Use Salesforce securely – with eperi® sEcure
Salesforce is one of the world's leading CRM systems – and a central repository for business-critical information such as customer data, price lists, quotation histories, and strategic sales plans. It is precisely this information that constitutes your company's intellectual property – and thus a competitive advantage that is particularly worthy of protection.
With eperi® sEcure, you can effectively protect this valuable knowledge from unauthorized access, loss, or industrial espionage—regardless of whether you use Salesforce locally, in the cloud, or in hybrid architectures.
- All sensitive data remains 100% under your control
- Access by administrators, external service providers, or other unauthorized third parties such as cybercriminals is technically impossible.
- Intelligent encryption protects your data even before it is transferred to the cloud.
At the same time, eperi® sEcure enables you to comply with the data protection requirements of relevant regulations such as the GDPR, ISO 27001/27701, or industry-specific regulations such as DORA, NIS-2, or §203 StGB. Risks posed by international regulations such as the US CLOUD Act are also completely neutralized through key sovereignty and local encryption.
eperi® sEcure is the technical answer to a simple question: How do you protect what makes your company truly valuable?
eperi® sEcure relies on pre-cloud encryption. Unlike Salesforce Shield, all plain text data and keys remain within the company—not in the US cloud. And it offers a better range of functions:
eperi® sEcure vs. Salesforce Shield – Comparison at a glance
|
Function |
eperi® sEcure |
Salesforce Shield |
|
Encryption before the cloud |
✅ Yes |
❌ No |
|
Access to plain text data |
🔒 Only through customers |
🔓 Also through Salesforce |
|
Search, filter, reports with encryption |
✅ Fully functional |
❌ Restricted |
|
Selective encryption (e.g., field, context) |
✅ Possible |
❌ Not possible |
|
Patented encryption technology |
✅ Yes |
❌ No |
Why is encryption crucial before the cloud?
“Encrypted does not automatically mean secure – unless you encrypt before the cloud.” – Eperi GmbH
Only through client-side encryption—i.e., within the company before uploading—can data protection obligations and legal risks such as the US CLOUD Act or external access by unauthorized third parties and hackers be effectively ruled out.
What eperi® sEcure does for Salesforce
Compliance made easy – certified & legally compliant
eperi® sEcure helps you comply with the following standards and regulatory data protection requirements:
- GDPR (EU 2016/679)
- ISO 27001 / 27701
- DORA
- NIS-2
- ESG requirements
- Section 203 of the German Criminal Code (StGB) (Duty of confidentiality for persons bound by professional secrecy)
Use cases: How eperi® sEcure works in practice
- Automotive group: GDPR-compliant use of Salesforce in China
- Auditing: Secure SaaS CRM with encrypted tax data
- Telecommunications: Protection of over 170,000 active Salesforce records worldwide
- Retail: Online shop live in just two weeks – and a looming million-dollar fine avoided
“With eperi® sEcure, we were able to implement our Salesforce solution quickly, securely, and without any functional restrictions in compliance with GDPR.” – Well-known German department store
Technological basis
- AES-256 & RSA-4096
- Optional: Post-Quanten-Kryptografie durch Crypto Agility
- Compatible with Salesforce Lightning and third-party integrations (e.g., email or REST)
- Supports Sales, Service, Marketing & Financial Cloud, Chatter, and much more.
- Scalable for multi-instance & enterprise setups
Explanation: What is the CLOUD Act?
The CLOUD Act is a US law that allows US authorities to access data from US cloud providers – regardless of where the data is physically located. This means that even if your Salesforce data is hosted in the EU, US authorities can request access to it. However, if the data is encrypted before upload, it is unreadable to both the provider and US authorities.
Alarming wave of data leaks due to compromised Salesforce instances
In recent months, there have been a number of serious data breaches at well-known companies, all caused by the manipulation of Salesforce administrators and users via social engineering attacks:
- Air France KLM: Attackers gained access to an external customer service platform – presumably via Salesforce – and exfiltrated names, email addresses, telephone numbers, and loyalty program information. The incidents were reported to the data protection authorities.
- In June 2025, Google confirmed that one of its Salesforce instances had been compromised. Business data such as company names and contact information were primarily targeted, demonstrating the effectiveness of this attack strategy even against technology giants.
- Allianz Life: On July 16, 2025, the US subsidiary of Allianz suffered a data breach involving Salesforce, a cloud-based CRM system, which was manipulated using social engineering. The perpetrators gained access to the personal data of over 1.4 million customers.
- These incidents are only part of a larger wave of attacks involving groups such as ShinyHunters, UNC6040, and Scattered Spider. Various industries are affected, from fashion and aviation to technology and insurance, highlighting the significant risk posed by the outsourced and inadequately protected use of Salesforce instances.
Why this is relevant:
These real-life, high-profile cases demonstrate the weakness of technical security controls against attacks that exploit human behavior (e.g., vishing, authorization of manipulated apps). They underscore the urgent need for robust protection mechanisms such as pre-cloud encryption—which is exactly where eperi® sEcure comes in.
Partner
Newsletter
Sign up for our newsletter and receive regular updates on data protection topics, changes in legislation and the further development of eperi® sEcure.