Data Encryption in Zoho CRM

Data Encryption in Zoho CRM

Encryption is primarily used to safeguard the contents of a message so that only the intended recipient can read it. This is done by replacing the contents with unrecognizable data, which could be understood only by the intended and authorized recipient(s). This is how encryption became a method to protect data from those who might want to steal it.

Availability 
Permission Required
Users with an Administrator profile can access this feature.
Check Feature Availability and Limits 

Encryption can be used in two situations.
  1. Encryption in Transit
  2. Encryption at Rest (EAR)

Encryption in Transit

Refers to data that is encrypted when it is in transit — including from your browser to the web server and other third parties via integrations. Encrypting data in transit protects your data from man-in-the-middle-attacks.

Encryption at Rest

Refers to data that is encrypted when it is stored (not moving) — either on a disc, in a database, or some other form of media. In addition to encryption of data during transit, encryption of data when it is stored in the servers provides an even higher level of security. EAR protects against any possible data leak due to server compromise or unauthorized access.

Encryption is done at the application layer using the AES-256 algorithm which is a symmetric encryption algorithm and uses 128-bit blocks and 256-bit keys.The key used to convert the data from plain text to cipher text is called Data Encryption Key (DEK).
These keys are generated and maintained by our in-house Key Management Service (KMS).
Learn more about our KMS.

What Data do we encrypt in Zoho CRM?

Data in Zoho CRM can be field values, emails, and attachments.  That said, data encryption is available for all standard (except Tasks, Calls, and Meetings) and custom modules. 

Field-level encryption

  1. Only Custom fields can be encrypted.
  2. The following are field-types that can be encrypted: Single Line, Email, Phone, Number, Multiline (small), Date, Date-Time, Currency, Decimal, Long Integer, and URL fields.

File encryption

All the attachments are encrypted by default once added to CRM.

Email encryption

Emails sent and received via CRM will be encrypted at rest.

Full-disk Encryption 

Besides application layer encryption, full disk encryption is available in India (IN), Australia (AU) and Japan (JP) datacenters and upon request we extend the facility to other DCs. 

How one can encrypt fields in Zoho CRM?

An administrator or user with customization permission can encrypt or decrypt fields. 

To encrypt/decrypt custom fields:

 

  1. Go to  Setup > Customization > Modules and Fields > [Select the module] .

  2. In the module layout editor, go to the field you wish to encrypt, click the  Settings icon and select  Edit Properties.
      

  3. In the  Field Properties popup, select the  Encrypt Field checkbox.
      

  4. Click  Done.

  5. Save the layout.

Limitations

  1. A field that is marked as unique cannot be encrypted directly. The field has to be unmarked as a unique field to enforce encryption. Conversely, a field that is already encrypted cannot be set as unique until the encryption is removed. In summary, a field cannot be both unique and encrypted simultaneously.
    To switch between these states, you must first remove the existing designation.
  2. Only full-text search is supported in global search. For instance, if the encrypted data is "Joseph Wells," the encrypted field record does not show in the results of a search for "Joseph."
  3. Encrypted fields cannot be used in Advanced Filters
  4. Encrypted fields cannot be found using Search by Criteria
  5. Encrypted fields are not visible in the Sort option.
  6. In the Forecasts module, encrypted fields cannot be used as Target Fields.
  7. When a field is encrypted, the following operators will be supported in the criteria:
    1. Single line, Phone, Email, Small multi-line (character limit of 2000), Date, Date-Time, and Currency - is empty and is not empty
    2. Number, Decimal, Long integer - =, !=, is empty, and is not empty.

Possibilities with fields that are encrypted

  1. Encryption can be disabled for a field at any time.
  2. Encrypted fields can be used as inputs in Formula fields.
  3. Find & Merge and Deduplication are supported for encrypted fields.
  4. Any data imported to encrypted fields will be encrypted by default and exported data is decrypted.
  5. Encrypted fields can be included in Web forms.
  6. Encrypted field can be displayed in Reports as a column, but cannot be used in Criteria and Columns to Total.
  7. Encrypted fields can be used as inputs in custom functions, and as merge fields in templates.
  8. APIs are supported for encrypted data.
  9. Encrypted fields can be used in integrations too. Utilizing the information in integrations is entirely at the user's risk.

    • Related Articles

    • FAQs: Exporting data from Zoho CRM

      How do I export Zoho CRM data? To export data from CRM Go to Setup () near the top-right corner. Go to the Data Administration section and click Export. In the Export Data page, click Start an Export. In the Export Data page that opens, do the ...
    • Importing Data to Zoho CRM

      Data can be gathered through various sources such as, purchasing a record database, collecting from trade shows and campaigns, and so on. Importing records from such external sources to Zoho CRM is one of the most important lead creation activities ...
    • Data Privacy

      HIPAA Compliance The Android version of the Zoho CRM is HIPAA compliant. HIPAA, the Health Insurance Portability and Accountability Act, is a law that makes specific requirements for protecting sensitive health information from being disclosed ...
    • Migrating Data Between Zoho CRM Accounts

      Retrieve Data files from Zoho CRM If you are planning to use a backup of data from Zoho CRM to import, the file structure does not change. If you exported data from another CRM, use the following folder structure: The Data folder should contain all ...
    • Export CRM Data

      Depending on your needs, you may wish to export all or part of the data stored in your CRM. Some common needs include segmenting customers, sharing data with collaborators, meeting compliance-related requirements, creating reports, and archiving your ...