Back to blog

5 Things You Should Know About Securing Salesforce

Securing your Salesforce instance should be a top priority. But having it be a priority and knowing what to do about it are two different topics. It is a complex topic, but the following “5 things you should know about securing Salesforce” will help your organization get started.

Understand and embrace the Shared Responsibility Model, a core tenant of Salesforce’s security strategy and securing Salesforce

Salesforce follows the Shared Responsibility Model and believes security is a shared responsibility between Salesforce and its customers. The same model is used by virtually all cloud providers, including Amazon Web Services, Google Cloud and Microsoft Azure. At the most elemental level, the cloud provider is responsible for the security of their cloud offering and its underlying infrastructure. At the same time, customers (end users) are responsible for the security of the data stored in the cloud environment. With the shared responsibility model, customers must understand what the cloud provider is not doing and fill those security gaps. Recognizing the enterprise has a role in securing its Salesforce instance and understanding the limits of what Salesforce (as a cloud provider) offers is a critical first step to developing a comprehensive Salesforce-related security strategy.

Salesforce provides many tools to help secure your environment, but it’s the enterprise’s role to implement and maintain them correctly

Salesforce provides a 300+ page Salesforce Security Guide covering everything from the basics to advanced security topics. This guide is an excellent resource for enterprise Salesforce security and administration teams as it details specific topics, including health checking, auditing, authentication, user data access, data sharing, permissions, data encryption use, real-time events monitoring and more. While understanding this information is extremely valuable, proper actions by the enterprise are required to ensure a secure Salesforce environment and instance.

For example, Salesforce data-sharing models can be very simple, but a large enterprise will likely require something more complex and nuanced. Selecting the data set that each user, or group of users, can see and ensuring it is properly configured is key. There needs to be a balance between limiting access to data (minimizing risk) versus the convenience of data access for your users. Thus, Salesforce administrators must understand sharing models in-depth to ensure that data is only available and exposed to the proper set of users.

Include a defense-in-depth approach for securing Salesforce with these best practices

Defense-in-depth is a cybersecurity strategy that uses multiple layers of security services and tools to defend an organization’s data assets. The theory behind defense-in-depth is that if one layer of security is penetrated, assets will still be defended by the remaining layers of security. Examples of tools and approaches that can provide a defense-in-depth for your Salesforce instance include:

  • Multi-factor authentication (MFA): a secure authentication method that requires users to prove their identity by supplying two or more pieces of evidence (or factors) when they log in. MFA today is now ubiquitous for web-based applications. It can help defend against phishing, credential stuffing, and account takeovers and should be considered a requirement for all Salesforce users.
  • Restricting Login IP Addresses in Profiles: Sales admins can control login access at the user level by specifying a range of allowed IP addresses on a user’s profile. When IP address restrictions are defined for a profile, a login from any other IP address is denied.
  • Permission Sets: A permission set is a collection of settings and permissions that give users access to various tools and functions. It extends users’ functional access without changing their profiles and is the recommended way to manage your users’ permissions.
  • Single Sign-On (SSO): SSO is an authentication method that enables users to access multiple applications with one login and one set of credentials. Single sign-on (SSO) can be considered part of a defense-in-depth strategy because it can encourage stronger password hygiene. However, SSO by itself doesn’t thwart identity-based attacks.
  • Custom Login Flows: A login flow directs users through a login process before they access your Salesforce instance. A login flow can control users’ business processes when they login to Salesforce. After Salesforce authenticates a user, the login flow directs the user through a process such as enforcing strong authentication or collecting user information. When users complete the login flow successfully, they’re redirected to their Salesforce instance. If unsuccessful, the flow can log out users immediately.

When securing Salesforce don’t forget that sensitive and critical enterprise data can be exported or “leaked”

Securing Salesforce also means monitoring what data can be moved, transferred or leaked out of Salesforce. Users can export data that they have access to. Hence, it is critical to have a monitoring tool to monitor activity and detect/prevent data leakage.

Salesforce supports real-time event monitoring to monitor and detect standard events in Salesforce in near real-time. Event data can then be stored for auditing or reporting purposes. With real-time event monitoring, enterprises can see what data has been accessed, by whom, and whether the data has changed. This proactive monitoring should be part of a comprehensive Salesforce security strategy.

Salesforce does not scan data for malware, but WithSecure Cloud Protection for Salesforce does

The Shared Responsibility Model defines that customers are responsible for the security of their data. While Salesforce’s infrastructure security provides an extremely strong foundation, no built-in threat detection exists, as this is the customer’s responsibility. As such, customers must employ tools for malware and phishing attacks.

WithSecure™ Cloud Protection for Salesforce reduces risk and keeps your enterprise compliant by scanning all Salesforce files, URLs and QR codes for cyber threats. WithSecure Cloud Protection for Salesforce, a native application that runs in your Salesforce environment, prevents malicious and disallowed content from entering your Salesforce environment via files, web links and email messages. The application secures Salesforce to mitigate advanced cyber threats on Salesforce by:

  • Providing real-time protection and instant visibility
  • Working seamlessly with enterprise customizations and workflows
  • Complement the infrastructure security controls that Salesforce provides

WithSecure Cloud Protection for Salesforce meets the strict compliance requirements of modern enterprises and critical public sector organizations. It was designed with Salesforce to make securing Salesforce instances very easy. Together with the Best Practices and other recommendations discussed above, every Salesforce customer can be confident in a more secure environment.

Want to know more? Get to know WithSecure Cloud Protection for Salesforce, or use the form below to contact our team to discuss your Salesforce security requirements.