................................................................................................................................................ 6 25. How does Platform Encryption work with Sandboxes? ................................................................................................................ 7 26. How can I trial Salesforce Shield and Platform Encryption. .......................................................................................................... 7 27. Can Remedyforce Support answer questions around Event Monitoring and Field Audit Trial. .................................................. 7

Secure Your Apps with Salesforce Shield .................................................................................................................................... 7 Event Monitoring ............................................................................................................................................................................ 7 Field Audit Trail ............................................................................................................................................................................... 7

Frequently Asked Questions regarding Salesforce Shield

PAGE 3 OF 12 CONFIDENTIAL

Document Information

Version: 7.0

Created by: Virginia Leandro

Last Modified on: 05 March 2018

Modified by: Virginia Leandro

Frequently Asked Questions regarding Salesforce Shield

PAGE 4 OF 12 CONFIDENTIAL

Salesforce Shield Salesforce is the world’s #1 trusted customer success platform. Salesforce has well over eighteen years of innovation

on the world’s most trusted cloud. Some customers may have compliance requirements that go beyond all the

security that Salesforce offers today.

Salesforce has always ensured that all customers have the highest level of data protection, availability, and

performance. From two factor authentication, to rigorous password policies, all customers get the same trust

capabilities in the platform. While Salesforce Trust provides for what most customers need, some companies in

regulated industries have compliance requirements that go beyond.

Salesforce Shield was introduced to help these highly regulated industries such as Financial Services, Healthcare, and

Public Sector who must meet regulations that govern how sensitive data is managed and accessed. Salesforce Shield

is a premium set of integrated services that are built natively on Salesforce. It lets customers see who is doing what

with sensitive data, know the state and value of their data going back up to ten years, and encrypt sensitive data at rest,

while still preserving business functionality.

The three core services include:

• Platform Encryption

• Event Monitoring

• Field Audit Trail

Platform Encryption Platform Encryption allows you to natively encrypt your most sensitive data at rest across all your Salesforce apps.

This helps you protect PII, sensitive, confidential, or proprietary data and meet both external and internal data

compliance policies while keeping critical app functionality — like search, workflow, and validation rules. You keep full

control over encryption keys and can set encrypted data permissions to protect sensitive data from unauthorized users.

Event Monitoring Event Monitoring gives you access to detailed performance, security, and usage data on all your Salesforce apps.

Every interaction is tracked and accessible via API, so you can view it in the data visualization app of your choice. See

who is accessing critical business data when, and from where. Understand user adoption across your apps.

Troubleshoot and optimize performance to improve end-user experience. Event Monitoring data can be easily imported

into any data visualization or application monitoring tool like Wave Analytics, Splunk, or New Relic. There is no user

interface to Event Monitoring. It is considered an API-only feature. Customers will have to take on responsibility of

using REST APIs to gain access to the data. Additionally, Salesforce now offers an Event Monitoring App that is a part

of Salesforce Analytics.

Frequently Asked Questions regarding Salesforce Shield

PAGE 5 OF 12 CONFIDENTIAL

Field Audit Trail Field Audit Trail lets you know the state and value of your data for any date, at any time. You can use it for regulatory

compliance, internal governance, audit, or customer service. Built on a big data backend for massive scalability, Field

Audit Trail helps companies create a forensic data-level audit trail with up to 10 years of history, up to 60 fields per

object, and set triggers for when data is deleted. There is no user interface to the Field Audit Trail data. Customers

can export the data or use REST APIs to gain access to the information.

Customers can either purchase Salesforce Shield (which includes Encryption, Event Monitoring, and Field Audit Trail)

or they can buy each product individually (for example, a customer may only want Platform Encryption).

Remedyforce and Salesforce Shield With our Remedyforce Summer 17 release we now actively support Salesforce Platform Encryption. Customers who

opt to purchase Salesforce Platform Encryption or Salesforce Shield (which includes Platform Encryption) should be

able to use Remedyforce and encrypt select fields within Remedyforce. Additional features such as Email

Conversation, Service Level Agreements, Service Requests, etc. will work within the encryption environment.

We have also done analysis and confirmed that Event Monitoring and Field Audit Trail can be used with Remedyforce;

however, there is no “user interface” for those two features. Customers will need to either use REST APIs or a third-

party analytics tool to process and assess the data. If customers have questions about Event Monitoring or Field Audit

Trail, they will be referred to information from Salesforce as we do not provide developer support for those two features.

Frequently Asked Questions

1. Is Salesforce Shield an additional cost? Yes, but the customer gets all three point products, Encryption, Event Monitoring, and Field Audit Trail.

2. Is Salesforce Platform Encryption an additional cost? Yes.

3. Is Salesforce Event Monitoring an additional cost? Yes.

4. Is Salesforce Field Audit Trial an additional cost? Yes.

5. Can I buy Salesforce Platform Encryption from BMC? Yes. If you or a customer are interested in Salesforce Platform Encryption, you can reach out to your Remedyforce

Business Relationship Manager who can get you in touch with your BMC Account Executive for a quote.

6. Can I buy Salesforce Shield from BMC? Yes. This recently changed as of February 1, 2018.

Frequently Asked Questions regarding Salesforce Shield

PAGE 2 OF 12 CONFIDENTIAL

7. Can I buy each of the point products that make up Shield individually? For example, I only want to purchase Event Monitoring? Yes. If you want to purchase Salesforce Shield Event Monitoring, or Field Audit Trail please reach out to your

Remedyforce Business Relationship Manager who can get you in touch with a BMC Account Executive who can get

you a quote.

8. Why would a customer need Platform Encryption or encrypt data at rest? Salesforce is the World’s #1 trusted customer success platform. They provide a full set of tools to ensure reliability as

well as security.

The Platform Encryption solution is typically adopted by enterprise organizations in highly regulated industries such as

financial, insurance, healthcare, and government. Platform Encryption adds an extra layer of security to their private,

sensitive and proprietary data.

Frequently Asked Questions regarding Salesforce Shield

PAGE 3 OF 12 CONFIDENTIAL

9. Can I encrypt everything? The approach Salesforce has taken is that you should encrypt as little data as possible. Salesforce gives customers

control over what data they encrypt. Your organization’s security officer or administrator chooses whether to turn on

encryption for standard fields, customer fields, files, and attachments. Customers also choose which specific fields to

encrypt at rest. The driving principle is to encrypt as little as possible to preserve functionality while keeping private,

sensitive, confidential, and regulated data safe.

10. Can I encrypt managed package fields? Remedyforce managed packaged fields can be encrypted. The data types supported for encryption are:

• Date

• Date/Time

• Email

• Phone

• Text

• Text area

• Text area (long)

• URL

As Salesforce supports more data types, we’ll make sure that Remedyforce is kept up to date and support any added

types.

11. I have Platform Encryption enabled but I still cannot encrypt a managed package field. What’s going on? Once you purchase Salesforce Shield or Platform Encryption and Salesforce enables it for your Org, you will need to

contact Remedyforce Support who can submit a case to Salesforce on your behalf to enable Encryption of Managed

Package Fields.

12. I see that I can have Salesforce generate a Key for me, but can I bring and manage my own Keys? Absolutely. Salesforce supports both Self-Signed Certificates as well as CA Certificates. You control the Key and how

often you rotate your keys. Salesforce does advise that if you manage your own keys that you export and backup your

keys to a keystore for safe.

13. I encrypted a field, why can my staff still see the data? Don’t confuse encryption of “data at rest” with “data masking”. If you need to restrict who can see data, you should

utilize Salesforce’s object, record, or field level security. Additionally, Salesforce offers a data type called “Text

(Encrypted)” that applies masking. For additional details refer to What’s the Difference Between Classic Encryption and

Shield Platform Encryption?

Frequently Asked Questions regarding Salesforce Shield

PAGE 4 OF 12 CONFIDENTIAL

14. Are there limitations? Yes. Due to the strength and nature of the encryption algorithm being used there are a number of limitations. We

suggest you refer to Salesforce General Shield Platform Encryption Considerations. Additionally, please refer to the

Remedyforce Documentation around support for Platform Encryption. We have distinguished fields that hold data that

can be encrypted and fields that how metadata (data about data) that are integral to the running of Remedyforce and

should not be encrypted.

15. What is the order of enabling encryption in my Org? Before you enable Platform Encryption, there’s definitely some leg work and planning that needs to happen.

Frequently Asked Questions regarding Salesforce Shield

PAGE 5 OF 12 CONFIDENTIAL

16. How do I encrypt the fields that hold the data provided in Service Requests? While Service Requests share the Incident object, the “user input” is actually held in the Request Detail Inputs object.

Trying to encrypt Request Definitions is considered metadata and should not be encrypted else it will cause failures.

Instead, you’ll want to encrypt the fields of the Request Detail Inputs object. The fields that can be encrypted are:

• Input/Prompt

• NewResponse

• Response

• Stored Value

Please be aware that if you map these inputs to fields of other objects such as Incident, Task, or Change, for example,

that the receiving field is also encrypted else you run the risk of that data not being encrypted at rest when used in

another object.

17. Can I encrypt Rich Text Fields? Not today. Rich Text Fields are not supported as one of the data types that Salesforce Platform Encryption supports.

18. So if I use Rich Text Fields in Service Requests what can I do? First, make sure you run the Encryption Impact Report from General Application Settings. This will report on where you

are using Text Area (Rich) fields in Service Requests.

Once you have that list you will need to convert those input fields within each Request Definition from being a Text Area

(Rich) to Text Area.

19. What about Rich Text Email (incoming and outgoing)? When you select the Support Salesforce Platform Encryption in Remedyforce from the General Applications Settings a couple of things happen with RTF emails.

• Any incoming emails that are Rich Text, will be converted to plain text when added to the module’s History

object if the Note field on the history object is encrypted.

• Any outgoing emails that are Rich Text, will be sent in Rich Text, but recorded in the module’s History object as

plain text when the Note field on the history object is encrypted.

• No data will be stored in the Rich Text Note field and the value will be blank.

Remember, that RichTextNote on History objects are of data type Rich Text Area and not supported for encryption.

Frequently Asked Questions regarding Salesforce Shield

PAGE 6 OF 12 CONFIDENTIAL

20. I encrypted a field and now I’m getting an error when I try and use the Remedyforce Console! It says something about “Object type not accessible. Please check permissions and make sure the object is not in development mode: SELECT <field> FROM <object> WHERE <field=data>……” Typically, when this error happens, it means you have encrypted a field that was being used in a Salesforce list view.

Unfortunately, Salesforce removes the field from the Filter Criteria of the list view so there is no way to know which list

view had the field as part of the Filter Criteria. The only work around is to go through and re-saving any List Views you

think may be causing the problem. We’ve reported this to Salesforce but they have not taken action on it at this time.

You can let Salesforce know this issue is impacting you by going here and attaching yourself to the Known Issue.

https://success.salesforce.com/issues_view?id=a1p3A0000008ggtQAA

21. I elected to encrypt a field is my data automatically encrypted? No. Once you encrypt a field, only new records or updated records after the encryption will be encrypted. If you need

your existing data encrypted, submit a case to Remedyforce Support to have them work with Salesforce to perform a

Mass Encryption action which will update and encrypt the data for you.

22. Are there resources available to learn more around Salesforce Platform Encryption? Check out these resources from Salesforce and the Remedyforce online documentation.

• Salesforce Shield Platform Encryption Architecture

• Salesforce Security Guide

• Salesforce Shield Platform Encryption Implementation Guide

• Salesforce Shield Platform Encryption Online Help

In addition, as it relates to Remedyforce support of Salesforce Platform Encryption, you can reference our online

help.

23. Do I need to back up my Platform Encryption Key? Yes. You should have a plan in place to ensure that you not only backup your Platform Encryption Key but that it is

kept or stored in a safe key repository. You are solely responsible for the backup and safe keeping of your key.

Salesforce will not be able to restore your keys if the security admin destroys the key and there is no backup.

See “Back Up Your Tenant Secret” in the Salesforce Platform Encryption Implementation Guide.

24. If WHERE clause is not supported for encrypted fields, then how does this impact search for things like Knowledge Articles? We use SOSL for full text searches which uses the FIND API. Something like Incident Description would be passed as

“what to find” argument and not in the WHERE clause.

Frequently Asked Questions regarding Salesforce Shield

PAGE 7 OF 12 CONFIDENTIAL

25. How does Platform Encryption work with Sandboxes? Refreshing a sandbox from a production organization creates an exact copy of the production organization. If Shield

Platform Encryption is enabled on the production organization, all encryption settings are copied, including tenant

secrets created in production. For more details please refer to:

https://help.salesforce.com/articleView?id=security_pe_sandboxes.htm&language=en_US&type=0

26. How can I trial Salesforce Shield and Platform Encryption. Salesforce currently doesn’t offer trials of Salesforce Shield or the point products. However, you could potentially spin

up a Salesforce Developer Edition Org which has Platform Encryption, install Remedyforce and do limited testing.

Please be aware that Salesforce Developer Edition Orgs are restricted to 200MB of data as they are only to be used for

testing.

27. Can Remedyforce Support answer questions around Event Monitoring and Field Audit Trial. While we resell Event Monitoring and Field Audit Trail, our Remedyforce Support team is not equipped to answer

questions. There are a number of Salesforce resources available that can help you in implementing those products.\

Secure Your Apps with Salesforce Shield

https://trailhead.salesforce.com/en/trails/shield?trailmix_creator_id=005500000060cdlAAA&trailmix_id=remedyforce-salesforce-shield

Event Monitoring

https://developer.salesforce.com/docs/atlas.en-us.210.0.api.meta/api/sforce_api_objects_eventlogfile.htm

Field Audit Trail

https://help.salesforce.com/articleView?id=field_audit_trail.htm&type=5

BMC delivers software solutions that help IT transform digital enterprises for the ultimate competitive business advantage. We have

worked with thousands of leading companies to create and deliver powerful IT management services. From mainframe to cloud to

mobile, we pair high-speed digital innovation with robust IT industrialization—allowing our customers to provide amazing user

experiences with optimized IT performance, cost, compliance, and productivity. We believe that technology is the heart of every

business, and that IT drives business to the digital age.

BMC – Bring IT to Life.