Prior to implementing Shield Platform Encryption, the most critical step for an Integration Architect is to perform a comprehensive Review of Shield Platform Encryption configurations and their impact on existing platform functionality. Encryption at rest is not a "set-and-forget" feature; it changes how the Salesforce database interacts with various features, and failing to review these limitations beforehand can lead to significant business disruption.
Salesforce documentation emphasizes that encryption affects several core areas:
SOQL/SOSL Limitations: Encrypted fields have restricted capabilities in WHERE, GROUP BY, and ORDER BY clauses.1 For example, if Social Security Numbers (SSNs) are encrypted using Probabilistic Encryption, they cannot be filtered or sorted in a query.2 This could break existing integrations or reports that rely on finding specific records by SSN.
Search Functionality: While Salesforce supports searching for encrypted data, there are specific behaviors to consider regarding how search indexes are built and updated.
AppExchange and Managed Packages: If the SSN field is used by a third-party app or a managed package, encrypting it might cause those external tools to fail if they are not designed to handle encrypted data types.
Field Attributes: Encrypted fields cannot be used as Unique or External IDs if using the probabilistic scheme, which is a vital consideration for data synchronization architectures.3
Therefore, the architect must first conduct a Business Impact Analysis. This includes identifying where the sensitive data (SSNs) is used in Apex code, Flows, validation rules, and reports. By reviewing the configurations and functional limitations first, the architect can decide between Probabilistic (higher security) and Deterministic (allows filtering) encryption strategies.4 Option A is a step taken during or after implementation (Background Encryption), and Option C is an anti-pattern, as encrypting "everything" leads to unnecessary performance overhead and massive functional loss. Only after a thorough review can the architect safely proceed with the technical implementation of Shield.
