bmc helix remedyforce · frequently asked questions regarding bmc helix remedyforce &...

Frequently Asked Questions

BMC Helix Remedyforce Frequently Asked Questions regarding BMC Helix Remedyforce & Salesforce Shield

109 May 2019

Frequently Asked Questions regarding BMC Helix Remedyforce & Salesforce Shield

PAGE 2 OF 12 CONFIDENTIAL

Table of Contents Salesforce Shield _______________________________________________________________________________________ 4

Platform Encryption ............................................................................................................................................................................ 4 Event Monitoring ................................................................................................................................................................................. 4 Field Audit Trail .................................................................................................................................................................................... 5

BMC Helix Remedyforce and Salesforce Shield ______________________________________________________________ 5 Frequently Asked Questions _____________________________________________________________________________ 5

1. Is Salesforce Shield an additional cost? .......................................................................................................................................... 5 2. Is Salesforce Platform Encryption an additional cost? .................................................................................................................... 5 3. Is Salesforce Event Monitoring an additional cost? ......................................................................................................................... 5 4. Is Salesforce Field Audit Trial an additional cost? ........................................................................................................................... 5 5. Can I buy Salesforce Platform Encryption from BMC? ................................................................................................................... 5 6. Can I buy Salesforce Shield from BMC? .......................................................................................................................................... 5 7. Can I buy each of the point products that make up Shield individually? For example, I only want to purchase Event Monitoring? ............................................................................................................................................................................................ 2 8. Why would a customer need Platform Encryption or encrypt data at rest? ................................................................................... 2 9. Can I encrypt everything?................................................................................................................................................................. 3 10. Can I encrypt managed package fields? ....................................................................................................................................... 3 11. I have Platform Encryption enabled but I still cannot encrypt a managed package field. What’s going on? ............................. 3 12. I see that I can have Salesforce generate a Key for me, but can I bring and manage my own Keys? ....................................... 3 13. I encrypted a field, why can my staff still see the data? ................................................................................................................ 4 14. Are there limitations? ...................................................................................................................................................................... 4 15. What is the order of enabling encryption in my Org? .................................................................................................................... 4 16. How do I encrypt the fields that hold the data provided in Service Requests? ............................................................................ 5 17. Can I encrypt Rich Text Fields? ..................................................................................................................................................... 5 18. So if I use Rich Text Fields in Service Requests what can I do? .................................................................................................. 5 19. What about Rich Text Email (incoming and outgoing)? ................................................................................................................ 5 20. I encrypted a field and now I’m getting an error when I try and use the Remedyforce Console! It says something about “Object type not accessible. Please check permissions and make sure the object is not in development mode: SELECT <field> FROM <object> WHERE <field=data>……” ........................................................................................................................................ 6 21. I elected to encrypt a field is my data automatically encrypted? ................................................................................................... 6 22. Are there resources available to learn more around Salesforce Platform Encryption? ............................................................... 6 23. Do I need to back up my Platform Encryption Key?...................................................................................................................... 6 24. If WHERE clause is not supported for encrypted fields, then how does this impact search for things like Knowledge Articles? ................................................................................................................................................................................................................ 6 25. How does Platform Encryption work with Sandboxes? ................................................................................................................ 7 26. How can I trial Salesforce Shield and Platform Encryption. .......................................................................................................... 7 27. Can BMC Helix Remedyforce Support answer questions around Event Monitoring and Field Audit Trial. ................................ 7

Secure Your Apps with Salesforce Shield .................................................................................................................................... 7 Event Monitoring ............................................................................................................................................................................ 7 Field Audit Trail ............................................................................................................................................................................... 7



Document Information

Version: 9.0

Created by: Virginia Leandro

Last Modified on: 19 March 2019

Modified by: Virginia Leandro



Salesforce Shield Salesforce is the world’s #1 trusted customer success platform. Salesforce has well over eighteen years of innovation

on the world’s most trusted cloud. Some customers may have compliance requirements that go beyond all the

security that Salesforce offers today.

Salesforce has always ensured that all customers have the highest level of data protection, availability, and

performance. From two factor authentication, to rigorous password policies, all customers get the same trust

capabilities in the platform. While Salesforce Trust provides for what most customers need, some companies in

regulated industries have compliance requirements that go beyond.

Salesforce Shield was introduced to help these highly regulated industries such as Financial Services, Healthcare, and

Public Sector who must meet regulations that govern how sensitive data is managed and accessed. Salesforce Shield

is a premium set of integrated services that are built natively on Salesforce. It lets customers see who is doing what

with sensitive data, know the state and value of their data going back up to ten years, and encrypt sensitive data at rest,

while still preserving business functionality.

The three core services include:

• Platform Encryption

• Event Monitoring

• Field Audit Trail

Platform Encryption Platform Encryption allows you to natively encrypt your most sensitive data at rest across all your Salesforce apps.

This helps you protect PII, sensitive, confidential, or proprietary data and meet both external and internal data

compliance policies while keeping critical app functionality — like search, workflow, and validation rules. You keep full

control over encryption keys and can set encrypted data permissions to protect sensitive data from unauthorized users.

Event Monitoring Event Monitoring gives you access to detailed performance, security, and usage data on all your Salesforce apps.

Every interaction is tracked and accessible via API, so you can view it in the data visualization app of your choice. See

who is accessing critical business data when, and from where. Understand user adoption across your apps.

Troubleshoot and optimize performance to improve end-user experience. Event Monitoring data can be easily imported

into any data visualization or application monitoring tool like Wave Analytics, Splunk, or New Relic. There is no user

interface to Event Monitoring. It is considered an API-only feature. Customers will have to take on responsibility of

using REST APIs to gain access to the data. Additionally, Salesforce now offers an Event Monitoring App that is a part

of Salesforce Analytics.



Field Audit Trail Field Audit Trail lets you know the state and value of your data for any date, at any time. You can use it for regulatory

compliance, internal governance, audit, or customer service. Built on a big data backend for massive scalability, Field

Audit Trail helps companies create a forensic data-level audit trail with up to 10 years of history, up to 60 fields per

object, and set triggers for when data is deleted. There is no user interface to the Field Audit Trail data. Customers

can export the data or use REST APIs to gain access to the information.

Customers can either purchase Salesforce Shield (which includes Encryption, Event Monitoring, and Field Audit Trail)

or they can buy each product individually (for example, a customer may only want Platform Encryption).

BMC Helix Remedyforce and Salesforce Shield BMC Helix Remedyforce actively supports Salesforce Platform Encryption. Customers who opt to purchase Salesforce

Platform Encryption or Salesforce Shield (which includes Platform Encryption) should be able to use BMC Helix

Remedyforce and encrypt select fields within Remedyforce. Additional features such as Email Conversation, Service

Level Agreements, Service Requests, etc. will work within the encryption environment.

We have also done analysis and confirmed that Event Monitoring and Field Audit Trail can be used with BMC Helix

Remedyforce; however, there is no “user interface” for those two features. Customers will need to either use REST

APIs or a third-party analytics tool to process and assess the data. If customers have questions about Event

Monitoring or Field Audit Trail, they will be referred to information from Salesforce as we do not provide developer

support for those two features.

Frequently Asked Questions

1. Is Salesforce Shield an additional cost? Yes. The customer gets all three point products: Platform Encryption, Event Monitoring, and Field Audit Trail.

2. Is Salesforce Platform Encryption an additional cost? Yes. It can be purchased stand alone.

3. Is Salesforce Event Monitoring an additional cost? Yes. It can be purchased stand alone.

4. Is Salesforce Field Audit Trial an additional cost? Yes. It can be purchased stand alone.

5. Can I buy Salesforce Platform Encryption from BMC? Yes. If you or a customer are interested in Salesforce Platform Encryption, you can reach out to your BMC Helix

Remedyforce Business Relationship Manager or BMC Account Executive for a quote. Please be aware that any

Salesforce add-ons purchased through BMC are contractually restricted for use with BMC Helix Remedyforce.

6. Can I buy Salesforce Shield from BMC? Yes. This recently changed as of February 1, 2018.



7. Can I buy each of the point products that make up Shield individually? For example, I only want to purchase Event Monitoring? Yes. If you want to purchase Salesforce Shield Event Monitoring, or Field Audit Trail please reach out to your BMC

Helix Remedyforce Business Relationship or BMC Account Executive who can get you a quote. Please be aware that

any Salesforce add-ons purchased through BMC are contractually restricted for use with BMC Helix Remedyforce.

8. Why would a customer need Platform Encryption or encrypt data at rest? Salesforce is the World’s #1 trusted customer success platform. They provide a full set of tools to ensure reliability as

well as security.

The Platform Encryption solution is typically adopted by enterprise organizations in highly regulated industries such as

financial, insurance, healthcare, and government. Platform Encryption adds an extra layer of security to their private,

sensitive and proprietary data.



9. Can I encrypt everything? The approach Salesforce has taken is that you should encrypt as little data as possible. Salesforce gives customers

control over what data they encrypt. Your organization’s security officer or administrator chooses whether to turn on

encryption for standard fields, customer fields, files, and attachments. Customers also choose which specific fields to

encrypt at rest. The driving principle is to encrypt as little as possible to preserve functionality while keeping private,

sensitive, confidential, and regulated data safe.

10. Can I encrypt managed package fields? BMC Helix Remedyforce managed packaged fields can be encrypted. The data types supported for encryption are:

• Date

• Date/Time

• Email

• Phone

• Text

• Text area

• Text area (long)

• Text area (rich) [Note: Has not been tested and verified]

• URL

As Salesforce supports more data types, we’ll make sure that BMC Helix Remedyforce is kept up to date and support

any added types.

11. I have Platform Encryption enabled but I still cannot encrypt a managed package field. What’s going on? Once you purchase Salesforce Shield or Platform Encryption and Salesforce enables it for your Org, you will need to

contact BMC Helix Remedyforce Support who can submit a case to Salesforce on your behalf to enable Encryption of

Managed Package Fields.

12. I see that I can have Salesforce generate a Key for me, but can I bring and manage my own Keys? Absolutely. Salesforce supports both Self-Signed Certificates as well as CA Certificates. You control the Key and how

often you rotate your keys. Salesforce does advise that if you manage your own keys that you export and backup your

keys to a keystore for safe.



13. I encrypted a field, why can my staff still see the data? Don’t confuse encryption of “data at rest” with “data masking”. If you need to restrict who can see data, you should

utilize Salesforce’s object, record, or field level security. Additionally, Salesforce offers a data type called “Text

(Encrypted)” that applies masking. For additional details refer to What’s the Difference Between Classic Encryption and

Shield Platform Encryption?

14. Are there limitations? Yes. Due to the strength and nature of the encryption algorithm being used there are a number of limitations. We

suggest you refer to Salesforce General Shield Platform Encryption Considerations. Additionally, please refer to the

BMC Helix Remedyforce Documentation around support for Platform Encryption. We have distinguished fields that

hold data that can be encrypted and fields that how metadata (data about data) that are integral to the running of

Remedyforce and should not be encrypted.

15. What is the order of enabling encryption in my Org? Before you enable Platform Encryption, there’s definitely some leg work and planning that needs to happen.

https://developer.salesforce.com/docs/atlas.en-us.securityImplGuide.meta/securityImplGuide/security_pe_comparison_table.htm

https://developer.salesforce.com/docs/atlas.en-us.securityImplGuide.meta/securityImplGuide/security_pe_comparison_table.htm

https://developer.salesforce.com/docs/atlas.en-us.securityImplGuide.meta/securityImplGuide/security_pe_considerations_general.htm



16. How do I encrypt the fields that hold the data provided in Service Requests? While Service Requests share the Incident object, the “user input” is actually held in the Request Detail Inputs object.

Trying to encrypt Request Definitions is considered metadata and should not be encrypted else it will cause failures.

Instead, you’ll want to encrypt the fields of the Request Detail Inputs object. The fields that can be encrypted are:

• Input/Prompt

• NewResponse

• Response

• Stored Value

Please be aware that if you map these inputs to fields of other objects such as Incident, Task, or Change, for example,

that the receiving field is also encrypted else you run the risk of that data not being encrypted at rest when used in

another object.

17. Can I encrypt Rich Text Fields? Not today. Rich Text Fields are not supported as one of the data types that Salesforce Platform Encryption supports.

18. So if I use Rich Text Fields in Service Requests what can I do? First, make sure you run the Encryption Impact Report from General Application Settings. This will report on where you

are using Text Area (Rich) fields in Service Requests.

Once you have that list you will need to convert those input fields within each Request Definition from being a Text Area

(Rich) to Text Area.

As of March 2019, Salesforce now supports the encryption of Rich Text fields, however, we have not yet verified with

BMC Helix Remedyforce.

19. What about Rich Text Email (incoming and outgoing)? When you select the Support Salesforce Platform Encryption in BMC Helix Remedyforce from the General Applications Settings a couple of things happen with RTF emails.

• Any incoming emails that are Rich Text, will be converted to plain text when added to the module’s History

object if the Note field on the history object is encrypted.

• Any outgoing emails that are Rich Text, will be sent in Rich Text, but recorded in the module’s History object as

plain text when the Note field on the history object is encrypted.

• No data will be stored in the Rich Text Note field and the value will be blank.

Remember, that RichTextNote on History objects are of data type Rich Text Area and not supported for encryption.



20. I encrypted a field and now I’m getting an error when I try and use the Remedyforce Console! It says something about “Object type not accessible. Please check permissions and make sure the object is not in development mode: SELECT <field> FROM <object> WHERE <field=data>……” Typically, when this error happens, it means you have encrypted a field that was being used in a Salesforce list view.

Unfortunately, Salesforce removes the field from the Filter Criteria of the list view so there is no way to know which list

view had the field as part of the Filter Criteria. The only work around is to go through and re-saving any List Views you

think may be causing the problem. We’ve reported this to Salesforce but they have not taken action on it at this time.

You can let Salesforce know this issue is impacting you by going here and attaching yourself to the Known Issue.

https://success.salesforce.com/issues_view?id=a1p3A0000008ggtQAA

21. I elected to encrypt a field is my data automatically encrypted? No. Once you encrypt a field, only new records or updated records after the encryption will be encrypted. If you need

your existing data encrypted, submit a case to BMC Helix Remedyforce Support to have them work with Salesforce to

perform a Mass Encryption action which will update and encrypt the data for you.

22. Are there resources available to learn more around Salesforce Platform Encryption? Check out these resources from Salesforce and the BMC Helix Remedyforce online documentation.

• Salesforce Shield Platform Encryption Architecture

• Salesforce Security Guide

• Salesforce Shield Platform Encryption Online Help

In addition, as it relates to BMC Helix Remedyforce support of Salesforce Platform Encryption, you can reference

our online help.

23. Do I need to back up my Platform Encryption Key? Yes. You should have a plan in place to ensure that you not only backup your Platform Encryption Key but that it is

kept or stored in a safe key repository. You are solely responsible for the backup and safe keeping of your key.

Salesforce will not be able to restore your keys if the security admin destroys the key and there is no backup.

See “Back Up Your Tenant Secret” in the Salesforce Platform Encryption Implementation Guide.

24. If WHERE clause is not supported for encrypted fields, then how does this impact search for things like Knowledge Articles? We use SOSL for full text searches which uses the FIND API. Something like Incident Description would be passed as

“what to find” argument and not in the WHERE clause.

https://success.salesforce.com/issues_view?id=a1p3A0000008ggtQAA

https://www.salesforce.com/assets/pdf/misc/Platform_Encryption_Architecture_White_Paper.pdf

https://developer.salesforce.com/docs/atlas.en-us.securityImplGuide.meta/securityImplGuide/salesforce_security_guide.htm

https://help.salesforce.com/articleView?id=security_pe_overview.htm&type=0&language=en_US&release=206.13

https://resources.docs.salesforce.com/202/latest/en-us/sfdc/pdf/salesforce_platform_encryption_implementation_guide.pdf



25. How does Platform Encryption work with Sandboxes? Refreshing a sandbox from a production organization creates an exact copy of the production organization. If Shield

Platform Encryption is enabled on the production organization, all encryption settings are copied, including tenant

secrets created in production. For more details please refer to:

https://help.salesforce.com/articleView?id=security_pe_sandboxes.htm&language=en_US&type=0

26. How can I trial Salesforce Shield and Platform Encryption. Salesforce currently doesn’t offer trials of Salesforce Shield or the point products. However, you could potentially spin

up a Salesforce Developer Edition Org which has Platform Encryption, install BMC Helix Remedyforce and do limited

testing. Please be aware that Salesforce Developer Edition Orgs are restricted to 200MB of data as they are only to be

used for testing.

27. Can BMC Helix Remedyforce Support answer questions around Event Monitoring and Field Audit Trial. While we resell Event Monitoring and Field Audit Trail, our BMC Helix Remedyforce Support team is not equipped to

answer questions. There are a number of Salesforce resources available that can help you in implementing those

products.

Secure Your Apps with Salesforce Shield

https://trailhead.salesforce.com/en/trails/shield?trailmix_creator_id=005500000060cdlAAA&trailmix_id=remedyforce-salesforce-shield

Event Monitoring

https://developer.salesforce.com/docs/atlas.en-us.210.0.api.meta/api/sforce_api_objects_eventlogfile.htm

Field Audit Trail

https://help.salesforce.com/articleView?id=field_audit_trail.htm&type=5

https://help.salesforce.com/articleView?id=security_pe_sandboxes.htm&language=en_US&type=0





https://help.salesforce.com/articleView?id=field_audit_trail.htm&type=5

BMC delivers software solutions that help IT transform digital enterprises for the ultimate competitive business advantage. We have

worked with thousands of leading companies to create and deliver powerful IT management services. From mainframe to cloud to

mobile, we pair high-speed digital innovation with robust IT industrialization—allowing our customers to provide amazing user

experiences with optimized IT performance, cost, compliance, and productivity. We believe that technology is the heart of every

business, and that IT drives business to the digital age.

BMC – Bring IT to Life.

bmc helix remedyforce · frequently asked questions regarding bmc helix remedyforce &...

Documents