CipherCloud for Salesforce Uses Encryption and Tokenization to Protect PII and Financial Data
  • Headquarters: Washington DC
  • Industry: Government Finance
  • Services: Provide US government backing for mortgage providers
  • Key Regulations:  FISMA
  • Founded: 1968
  • Automate a legacy, paper-based loan application submission system in the cloud
  • Leverage Salesforce to improve customer interaction, loan approval, and records management
  • Assure privacy for sensitive customer financial data (bank statements, credit info, etc.)
  • CipherCloud for Salesforce to tokenize sensitive data
  • Detect malware in document attachments from outsiders
  • Deploy in conjunction with Delloitte who managed SFDC integration
  • Efficiencies and cost savings by moving CRM to the cloud
  • Goodbye outdated paper-based system, Hello Salesforce
  • Improved responsiveness and flexibility while reducing infrastructure costs

Government-Owned Mortgage Backer Moves Loan App Process to the Cloud

CipherCloud for Salesforce Uses Encryption and Tokenization to Protect PII and Financial Data


A small but critical government-owned mortgage backer strives to make home ownership a reality for low to moderate income households in America. Founded in 1968, they’ve been helping mortgage lenders and buyers get better pricing for their loans. The savings realized here allows them to make more new mortgage loans available.

Relying on paper-based loan application process for decades, the company was
highly motivated to move their CRM system and loan approval process to a cloud-based system. This would enable them to improve their customer interaction and provide better service, as well as gain the efficiencies of managing their loan approvals and records online. First though, they needed a security system in place that would protect PII (personally identifiable information) and financial data in the cloud.


The organization selected Salesforce (SFDC) for their cloud-based CRM system. The new system would encompass their new online loan submission and approval process. They needed to protect PII information in the cloud, as well as financial data, including numbers in recognizable formats, such as credit card numbers.

To protect this information, their new Salesforce system would need to:

  • Protect PII and other financial data  (bank statements, credit info, etc.) present in Salesforce submissions forms
  • Tokenize specific data fields to keep critical data out of the cloud
  • Integrate seamlessly with Salesforce to support user’s normal search functions

CipherCloud for Salesforce was the ideal solution for this government mortgage and finance organization. CipherCloud’s solution provides tokenization  of data contained in Salesforce, for which the company was able to define and specify the fields to protect according to their security policy.

With tokenization, randomly generated values are substituted for the original data, which never leaves the enterprise. The original data and mappings for the substitutes are stored locally in a secure Oracle  database.  The substitute tokens that are uploaded to Salesforce function as normal data, but have no mathematical correlation to the original data. All critical functions of Salesforce, including searching and reporting remain fully functional.  Employing this protective measure helped them satisfy regulations for protecting critical financial information.

The company also relies on CipherCloud’s provision of malware detection for scanning document attachments from parties outside the organization.


The government organization realized significant benefits by moving its CRM system to the cloud. They replaced an archaic paper-based system with the modern Salesforce which streamlined and sped up their loan application processing. This enabled them to provide a higher level of responsiveness to their customers while also saving on infrastructure costs.