Shield adds enterprise security features; testing verifies they work.
Platform Encryption:
- Field encrypted — verify encrypted at rest.
- Decryption — works for permitted users.
- Key revocation — data becomes unreadable.
- Performance — encryption overhead acceptable.
- Feature compatibility — formula fields, reports work or break as expected.
Field Audit Trail:
- History captured for tracked fields.
- Retention — 10-year history accessible.
- Performance — audit doesn't slow operations.
- Reports — audit data queryable.
Event Monitoring:
- Events generated — login, API call, report run, etc.
- Files delivered — hourly to S3 or sObject.
- Coverage — all expected events captured.
- Performance impact — minimal.
Transaction Security Policies:
- Policies fire when conditions met.
- Block / alert correctly.
- Performance — policies don't slow user actions.
Test approach:
- Manual testing for setup verification.
- Automated testing for behaviour verification.
- Performance testing for impact.
- Security testing with attempted bypass.
Common pitfalls:
- Encryption broken silently — formula fields fail.
- Missing audit events — coverage gaps.
- Policy false positives — legitimate actions blocked.
Senior insight: Shield testing requires Shield licenses for sandboxes. Plan accordingly.