🔥 Join us at Midwest Dreamin’ 2025 on July 16th, 2025

WithSecure™ Cloud Protection for Salesforce
  • Home
  • Product
    • Product overviewLearn how WithSecure protects your Salesforce from advanced cyber threats.
    • All featuresExplore product features in detail
    • File protectionDefend your organization against malware and ransomware attacks.
    • URL protectionPrevent phishing and malicious URL attacks with real-time protection.
    • Analytics and visibilityGet comprehensive real-time visibility into security events.
  • Solutions
  • Customers
  • Pricing
  • Resources
    • SupportHow to install, configure and troubleshoot the product.
    • Events & webinars3 upcomingWhere are we headed next? See our upcoming schedule.
    • ComplianceSee what certifications we have and how we comply with regulations.
    • BlogGet the latest product updates and Salesforce security insights.
    • DatasheetsAccess our datasheets, solution overviews and other collaterals.
    • For partnersLet’s deliver more value to Salesforce customers – together.
    • Risk assessmentGet your free Salesforce content risk assessment.
    • About usLearn who we are, why we do what we do and how it all started.
  • EN
    • English
    • 日本語 (Japanese)
  • Book a demoClaim your free 15-day trial
  • EN
    • English
    • 日本語 (Japanese)
  • Book a demoClaim your free 15-day trial
  • Reverse engineering a pain point: How field uploads exposed a hidden threat in Salesforce

    When mobile reps became an unexpected attack vector, a leading manufacturing firm needed help to close the gap.

    When most people think about Salesforce security, they focus on access controls, user permissions, or app integrations. But in industries like manufacturing, the real risks often hide inside the workflows themselves.

    One of our largest customers operates across multiple industrial and construction sites. Their Salesforce environment is a critical system, used daily by hundreds of mobile field reps visiting construction zones, factories, and customer facilities. These reps use Salesforce on tablets or phones (often personal or temporary work-issued devices) to:

    • Upload site photos and equipment images
    • Send and receive customer agreements
    • Share inspection documents
    • Communicate with internal teams

    This is exactly what Salesforce Field Service is built for: fast, flexible, on-the-ground engagement. And with Salesforce Agentforce introducing generative AI features, productivity is only accelerating. But so is the attack surface.

    The hidden threat: Files from the field

    This customer’s security team didn’t come to us looking for a Salesforce plugin. Their concern began with one simple, urgent question:

    “How do we make sure files coming in from the field aren’t putting us at risk?”

    Under the Shared Responsibility Model, Salesforce secures its infrastructure, but ensuring uploaded files are safe is up to the customer. And that’s where things got risky. The reps were uploading more than just notes. We’re talking about:

    • PDFs and Excel files
    • CAD drawings
    • Scanned contracts
    • High-resolution images and videos

    Many of these uploads came from unmanaged, personally owned, or third-party devices with unknown security standards. Once in Salesforce, those files were shared across legal, procurement, and other departments—making it easy for malware to propagate silently through the organization.

    From pain point to protection

    Rather than jumping to a product pitch, we started by mapping the real-world risks:

    • Mobile reps using unmanaged or temporary devices
    • A daily flow of rich, unverified content into Salesforce
    • No visibility into file safety at the point of entry
    • Agentforce likely increasing this content stream
    • Internal risk from lateral movement of threats

    The solution? A native security layer inside Salesforce itself.

    By scanning every file upload and download in real time—within the Salesforce environment—they were able to:

    • Close the file security gap without slowing reps down
    • Extend protection to devices outside IT’s control
    • Support audit and compliance even with third-party contributors

    Best of all, the fix didn’t disrupt the workflow. Reps kept using Salesforce as usual. No new apps. No retraining. Just fast, invisible protection—average scan time under a second.

    Why this matters for manufacturing

    This isn’t just one company’s story. We’re seeing the same challenge across manufacturing, logistics, and construction—anywhere mobile or contract-based workforces rely on Salesforce. These environments often involve:

    • Temporary labor and outsourced contractors
    • Mobile uploads from remote job sites
    • Complex document workflows spanning departments

    Unchecked, these uploads can bypass traditional perimeter defenses. That’s why embedding security inside Salesforce—where the files actually land—is essential.

    Bigger than one customer

    Sometimes, the vulnerability isn’t in the code. It’s in how legitimate users interact with powerful tools. A mobile workforce, doing their job, can unintentionally open doors to attack. That’s why security has to follow the workflow—not the other way around.

    In this case, that mindset led to one of our most impactful deployments—and a safer, smarter way to support sales teams in the field.

    Curious if something similar is happening in your Salesforce environment?

    Find out more on our solutions page

  • Credential theft, malware, and the hidden risk to Salesforce environments

    ABC News Australia, a national broadcaster, recently revealed a large-scale malware operation that stole credentials from employees and customers of several top-tier Australian banks.

    While this breach did not involve Salesforce directly, the methods used should raise red flags for any organization relying on cloud-based platforms like it. Credential theft and session hijacking—whether targeting banking portals, CRM systems, or collaboration tools—are part of a broader trend in cybercrime that exploits the weakest link: end users.

    If Salesforce is your organization’s central hub for customer interactions, service, or internal operations, this kind of attack offers a clear warning. It’s not about whether your platform was the entry point—it’s about how easily attackers can pivot into cloud environments using valid credentials.

    What the credential theft malware attack revealed

    The malware campaign, believed to be operated out of Eastern Europe, compromised over 60,000 devices in Australia, including thousands of employee and customer endpoints linked to major financial institutions.

    Key facts:

    • Malware captured login credentials, cookies, and session tokens.
    • At least 250 employee devices from major banks were affected.
    • Customer banking credentials and multi-factor authentication bypass data were harvested.
    • The stolen information was sold on dark web marketplaces, ready to be used for account takeovers, phishing campaigns, and lateral movement into connected platforms.

    Why Salesforce security is at risk from credential theft

    Even though this wasn’t explicitly a Salesforce-linked attack, and if your organization wasn’t directly impacted, there are some key lessons here for those responsible for securing Salesforce environments:

    Your users are the new attack surface.

    This campaign didn’t exploit system vulnerabilities—it targeted individual users. When attackers obtain valid login details, especially those that can bypass security checks, they can gain access to cloud platforms like Salesforce with little resistance. This breach involving stolen Jira credentials shows just how easily attackers can pivot into connected platforms like Salesforce using legitimate access.

    Credential dumps enable targeted phishing and impersonation.

    Once user data is exposed, attackers often move quickly—crafting convincing messages, impersonating employees, and targeting systems that trust those identities.

    Think it couldn’t happen in Salesforce? think again

    Salesforce is one of the most trusted enterprise platforms in the world; however, like any cloud service, it operates on a shared responsibility model. Salesforce secures the infrastructure, while you are responsible for your data, users, and access controls.

    • Malware on an endpoint device, such as on a user’s laptop, can still compromise Salesforce session tokens or browser credentials.
    • API integrations and third-party apps can be exploited if access controls are too permissive.
    • Threats such as phishing links and harmful file uploads can still bypass native protections, particularly in tools like Salesforce Experience, Service Cloud, or Email-to-Case, Web-tO-case, real-time Agentforce conversations, and messaging solutions connected to Salesforce.

    How to strengthen Salesforce security against credential-based attacks

    This incident is a wake-up call for organizations relying on Salesforce. Fortunately, you can take practical steps now to reduce your exposure.

    Harden access and session controls

    • Watch for unusual login patterns—even those from recognised users.
    • Apply the principle of least privilege to user roles and access.

    Inspect what your users upload or click

    • Malicious attachments and phishing links can be injected into Salesforce records.
    • Native platform defenses don’t always catch modern threats – use advanced scanning tools that analyze content in real time.

    Protect beyond the login screen

    • Threat actors don’t need to “break in” when they can walk in with valid credentials.
    • Invest in behavior-based threat detection to spot suspicious activity inside the platform.
    • Identity Protection tools will help you quickly identify users with stolen credentials and take action.

    Why endpoint security isn’t enough for Salesforce protection

    As this breach shows, once an attacker has valid credentials or hijacks a session, traditional defences often fall short, especially when malicious content is introduced after login, via uploads, links, or third-party integrations.

    To reduce risk within Salesforce, security controls must extend beyond the perimeter. They need to work inside the platform—scanning for threats, detecting unusual activity, and protecting the areas where attackers are most likely to strike.

    Importantly, these protections must function within the Salesforce environment, not merely at the perimeter or endpoint. Many security strategies overlook this gap, where risk quietly accumulates.

    Malware doesn’t stop at endpoints – and neither should your security. When attackers access credentials and session data, any cloud service in your stack, including Salesforce, becomes a target. The recent breach should be a stark reminder: you can’t afford to treat Salesforce security as an afterthought.

    This latest breach is a reminder: the threat is already in motion. The question is—how prepared are you?

  • Salesforce security: What you REALLY need to know

    Let’s talk about something that matters to everyone using Salesforce – security. Not the dry, technical stuff (though we’ll touch on that), but the real-world implications of how we protect data in Salesforce today.

    Remember when Salesforce first showed up 25+ years ago? They weren’t just selling software—they were asking businesses to do something radical: “Hey, trust us with your customer data on this internet thing.” Pretty bold ask back then!

    That fundamental need for trust hasn’t changed. If anything, it’s become more critical as more of our business lives move to the cloud. Ensure you are deploying only enterprise-grade and certified solutions.

    Navigating the regulatory maze

    The regulatory landscape has gotten… complicated, to put it mildly. While there aren’t many cloud-specific regulations, we’re all feeling the impact of GDPR, CCPA, Australia’s Privacy Act, and similar laws worldwide.

    What’s interesting is how these regulations are actually driving innovation. Cloud providers are constantly evolving their offerings to meet higher standards, from data residency options to local data centers to better cross-border transfer solutions.

    Also, make sure your cybersecurity vendor is certified with excellence by the ones that matter, like ISO27001 and ISAE300 Type 2 (SOC2 Type 2).

    Being resilient when (not if) things go wrong

    Let’s be real—cyber incidents will happen. The question isn’t if, but when. That’s why cyber resilience matters so much.

    Being resilient means you can keep your business running even when facing cyber problems. It’s about preparing beforehand, detecting issues quickly, responding effectively, recovering smoothly, and adapting for next time.

    And make sure your cyber security solutions provide full visibility of the content activity within your cloud solutions – without that you are flying blind when the proverbial hits the fan.

    Who’s responsible for what? The cloud security dance

    One of the biggest misunderstandings in cloud security is who handles what. It’s a partnership, not a handoff:

    • Salesforce handles the security OF the cloud (infrastructure, data centers, platform security)
    • You handle security IN the cloud (user access, configurations, data, malware, and phishing protection)

    The problem? Many organizations think moving to the cloud means transferring all security responsibilities to the provider. Not true! And this misunderstanding creates dangerous security gaps.

    Even more frustrating, many organizations aren’t using the security features they’re already paying for. Tools like event monitoring, encryption options, malware and phishing scanning options, and log analysis often sit unused.

    AI: Double-edged sword

    AI is changing everything in the security world. On one hand, it’s giving security teams superpowers—helping them detect threats faster, respond more accurately, and cover more ground with fewer people. And cyber security companies like us have only expanded the usage of AI since we started automated analysis in 2006.

    But there’s a flip side:

    • AI can amplify biases from training data
    • Data privacy becomes trickier when large datasets are involved
    • Attackers can fool AI systems with adversarial techniques
    • Deepfakes make verification harder than ever
    • Ethical questions emerge when AI makes important decisions

    The key is finding the balance—leveraging AI’s benefits while carefully managing these risks.

    Different industries, different challenges

    If you’re in financial services, healthcare, or the public sector, you know the compliance burden is especially heavy. Each region has its own requirements, too—Australia has IRAP, the US has FedRAMP, Germany has C5, and Japan has ISMAP.

    Interestingly, these highly regulated industries also see more “shadow AI” use, where employees bypass official channels to use productivity-enhancing AI tools. This highlights why clear policies and education are so important.

    Getting CRM and security teams on the same page

    Here’s something that happens all too often: CRM teams plan and implement Salesforce without bringing security experts in early enough. By the time security gets involved, major decisions are already locked in.

    The better approach? Involve security from day one of planning. Help them understand what data you’re storing, what business processes you’re supporting, how your community is interacting, and how everything connects.

    This partnership approach builds security in from the start rather than bolting it on later. Typically, when you open your Salesforce to external communities, the threat level jumps through the roof.

    What this all means for you

    The bottom line is that securing Salesforce today requires understanding that it’s a shared responsibility. It means being prepared for incidents rather than just trying to prevent them. And it requires thoughtful governance around new technologies like AI.

    The organizations that get this right aren’t necessarily the ones spending the most money. They’re the ones fostering collaboration between business, security teams, and cybersecurity vendors, making full use of existing security features, and staying adaptable as the landscape continues to evolve.

    What security challenges are you facing with your Salesforce implementation? The conversation is just beginning.

    Take a look at the fireside chat I had with Chetan Sansare, Senior Director Security and Regulatory Compliance APAC and Gayan Benedict, CTO (ANZ), Salesforce for an even deeper dive.

  • Securing the future of Agentforce: Why Salesforce data governance can’t be an afterthought

    Let’s be clear – when Salesforce becomes your digital front door, your responsibility doesn’t end at deployment. That’s where it begins.

    The security responsibility is yours (and Salesforce’s)

    There’s a persistent myth: “Salesforce handles all the security stuff.” This isn’t the case.

    Yes, Salesforce provides world-class infrastructure – the data centers, the failover systems, the platform fundamentals. But everything inside your org? The users, custom apps, and most importantly, your data? That’s entirely your responsibility.

    If someone uploads malicious content or a team member accidentally nukes a critical dataset, Salesforce isn’t swooping in to save the day. You need your own safety nets.

    That’s exactly why we created WithSecure Cloud Protection for Salesforce back in 2015. We couldn’t find a native solution to scan incoming files and URLs from Experience Cloud users, so we built one ourselves. Today, hundreds of organizations rely on it for real-time protection.

    The hidden danger: unstructured data

    One of the biggest blind spots is unstructured data – all those files, images, and links coming in through portals, forms, chat interfaces, and partner connections. These are malware superhighways.

    Agentforce only amplifies this risk. It’s designed to respond quickly by drawing from multiple data sources. If that data isn’t properly scanned and secured, you’re essentially building a high-speed highway to your most sensitive information.

    Our solution scans files and links in under a second, and that timing matters. Agentforce needs to respond in about 1.5 seconds to meet user expectations. If your security can’t keep pace, it becomes either a bottleneck or something teams will work around (which is even worse).

    Backup isn’t enough (but It’s a start)

    Let’s talk about what actually happens when things go wrong. In my experience, data loss rarely comes from dramatic hacks. It’s usually something mundane: a cleanup job gone sideways, a picklist error, or a field mismatch that cascades across thousands of records.

    When that happens, you need more than just a backup – you need precision recovery. You need to know exactly what changed, what needs fixing, and which data is valid.

    And as your org grows? Performance starts to suffer. Reports crawl, dashboards lag, and users can’t find what they need. That’s where strategic archiving becomes crucial – keeping your Salesforce instance lean and responsive while preserving historical context that your AI tools need to function effectively.

    AI doesn’t have a conscience

    Here’s something that keeps me up at night: AI models will happily process whatever data they’re given, including highly regulated or sensitive information. They don’t know any better.

    It’s up to us to control what these models see and don’t see. That means implementing data masking, tokenization, and encryption before data even enters the AI pipeline. At WithSecure, we partner with companies like Odaseva to ensure sensitive information stays encrypted end-to-end, never exposed, not even during processing.

    This way, you get the intelligence without the regulatory nightmares.

    The missing link: collaboration

    Want to know a common vulnerability I encounter? It’s not technical – it’s organizational. Salesforce admins and cybersecurity teams simply aren’t talking to each other.

    When they do collaborate, magic happens. Risk decreases. Deployment speed increases. Compliance becomes manageable rather than painful.

    The best results come when these teams work as one unit – building policies together, selecting tools together, and responding to incidents with a unified approach. Security isn’t a solo act – it’s the ultimate team sport.

    What you should do today

    If you’re expanding your Salesforce footprint or implementing Agentforce, here’s my practical advice:

    Know what’s lurking in your org – If you’ve used Salesforce for years, there’s likely already malware sitting quietly in old files or attachments. A comprehensive scan can identify and remove these threats.

    Reassess risk whenever anything changes – New user groups? New data types? New features? Each one brings potential vulnerabilities. Don’t wait for something to break.

    Watch those chat interfaces – Agentforce increasingly operates across WhatsApp, Messenger, websites, and more. These are high-risk entry points where unstructured data flows fast and often unfiltered.

    Test your recovery plan – Don’t just have backups; run simulations. Test restoration. Create response playbooks. When something goes wrong, you want muscle memory, not panic.

    The bottom line

    Agentforce is genuinely transformative. It enables faster, smarter, always-on service that customers increasingly expect. But it also significantly increases both the complexity and exposure of your Salesforce environment.

    Here’s the good news: you don’t have to choose between innovation and security. With the right tools and partnerships, you can build a Salesforce experience that’s fast, intelligent, and secure by design.

    And that’s how you unlock the real value of Agentforce – without risking everything else in the process.

    I recently took part in a conversation about this very topic. Take a look below!

  • Salesforce data protection 101 – What is the Salesforce security model?

    Why understanding Salesforce security is important

    Salesforce a powerhouse in CRM solutions, delivering a wide range of digital experiences to its users. Its widespread adoption across industries – and among critical enterprises and governmental agencies – makes it a huge data repository. The goldmine of sensitive data unfortunately attracts money motivated cybercriminals, who today are getting into corporate networks through any channel they can. In other words, they are now only looking at conventional channels like email. Valuable data, operational criticality and the interest of attackers puts pressure on the defenders to gear up on Salesforce security measures.

    Shared responsibility model sets the rules in Salesforce data security

    Salesforce’s security framework is based on a shared responsibility model. This model defines the security obligations between Salesforce and its users. While Salesforce provides a highly secure cloud infrastructure with plenty of security controls, users are responsible for configuring these settings and mitigating external risks to protect their data effectively. This collaborative approach ensures that every layer of potential vulnerability can be addressed by the correct roles.

    Multiple levels of Salesforce data security measures

    Understanding Salesforce’s comprehensive security setup is crucial for effective data protection. Salesforce structures its security model into four levels to streamline administration and ensure thorough protection:

    1. Organizational level security: This primary security level involves basic access controls like setting trusted IP ranges and defining login hours to prevent unauthorized access.
    2. Object level security: At this level, administrators control access to various data sets or “objects” within Salesforce, which can be likened to tables in a database. Modern best practices recommend using Permission Sets for flexible and scalable access management.
    3. Field level security: This allows admins to control access to specific fields within an object, ensuring users see only the data essential to their role.
    4. Record level security: This level controls access to individual records within an object. Salesforce offers several methods to fine-tune record visibility and sharing settings, enhancing collaboration without compromising security.
    Four key levels of security in Salesforce security model

    Organizational level security

    At the foundational level, organizational security involves securing access to your Salesforce system. This includes setting up restrictions such as trusted IP ranges from which users can log in—accessible via the Login IP Ranges section of a user’s profile. Additionally, Login Hours can be specified to limit user access to predefined times.

    To bolster organizational security, Salesforce administrators should enforce strong password policies and consider integrating advanced security solutions like Salesforce Shield and WithSecure’s Cloud Protection for Salesforce.

    Object level security

    In Salesforce, an object is akin to a database table and houses data sets relevant to specific business functions. Historically, object access was controlled directly through user profiles. However, Salesforce now advises utilizing Permission Sets and Permission Set Groups for this purpose. This approach allows streamlined access management aligned with users’ roles.

    Field level security

    Field level security pertains to the access controls at the individual field within an object, similar to columns in a spreadsheet. This setup ensures that access to sensitive fields can be tightly controlled and varied between different users, depending on their job requirements. Administrators can configure these settings directly in user profiles or more dynamically through Permission Sets.

    Record level security

    Record level deals with access to individual entries within an object. Salesforce offers several mechanisms to manage this, such as:

    1. Organization-wide defaults: Set baseline access levels for all records within the organization.
    2. Role hierarchy: Enables users higher in the hierarchy to access records below them.
    3. Sharing rules and manual sharing: Facilitate lateral sharing within teams or direct sharing for specific records, ensuring collaboration without compromising security.
    Salesforce data protection has multiple levels of sharing

    External access and advanced cyber security measures on Salesforce

    While internal user permissions and sharing rules are critical, Salesforce administrators must also safeguard against external threats. These threats can arise from interactions with Salesforce solutions like Salesforce Experience Cloud, or through third-party applications connected via APIs. Salesforce allows the enforcement of permissions for APIs and apps similarly to internal user settings. It’s crucial to configure these permissions with the strictest settings possible to minimize vulnerabilities and prevent unauthorized access.

    Keep your data safe with Salesforce Shield and WithSecure™ Cloud Protection for Salesforce

    Even the most robust endpoint security strategies cannot guarantee complete immunity from sophisticated cyber threats. Criminals targeting your organization might mimic legitimate access – also on Salesforce. Salesforce Shield plays a pivotal role here by enhancing file encryption, adding a critical layer of security for data uploaded to the cloud, making it more resistant to unauthorized exploitation.

    WithSecure™ Cloud Protection for Salesforce takes security against external threats a step further by providing real-time defense against viruses, malware, ransomware, and phishing threats. It scans all content from files to URLs as it is uploaded to Salesforce, both at the time of upload and whenever a user interacts with the content. This proactive approach not only detects and blocks known threats such as commodity malware, but also uses advanced behavioral analysis to thwart zero-day attacks and emerging threats.

    Last piece of advice: secure every access point

    For enterprises utilizing Salesforce, protecting every point of access and every point of data interaction – both internal and external – is critical. WithSecure™ Cloud Protection for Salesforce complements Salesforce’s built-in capabilities and Salesforce Shield by offering an additional layer of real-time, proactive protection, ensuring your Salesforce environment remains secure against advanced cyber threats. This dual approach fortifies your cloud data against both conventional risks and sophisticated cyber attacks, whether they are coming through a customer support email, web form or your community portal. Your end-users are secured whether they use a laptop or a mobile device.

    For more information on optimizing your Salesforce security against modern cyber threats, get our free security tips ebook or conduct a free risk assessment (we promise it only takes a few minutes and requires no access to your Salesforce orgs).

Product

  • Book a demo
  • Product
  • Solutions
  • Customers
  • Pricing

Resources

  • Blog
  • Events & webinars
  • For partners
  • Compliance
  • Datasheets
  • Risk assessment

Company

  • About us
  • W/ Elements
  • W/ Consulting

Support

  • Support portal
  • User guides
  • Release notes
  • Product lifecycle

Social media

Terms of service

Privacy

Product privacy policy

Modern slavery statement

Cookies