Thales News Release

Thales Delivers On-premises And SaaS Bring Your Own Key (BYOK) Offering For Salesforce

January 13, 2017

New on-premises key management for Salesforce meets enterprise needs for direct control of encryption keys

SAN JOSE, Calif. – January 12, 2017 – Thales, a leader in critical information systems, cybersecurity and data protection, today announced support for Salesforce Bring Your Own Encryption Key (BYOK) for Salesforce Shield Platform Encryption with the release of both on-premises and cloud-hosted key management offerings within its Vormetric Data Security Products line. Two implementation models are available, an on-premises solution and a Software as a Service (SaaS) application. Vormetric Key Management for Salesforce provides an on-premises solution that helps address the compliance needs of regulated industries and larger enterprises. Cloud-hosted Vormetric Key Management as a Service (KMaaS) delivers the same services hosted on Thales’ infrastructure, offering the reduced infrastructure and management costs of SaaS applications.

Salesforce Shield Platform Encryption enables enterprises using Salesforce to natively encrypt data at rest across their Salesforce apps without compromising business functionality. Thales’ Vormetric offerings help organizations safely store, manage and maintain the Salesforce tenant secrets used to derive the encryption keys that protect data within the Salesforce environment, and to meet compliance and best practice requirements for management of these encryption keys. BYOK places control of Salesforce encrypted data firmly in the hands of customers by controlling the final form of Salesforce encryption keys.

Click to Tweet: Now #Salesforce BYOK #encryption mgmt on-prem or #KMaaS from @Thalesesecurity

Compliance mandates, data residency requirements, government regulations and best practices require that enterprises protect and maintain encryption keys in accordance with specific frameworks and laws. To meet the requirements of these frameworks and laws, enterprises must also meet specific maintenance and storage requirements for tenant secrets as the controlling element for Salesforce encryption keys.

Both Thales offerings enable organizations to meet these requirements:

  • Separate key management (i.e. tenant secret management) from usage locations. The creation, storage, rotation, deactivation and destruction of tenant secrets used to derive Salesforce encryption keys must happen in a physical location separate from where they are used.
  • Separation of duties for encryption key management based upon organization and locale.
  • Auditing of encryption key management, usage and access.

On-premises or Key Management as a Service (KMaaS) in the cloud

Vormetric, a Thales company, provides the flexibility of both on-premises and cloud-based solutions to managing customer’s encryption of their data in Salesforce (through management of customer tenant secrets).


Often due to a strict reading of best practice, compliance and industry guidelines, many enterprises will prefer to keep control of Salesforce encryption keys within their local data centers. For these customers, Vormetric Key Management for Salesforce provides an ideal solution, enabling the enterprise to manage and control the encryption of their Salesforce information directly (through management of their tenant secrets) within their data centers.

These customers also gain the benefits of the Vormetric Data Security Platform, with the ability to manage and control access to their data in Salesforce along with that of their in-house and cloud databases, system level files and cloud storage data within a single environment and infrastructure. When organizations use the platform to create an enterprise-wide encryption management strategy, they enjoy low deployment costs for additional data protection tools, low infrastructure costs, low resource requirements and high scalability.

In the Cloud

KMaaS for Salesforce enables rapid deployment of the solution, eliminating the time and resources needed for installation and ongoing maintenance of externalized key management for Salesforce. Physical hardware acquisition, configuration and integration are reduced, along with ongoing infrastructure management, maintenance and upgrade costs. The experts deploy and maintain KMaaS infrastructure, while enterprises simply use the application to protect their critical data.

“As we now announce the general availability of both our on-premises solution for managing Salesforce tenant secrets, and of our Key Management as a Service offering, we complement Salesforce Shield’s robust encryption service,” said Thales vice president of product management Derek Tumulak. “Enterprises now have the choices they need to take control of the encryption of their data, by simply and easily managing encryption key lifecycles in the way that makes the most sense for their business.”

Salesforce, Shield Platform Encryption and others are among the trademarks of, Inc.

About Thales

Thales + Vormetric have combined to form a leading global data protection and digital trust management company. Together, we enable companies to compete confidently and quickly by securing data at-rest, in-motion, and in-use to effectively deliver secure and compliant solutions with the highest levels of management, speed and trust across physical, virtual, and cloud environments. By deploying our leading solutions and services, targeted attacks are thwarted and sensitive data risk exposure is reduced with lower business disruption and life cycle cost. Thales and Vormetric are part of Thales Group.

About Thales

Thales is a global technology leader for the Aerospace, Transport, Defence and Security markets. With 62,000 employees in 56 countries, Thales reported sales of €14 billion in 2015. With over 22,000 engineers and researchers, Thales has a unique capability to design and deploy equipment, systems and services to meet the most complex security requirements. Its exceptional international footprint allows it to work closely with its customers all over the world.

Positioned as a value-added systems integrator, equipment supplier and service provider, Thales is one of Europe’s leading players in the security market. The Group’s security teams work with government agencies, local authorities and enterprise customers to develop and deploy integrated, resilient solutions to protect citizens, sensitive data and critical infrastructure.

Drawing on its strong cryptographic capabilities, Thales is a global leader in data protection and one of the world leaders in cybersecurity products and solutions for defence, critical infrastructure and telecommunication operators, industrial and financial companies. Covering the entire cybersecurity chain, Thales offers a comprehensive range of services and solutions that includes: cybersecurity consulting and testing, cyber-secured software centric system design / development / integration and certification, provision and through-life management of data protection products and services, secured IT outsourcing and cloud computing solutions, as well as managed security services based on our network of Security Operation Centers in France, the United Kingdom and the Netherlands.


Dorothée Bonneil
Thales Media Relations – Security
+33 (0)1 57 77 90 89
Liz Harris
Thales Media Relations
+44 (0)1223 723612