When will Salesforce be deprecated?

Salesforce has not published PQC migration timelines. Follow NIST guidance for planning.

SaaS Platform

Is Salesforce Quantum Safe?

Not Quantum Safe

Not yet. Salesforce has not publicly announced post-quantum cryptography migration plans for its platform. All Salesforce API connections and data-in-transit use classical TLS with RSA/ECDSA key exchange.

Key Takeaway: Salesforce is NOT quantum safe. Scan your Salesforce integrations with QScout to map all cryptographic dependencies. Monitor Salesforce Trust (trust.salesforce.com) for PQC announcements. Consider application-level PQC encryption for highest-sensitivity data.

Technical Analysis

Salesforce is NOT quantum safe today. **Current State:** Salesforce uses TLS 1.2 (with TLS 1.3 rollout in progress) for all API connections, browser sessions, and inter-service communication. Authentication tokens, OAuth flows, and Salesforce Shield encryption all rely on classical cryptography. **PQC Progress:** Salesforce has not publicly released a PQC migration roadmap: - **Shield Platform Encryption**: Uses AES-256 for data at rest (quantum-resistant), but key exchange and key wrapping use classical algorithms. - **Salesforce APIs**: REST and SOAP APIs use TLS with RSA/ECDSA certificates. - **MuleSoft**: Integration platform uses classical TLS for all connections. **HNDL Risk:** Salesforce contains some of the most sensitive enterprise data: customer records, pipeline data, commercial terms, contracts. Data intercepted in transit today could be decrypted by a future quantum computer. This is especially concerning for financial services and government Salesforce deployments. **What Organizations Should Do:** Inventory all Salesforce integrations, connected apps, and API connections. Identify data flows with long-term confidentiality requirements. Use QScout to discover all cryptographic dependencies in your Salesforce ecosystem including MuleSoft, Heroku, and Tableau.

Full Name	Salesforce CRM and Platform
Category	saas
Quantum Vulnerability	All Salesforce TLS connections use classical key exchange (RSA/ECDH) vulnerable to quantum attack. Shield encryption (AES-256) for data at rest is quantum-resistant.
NIST Status	Salesforce has not publicly announced alignment with NIST PQC standards.
Deprecation Timeline	Salesforce has not published PQC migration timelines. Follow NIST guidance for planning.
Replaced By	Salesforce TLS will need to migrate to ML-KEM for key exchange when Salesforce deploys PQC support

Migration Guidance

Scan your Salesforce integrations with QScout to map all cryptographic dependencies. Monitor Salesforce Trust (trust.salesforce.com) for PQC announcements. Consider application-level PQC encryption for highest-sensitivity data.

Related Algorithms

TLS 1.2

Transport Layer Security 1.2

RSA-2048

RSA with 2048-bit keys

AES-256

Advanced Encryption Standard with 256-bit keys

ServiceNow

ServiceNow IT Service Management Platform

Workday

Workday HCM and Financial Management

How Qtonic Quantum Can Help

QScout Surface/Silver/Gold — Discover every instance of Salesforce in your infrastructure. 7-day cryptographic inventory with HNDL exposure scoring.

Assessment Methodology — 70 security modules covering cryptographic discovery, quantum threat modeling, and migration planning.

Back to Algorithm Database — Explore 25+ cryptographic algorithms and their quantum safety status.

Don’t Know Where Salesforce Lives in Your Stack?

QScout discovers every instance of Salesforce across your infrastructure in 7 days — with zero operational disruption. 72-hour time to first findings.

Schedule Assessment Try Risk Calculator

Assess your quantum-vulnerable cryptography with QScout, validate readiness with QStrike, or plan your migration with QSolve.