InCountry logo
mobile-nav
Search
  • Products
    • Products
      • InCountry for Salesforce
      • Data Residency-as-a-Service
      • Alibaba Cloud InCountry Service
      • Compliance and security
    • Gateways
      • Email
      • Payment Vault
      • Web Forms
      • HTML
    • Developers
      • REST API
      • SDK
  • Solutions
    • Automotive
    • Energy
    • Financial services
    • Healthcare
    • Retail
    • Technology
    • Latest success story
      • IBM Consulting
  • Integrations
    • Cegid
    • Intertrust
    • MuleSoft
    • PayPal
    • Salesforce
    • ServiceNow
    • Stripe
    • Veeva Systems
    • Yandex
  • Resources
    • Country compliance
    • Documentation
    • Library
    • Partners
    • Pricing
  • About
    • News and Blog
    • Careers
    • Contact Us
    • FAQ
    • Leadership
  • Login
  • Schedule a Demo

›Salesforce

Home
  • InCountry Platform
Portal
  • Getting started
  • Documentation
    • Dashboard
    • Managing environments
    • Managing SDK credentials and services
    • Managing Border configuration
    • Managing payment vaults
    • Managing email gateways
    • Managing resident functions
    • Managing file imports
    • Managing profile and organization
    • Managing users
    • Managing encryption keys
  • Release notes
Border
  • Documentation
  • Release notes
REST API
  • Documentation
  • How to test CRUD requests through REST API
  • Release notes
Resident Functions
  • Documentation
Salesforce
  • About
  • Overview
  • Quick start guide for three-model package
  • Quick start guide for legacy package
  • Administrator's guide
    • Managing the package
    • Managing permissions
    • Managing OAuth2 authentication and authorization
    • Managing certificates
    • Registering CSP Trusted Sites
    • Managing InCountry Endpoints
    • Managing REST endpoints
    • Managing InCountry flags
    • Loading the application
    • Managing data regulation policies
    • Managing protected fields
    • Hashing the UserName field
    • Managing custom objects
    • Replacing standard elements
    • Configuring record search
    • Managing components
    • Setting up Salesforce Experience Cloud
    • Managing resident functions
    • Managing InCountry cache
    • Managing Apex triggers
    • Managing record synchronization
    • Managing web forms
    • Tracking changes to data regulation policies and regulated fields
    • Using Email-to-Case feature
    • Debugging
    • Migrating data from one Salesforce organization to another
  • Developer’s guide
    • Apex SDK
    • JavaScript API
    • Retrieving record statistics
    • Tracking field history
  • User's guide
    • Working with protected fields
    • Sending compliant email messages
    • Importing data into Salesforce
    • Migrating records
    • Managing audit reports
    • Converting leads
    • Managing reports
    • Using formula fields
    • Using frontend validations
    • FAQ
    • Release notes
Payment Vault
  • Documentation
BYOK
  • Documentation
FAQ
  • Get started with the platform
  • Integration options
  • Data regulation models
  • Limits and quotas
  • Video tutorials
Service Status
  • Status

Overview

About InCountry

InCountry provides the data residency services to companies looking to comply with local country regulations and requirements for storing sensitive and regulated data. InCountry has designed a fully-fledged and robust solution for managing and storing this data in over 90 countries. You no longer need to build manual solutions for each country you are operating in.

Introduction to the InCountry Data Residency for Salesforce

Salesforce is the leading customer relationship management (CRM) platform for businesses of any size and specialization. All your marketing, sales, commerce, service, and IT teams can collaborate and communicate with your customers in one place and in different ways.

Regulated data storage in Salesforce

Salesforce-hosted data centers are located in 6 countries. This is not sufficient for the world-wide companies and corporations that manage regulated data of customers. InCountry expands the list to over 90 countries where you can store regulated data and be sure that you do not violate any local laws or regulations.

With the InCountry Data Residency for Salesforce solution, you can have a single Salesforce instance to store regulated data in over 90 different countries. You do not need to have a dedicated Salesforce instance for each country or region to comply with all sorts of regulations you have to adhere to.

By default, Salesforce does not restrict the visibility of regulated data in the Salesforce instance for agents that work from other countries and are not allowed to view this data. The InCountry Data Residency for Salesforce package addresses this problem and provides configuration that can restrict the visibility of regulated data to agents working in the origin country only.

Data flow

InCountry Data Residency for Salesforce allows customers to separate the streams of regulated and non-regulated data and store each one in different places. This way you store the non-regulated data in Salesforce, and regulated data on the InCountry platform in the specific country.

Data flow

All the regulated data stored on the InCountry platform is encrypted on the fly with the customer-owned key, so the data is kept secure and safe.

Data Regulation Models for Salesforce

In the standard Salesforce application architecture, all of the data is stored and processed in the cloud and can be viewed by anyone with sufficient permissions, regardless of which country they are attempting to access the data from.

Data Regulation Models for Salesforce

When integrated with the InCountry Data Residency for Salesforce package, a Salesforce organization can be configured to store regulated data according to one of the three standard data regulation models described below:

Data Handling Salesforce
without InCountry
InCountry Data Residency Model
Replication Restriction Redaction
Storage Outside Only Inside & Outside Inside Only Inside Only
Processing Outside Only Outside Outside Inside Only
Viewing Inside & Outside Inside & Outside Inside & Outside Inside Only

In the following sections, we will describe the data flow specific to these data regulation models and outline the advantages and disadvantages of each one.

Package scope

The InCountry Data Residency for Salesforce package can come in two scopes, as follows:

  1. Legacy package - package supporting the legacy replication model.

  2. Three-model package - package supporting the redaction, restriction, and UI-based replication models.

The following sections describe how data regulation models differ between each other and how differently data flows are handled.

Legacy replication

The replication model requires that regulated data is first written to a data store inside the country from which data originates. Once this requirement is fulfilled, then regulated data can be written to the Salesforce cloud database hosted outside the country of origin. Whenever records that include regulated data are created, updated, or deleted, they are synchronized with the InCountry platform. When a user wants to view the data or a server outside the country needs to process this regulated data, then it fetches the copy of this data hosted in the Salesforce cloud database.

Legacy replication

UI-based replication

The replication model requires that regulated data is first written to a data store inside the country from which data originates. Once this requirement is fulfilled, then regulated data can be written to the Salesforce cloud database hosted outside the country of origin. Whenever records that include regulated data are created, updated, or deleted, they are synchronized with the InCountry platform. When a user wants to view the data or a server outside the country needs to process this regulated data, then it fetches the copy of this data hosted in the Salesforce cloud database.

The main difference between the UI-based replication model and the legacy replication model is the data flow. When using the legacy replication model, regulated records are handled by Apex triggers that use the two-phase commit process. When using the UI-based replication model, regulated records are handled through Lightning UI components and are written directly to the InCountry platform from the Salesforce UI, and only then records are saved to the Salesforce database.

note

Before implementing the replication model, please check their implementation specifics to better understand advantages and disadvantages of each approach.

UI-based replication

Restriction

The restriction model requires that regulated data is stored inside the country of origin ONLY. Therefore, it is necessary to store a one-way hash in the Salesforce cloud database outside the country of origin in place of regulated data. However, the cross-border transfer of regulated data is still allowed for processing and viewing. Whenever records that include regulated data are created, updated, or deleted, they are synchronized to the InCountry platform. When a user wants to view regulated data or a server outside the country needs to process this data, it must read the data from the InCountry platform, perform the necessary action, and then drop the data.

Restriction

Redaction

The redaction model requires that regulated data is stored inside the country of origin ONLY. Therefore, it is necessary to store a one-way hash on the Salesforce cloud server outside the country in place of regulated data. Furthermore, the cross-border transfer of regulated data for processing and viewing is NOT permitted. Whenever records that contain regulated data are created, updated, or deleted, the request must go directly from the application interface inside the country to the InCountry point of presence inside the country. When users inside the country want to view regulated data, they must read the data from the InCountry platform. Regulated data cannot be transferred outside the country for processing, so any server-side processing must be re-implemented as resident functions. These resident functions can perform simple validations and manipulation of regulated data fields and then return non-regulated values, like true/false, to the cloud application server. Due to the effort required for implementing resident functions for all the necessary workflows, it is very important to define what is regulated data as narrowly as possible in the Redaction model.

Redaction

← AboutQuick start guide for three-model package →
  • About InCountry
  • Introduction to the InCountry Data Residency for Salesforce
    • Regulated data storage in Salesforce
    • Data flow
  • Data Regulation Models for Salesforce
  • Package scope
  • Legacy replication
  • UI-based replication
  • Restriction
  • Redaction
InCountry logo blue
© InCountry 2022.
All rights reserved. InCountry, Inc
  • PRIVACY POLICY
  • TERMS OF SERVICE
  • Social share
    • YouTube logo
    • Facebook logo
    • Twitter logo
    • LinkedIn
  • Column 1
    • Products
      • Products
        • InCountry for Salesforce
        • Data Residency-as-a-Service
        • Alibaba Cloud InCountry Service
        • Compliance and security
      • Gateways
        • Email
        • Payment Vault
        • Web Forms
        • HTML
      • Developers
        • REST API
        • SDK
  • Column 2
    • Solutions
      • Automotive
      • Energy
      • Financial services
      • Healthcare
      • Retail
      • Technology
    • Integrations
      • Cegid
      • Intertrust
      • MuleSoft
      • PayPal
      • Salesforce
      • ServiceNow
      • Stripe
      • Veeva Systems
      • Yandex
  • Column 3
    • Resources
      • Country compliance
      • Documentation
      • Library
      • Partners
      • Pricing
    • About
      • News and Blog
      • Careers
      • Contact Us
      • FAQ
      • Leadership