Thales announced support for Salesforce Bring Your Own Encryption Key (BYOK) for Salesforce Shield Platform Encryption with the release of both on-premises and cloud-hosted key management offerings within its Vormetric Data Security Products line. Two implementation models are available, an on-premises solution and a Software as a Service (SaaS) application. Vormetric Key Management for Salesforce provides an on-premises solution that helps address the compliance needs of regulated industries and larger enterprises. Cloud-hosted Vormetric Key Management as a Service (KMaaS) delivers the same services hosted on Thales' infrastructure, offering the reduced infrastructure and management costs of SaaS applications. Salesforce Shield Platform Encryption enables enterprises using Salesforce to natively encrypt data at rest across their Salesforce apps without compromising business functionality. Thales' Vormetric offerings help organizations safely store, manage and maintain the Salesforce tenant secrets used to derive the encryption keys that protect data within the Salesforce environment, and to meet compliance and best practice requirements for management of these encryption keys. BYOK places control of Salesforce encrypted data firmly in the hands of customers by controlling the final form of Salesforce encryption keys. Both Thales offerings enable organizations to meet these requirements: Separate key management (i.e. tenant secret management) from usage locations. The creation, storage, rotation, deactivation and destruction of tenant secrets used to derive Salesforce encryption keys must happen in a physical location separate from where they are used. Separation of duties for encryption key management based upon organization and locale. Auditing of encryption key management, usage and access.