Phishing is not confined to email but is a pervasive threat across our digital infrastructure. Salesforce, with its extensive cloud applications and public-facing nature, is emerging as a prime target for such cyber threats. Comprehensive phishing defenses should include Salesforce as an attack vector.
Phishing attacks have evolved but so have email defenses
While 41% of cyber attacks use phishing tactics, an alarming 26% of these attacks now exploit public-facing applications (like Salesforce), according to IBM’s report. Furthermore, 16% of phishing attacks misuse valid accounts.
Email, the traditional stronghold against phishing, has long been hardened through anti-malware and anti-phishing tools combined with consistent user education, with many providers offering built-in defenses and organizations adopting phishing simulation training. These measures have significantly heightened user vigilance and reduced the click rates on malicious emails.
How Salesforce becomes the entryway for cyber criminals
Salesforce serves as a central hub for diverse interactions across Sales, Service, and Experience Clouds, presenting multiple avenues for cyber threats. Each user interaction, whether from internal or external sources, could potentially introduce malicious content. Salesforce is vulnerable to the same types of attacks that have plagued email for decades.
Internal users frequently engage in routine activities like uploading documents and sharing URLs. For example, a sales representative might attach a contract embedded with malware in Sales Cloud, or a support agent may inadvertently attach a compromised troubleshooting guide in Service Cloud. Similarly, community managers in Experience Cloud might share links that lead to malicious sites.
The risk also involves unauthenticated users such as customers or potential leads who upload attachments in support cases or via Web-to-Lead forms. These necessary business interactions, if unchecked, provide easy entry points for cybercriminals.
Furthermore, authenticated users on Experience Cloud portals often share significant project files or access collaborative spaces, unintentionally spreading malware. The integration of APIs, which connects Salesforce with external systems like ERP software or tools like Slack, adds another layer of vulnerability. Each data transfer across these connections is a potential breach point.
Salesforce security falls short of email security standards
However, the security measures guarding Salesforce have not evolved at the same pace. There are no built-in anti-virus, anti-phishing, or basic spam filters that are standard in email services. This oversight leaves an obvious hole in cybersecurity strategies.
“Salesforce, often overlooked as an attack vector, presents a significant vulnerability in too many cyber security strategies,” notes Anssi Korpilaakso, Director of Sales and Business Operations at WithSecure™. “Our product backend has registered a steady increase in malware and phishing detections on Salesforce in the recent years.”
Salesforce users typically perceive Salesforce as a trusted tool, and are less likely to anticipate or recognize a phishing attack on the platform compared to email. This sense of trust is exactly what attackers who use psychological phishing schemes exploit.
Email: lessons for multi-layered Salesforce security
As cyber criminals continue to refine their strategies and target systems beyond traditional attack vectors like email, organizations must protect every entry point, including Salesforce. Learning from the widely adopted email security measures and applying these lessons to Salesforce helps fortify your digital infrastructure against dynamic cyber threats.
To tackle phishing effectively, you must adopt a multi-layered defense strategy that goes beyond email and encompasses Salesforce, your business critical platform. Here’s how you can start:
User training: Just as with email, the first line of defense is user awareness. Training users to recognize phishing attempts in Salesforce is crucial, as the platform’s familiar and trusted environment may lower their guard against suspicious activities. Although user education is important, you should not expect your Salesforce users to act as phishing detectives.
Integrate real-time threat protection: Given the lack of built-in anti-phishing and anti-malware features in Salesforce, integrating advanced security solutions that can provide real-time threat protection is essential. Solutions like WithSecure™ Cloud Protection for Salesforce offer tailored security measures that fit seamlessly into Salesforce, enhancing security without disrupting user experience.
What to consider when choosing the solution
When selecting a threat protection solution for Salesforce, you should prioritize efficiency, comprehensive coverage, and advanced detection capabilities that match today’s sophisticated cyber threats. Considerations for calculated decision-making:
Prioritize solutions that add minimal complexity and avoid vulnerable integrations, focusing on native, straightforward security layers.
Choose solutions that protect not only internal users but also mitigate the risk of malware spreading to customers and partners interacting with Salesforce by scanning uploads and downloads across various user types.
Consider the evolving nature of threats, such as documents that contain latent phishing links, which may turn malicious after being uploaded to Salesforce, and after the initial scan at the point of upload. Opt for solutions that provide real-time protection, scanning content like files and URLs during all user interactions, not just at the point of upload.
Ensure the solution offers real-time scanning and advanced behavioral analysis to detect embedded malware in seemingly benign documents, moving beyond traditional signature-based methods.
Select solutions that encompass all Salesforce entry points, including custom objects in addition to standard objects, to ensure comprehensive coverage.
Look for deep detection capabilities that can scan for malicious phishing links not only in text and emails but also within files, detect phishing links hidden behind QR codes, and identify zero-day malware in files as well as known threats.
WithSecure™ Cloud Protection for Salesforce eliminates risk of human error in real-time
Robust security measures equivalent to enterprise-grade email security help you experience the full potential of Salesforce without hidden risks. WithSecure™ delivers an advanced antivirus and antiphishing solution tailored uniquely for Salesforce. Developed in collaboration with Salesforce, WithSecure™ Cloud Protection for Salesforce meets the stringent requirements of highly regulated industries and government entities. You get real-time defenses against malware, ransomware, viruses, and phishing attacks, along with full security visibility for threat hunting and incident response. Multi-layer scanning ensures that every entry and touchpoint – from the Sales Cloud negotiations to Service Cloud interactions and Experience Cloud engagements – is covered.
Native integration ensures rapid deployment and comprehensive security without disrupting your existing Salesforce workflows.
Don’t let human error become your vulnerability in Salesforce security – especially when there are straightforward technologies to mitigate the risk. Whenever you are ready to take the next step, our team is ready to guide you in your Salesforce security.
BOOK A DEMO
Secure your Salesforce today
Tailored for high compliance sectors, our certified solution safeguards Salesforce clouds for global enterprises, including finance, healthcare, and the public sector.
Support from our experts with setup and configurations
Parking scams using fraudulent QR codes have been wreaking havoc in popular tourist cities across Europe and North America recently. Have you ever considered that malicious QR codes could infiltrate your Salesforce? Read on to learn what QR code attacks look like, why Salesforce is an attractive target for them, and how you can stop them.
The rise of quishing
It’s not long since Police Service of Northern Ireland (PSNI) Cyber Crime Centre, posted a notice about malicious QR codes in phishing attacks. Quishing, or QR code phishing, involves the deceptive use of QR codes to lure unsuspecting individuals into visiting malicious websites. There they are tricked to reveal personal credentials, or unknowingly download malware. QR codes are used for everything from restaurant menus to ticket validations. At the the same time, cybercriminals have found ample opportunities for exploitation. Distinguishing between legitimate and fraudulent QR codes is difficult for human eyes. Fortunately, there are preventive security technologies – now also for Salesforce.
Examples of quishing attacks in the wild
A typical quishing email might mimic an official communication from a known corporation. It can for example urge the recipient to scan a QR code to handle something urgent, like reset a password or verify an account.
Another method involves embedding a QR code inside a seemingly innocent message related to work processes like payroll or security updates. One of the recent examples targeted a major energy company in the US with a campaign that imitated a Microsoft security notification.
On the other hand, scammers have also found ways to abuse QR codes scams in public spaces. Such example is the recent QR parking scam in popular tourist cities across UK. The scam involves malicious QR codes, often placed on parking meters, that direct users to phishing websites. Unsuspecting victims enter personal information, including payment details, under the guise of paying for parking. As a result, they potentially face double trouble with both financial fraud and a parking ticket.
10,000 victims have already fallen for the said parking scam in a matter of two months. Therat actors have launched similar campaigns across Europe, United states and Canada. These scams often target tourists who are not familiar with the local parking apps, thus easier to deceive.
The quishing attack kill-chain
In the digital world, quishing typically begins with a QR code sent via email or text. The recipient then scans the code with a mobile device. The victim is then redirected to a harmful site.
The phishing site typically mimics a legitimate business resource, login page, or document portal. The page then prompts the employee to enter their credentials or download a file.
By entering their credentials, employees inadvertently provide attackers with access to their corporate accounts. Attackers can use the credentials to harvest sensitive information or launch an attack within the organization.
The process capitalizes on the established trust in QR codes. QR codes are handy to roll out covert operations. Quishing attacks are often harder to detect than traditional phishing attacks, or ones with the malicious link plainly imbedded in the message text. As these codes simply appear as nondescript, benign images, they bypass usual text-based URL scans implemented by most email and collaboration security systems.
QR code phishing tactics:
Integration in familiar platforms: Quishing often uses popular platforms to reach a broad audience, and to exploit trusted services and brand names to increase the success rate of attacks.
Sophistication in execution: By embedding malicous QR codes within messages, attackers can bypass conventional security measures which might not scan URLs embedded in images.
The psychological play: The decision to scan a QR code often happens impulsively, thanks to the established norm of their use in safe contexts. This impulsivity is what quishers count on, reducing the victim’s likelihood of pausing to consider the potential dangers.
What makes QR code phishing especially tricky on Salesforce
All in all, malicious QR codes pose a significant threat to enterprises, and when delivered through platforms like Salesforce, they can be particularly effective and damaging. Here’s why Salesforce is a lucrative vector for such attacks, and why you should secure your platform without delay:
High trust environment
Users view Salesforce as a trusted platform for daily tasks in sales management, and customer support. Employees are less vigilant about scrutinizing communications received through this platform, assuming a baseline level of security and trust. This trust can make QR codes sent through Salesforce particularly effective as employees may be quicker to scan them without suspicion. The scam itself could even leverage Salesforce’s brand identity. QR codes also employ common and seemingly harmless image types, decreasing suspicions.
Widespread use in organizations
Especially large enterprises use Salefsorce widely, which provides a broad attack surface. Malicious QR codes distributed through Salesforce can potentially reach a large number of users quickly, making it the attackers dream.
Mobile device engagement
Salesforce is frequently accessed via mobile devices, which aligns well with the nature of QR code scanning. Mobile devices are often less secure than desktops, with users typically having weaker security controls and being more prone to overlook security prompts when they are on the move. If bring-your-own-device (BYOD) is allowed, the mobile device may be a personal unmanaged device, with even weaker security measures in place.
No antiphishing blocking the way
While Salesforce offers robust security features, there are no antiphishing capabilities by default. There likely is no layer of protection in the Salesforce environment to detect or prevent the distribution of malicious QR codes, opening a pathway for the attackers.
You need more than awareness to prevent Salesforce QR code quishing
While educating users about the potential threats of randomly scanning QR codes is without a doubt important, true prevention requires a multifaceted approach:
Advanced threat protection: You should implement antiphishing security solutions that can recognize and examine QR codes within Salesforce uploads, analyzing the linked URLs for malicious content before they reach end users.
Regular security audits: Incorporating QR code-based phishing into routine security audits and risk assessments helps identify and remediate security gaps. Make sure to ensure that Salesforce is covered thoroughly in security audits.
Limit access privileges: Although Salesforce has enforced multi-factor authentication for MFA for internal users, it’s wise to limit access rights to what a user’s role requires, and follow the least privilege approach.
Update software and configurations: Ensure all integrations are updated with the latest security patches, and verify that your antiphishing scanning solution is properly configured to detect malicious QR codes.
Limit use of BYOD: Some of the biggest vulnerabilities lie when employees use personal devices outside corporate security measures to access phishing sites that harvest account credentials.
Educate Salesforce users: Continuously educate users about the risks associated with QR codes, emphasizing the need for vigilance even when using trusted platforms like Salesforce.
Block malicious QR codes on Salesforce automatically
You need a blend of vigilance and advanced security solutions to prevent covert phishing tactics like quishing. Luckily you can protect your data and Salesforce users from these hidden scams behind simple scans. WithSecure™ Cloud Protection for Salesforce scans malicious URLs in Salesforce text fields, behind QR codes and within uploaded documents. Our AntiQuishing feature was built as a response to a real-life phishing attack that our enterprise customer faced, where Salesforce was the target of malicious QR codes.
Protect your Salesforce environment against advanced ransomware and phishing attacks in real-time. Natively integrated WithSecure™ Cloud Protection for Salesforce is up and running in minutes.
Tailored for high compliance sectors, our certified solution safeguards Salesforce clouds for global enterprises, including finance, healthcare, and the public sector.
Support from our experts with setup and configurations
This time our threat landscape focus is on ransomware and its implications for cloud services, specifically Salesforce. With attackers increasingly targeting cloud services and public-facing apps, and a 366% increase in malicious file detections on Salesforce in Q2 2024 compared to Q2 2023, ransomware is not a threat to be taken lightly in any Salesforce security strategy.
Cyber threat landscape shifts toward cloud and SaaS exploitation
Cyber threat landscape is seeing an increased focus on the cloud. Attackers have recently leveraged legitimate file transfer and cloud services to facilitate their operations more and more. These services offer a low-key and cost-effective infrastructure which tends not to trigger security alerts as some more traditional methods might.
Symantec’s Threat Hunter Team has recently identified three new espionage operations utilizing cloud services and has uncovered additional malicious tools in development:
GoGra (Trojan.Gogra): Targets a South Asian media organization using Microsoft’s Graph API for C&C communications via email, encrypting messages with AES-256. Developed in Go, active since November 2023.
Firefly Tool: Used by the Firefly group to exfiltrate data from a Southeast Asian military organization. It searches for and uploads .jpg files (actually encrypted RARs) from System32, using Google Drive.
Trojan.Grager: Targets entities in Taiwan, Hong Kong, and Vietnam, using Microsoft’s Graph API via OneDrive for C&C. Distributed through a Trojanized 7-Zip installer, linked to the UNC5330 group.
MoonTag: A developing backdoor associated with a Chinese-speaking actor, noted for its use of the Graph API and discussed in a Google Group.
Salesforce and SaaS applications are targets of UNC3944 threat group
Salesforce and SaaS are becoming more prevalent in the threat landscape. Google Threat Intelligence has observed the activities of UNC3944, a financially motivated threat group that has been active since at least May 2022, and has recently targeted SaaS applications. Initially focused on credential harvesting and SIM swapping, UNC3944 has since shifted to primarily conducting data theft extortion, expanding their target industries and utilizing fearmongering tactics for access. They’ve adapted their methods to include theft from SaaS applications to attacker-owned cloud storage and have employed various advanced techniques to facilitate their attacks.
UNC3944 accessed Salesforce among other SaaS applications using stolen credentials facilitated by single sign-on systems. They conducted reconnaissance within these platforms, likely targeting data for exfiltration, and using third-party cloud synchronization tools like Airbyte and Fivetran to transfer data to external cloud storage.
Key Tactics, Techniques, and Procedures (TTPs) of UNC3944:
Social engineering: They have successfully manipulated corporate help desks using victims’ personal information to gain access to privileged accounts and bypass multi-factor authentication (MFA).
Abuse of SaaS permissions: UNC3944 exploited permissions in applications like Okta to broaden their access within targets’ systems, encompassing both on-premises infrastructure and cloud-based applications.
Virtual machine compromise: The group has created new virtual machines using administrative privileges obtained through SSO applications, using them for subsequent malicious activities and to bypass traditional security controls.
The use of cloud services by attackers is becoming a preferred method for maintaining stealth and managing cost-effective operations. The attackers are learning from each other, adopting successful techniques across various espionage and cybercriminal groups. Extensive coverage of cloud and SaaS environments in security strategies has never been more critical.
Disney moves away from Slack after a data breach of 1 TB – likely caused by a human error
In a major data breach, Disney experienced a significant compromise of corporate data, possibly due to vulnerabilities on an employee’s personal gaming computer. This breach led to the downloading of over 1TB of data through Slack, which resulted in the suspension of the platform for internal communications.
Our team doesn’t have the forensics data of the case, but some experts claim that the breach was not a direct result of flaws in Disney’s or Slack’s systems. Instead, it allegedly occurred because an employee inadvertently installed a malware-infected game modification. This malware, an Information Stealer, captured credentials and accessed Slack, where it exploited the employee’s compromised computer. The lack of Multi-Factor Authentication (MFA) on the password vault allowed attackers to access vast amounts of sensitive data easily.
Some experts suspect that the attackers were helped by an insider, and others that the breach was a result of a general lack of defensive mechanisms at Disney’s end.
A teenager leveraged Slack and stole details about unreleased GTA 6 from the gaming company Rockstar in 2022. The attacker was sentenced to life.
In 2023, another threat actor exploited access to Slack channels to initiate a malware attack on MGM Resorts, a major global casino and resort.
Almost half of ServiceNow KB instances leak sensitive data
A study by AppOmni revealed that over the past year nearly 45% of ServiceNow Knowledge Base (KB) instances were leaking sensitive data, including personal identifiers, internal system details, and live system credentials. The culprit of these breaches were outdated or misconfigured access controls. This is possibly due to widespread misunderstanding of KB access controls or replicating misconfigurations across instances.
Despite ServiceNow’s 2023 security updates aimed at restricting unauthenticated data access, many of these updates were ineffective for KBs, which often contain highly sensitive internal data. The company has responded by collaborating with customers so that KB access control misconfigurations are fixed.
The disruption has led to a sharp decrease in the number of victims, with reported cases falling to single digits. Despite these setbacks, there have been notable attempts to revamp their operations. For example. they have made experimental changes to their data leak sites (DLS) and updates to their DDoS protections. These maneuvers suggest a strategic recalibration aimed at evading detection and sustaining their criminal activities.
Despite significant law enforcement interventions, the Lockbit group’s ability to adapt and attempt to rebuild its infrastructure is indicative of the resilience and persistence of modern ransomware operations. These groups are quick to learn from interventions, often emerging more sophisticated and harder to combat.
Ransomware-as-a-Service is the business model of cyber crime in 2024
The disruption on major ransomware groups has led to a reshuffling of ransomware affiliates, gravitating towards established Ransomware-as-a-Service (RaaS) networks. RaaS is a subscription-based model that enables affiliates to use pre-developed ransomware tools to execute cyberattacks. Similar to software-as-a-service (SaaS) offerings, RaaS providers offer their malicious software on a rental or commission basis, providing updates and support.
All in all, the professionalization of ransomware operations through RaaS models presents new challenges for cybersecurity defenses. These models facilitate a lower barrier to entry for inexperienced cybercriminals and enable rapid scaling of operations. The attraction of RaaS platforms has flooded in new ransomware variants, correspondingly calling for layered defense strategies.
New threats on the block: new groups form as old dismantle
Our research team has also witnessed the rise of new players such as Cicada3301, SenSayQ, and WikiLeaksV2. Each group has demonstrated distinct patterns of targeting and victimology, such as targeting financial software companies and leaking sensitive health sector data. With this in mind, these emerging groups underscore the dynamic nature of the ransomware ecosystem. They continually evolve with new tactics and targets.
The group dynamics are in a constant flux. For example, from the total number of 67 operational ransomware groups our research team has tracked in 2023, 31 have not been operational in Q2 2024. Our team has seen 31 new ransomware groups in 2024. It’s unlikely that many, if any of these projects will survive.
RansomHub’s fast advancement and aggressive affiliate strategy
RansomHub, a new extortion platform operational since early 2024 and believed to be based in Russia, has quickly established itself by offering lucrative terms to affiliates, significantly impacting the ransomware affiliate market. RansomHub is disrupting the RaaS field by letting affiliates accept payment from the victims directly, before sending their share to the RansomHub. What’s more, by allowing affiliates to keep a major portion of the ransom and only taking a small commission, RansomHub has managed to attract experienced groups like ScatteredSpider and members of Lockbit.
RansomHub’s operational capacity, threat level and the number of victims have consequently increased. According to our research team, RansomHub is in fact currently the most active platform observed in the field. In the same fashion, ZeroFox accounts the platform to be responsible for 14.2 % of all cyber attacks in Q3 2024. The majority of victims are in North America (39.4%) and Europe (34.3%). Victims are across diverse sectors, for example manufacturing, retail, healthcare, technology.
At the same time, CISA, along with the FBI, MS-ISAC, and HHS, issued a joint Cybersecurity Advisory on RansomHub Ransomware. This advisory offers network defenders key details such as indicators of compromise (IOCs), tactics, techniques and procedures (TTPs) tied to RansomHub, drawing on findings from recent FBI investigations and third-party reports.
RansomHub has been using sophisticated EDR-killing executable tooling. It disables endpoint detection and response (EDR) software and gains escalated privileges on compromised devices, while designed to bypass several common anti-malware tools. The malware has been found in many formats such as EXEs and PowerShell scripts.
Real-life impacts of ransomware fallouts
Financially driven ransomware attacks can have notoriously severe impacts on victims. Overall, our research team has found that ransom payments and incidents remain higher in the first half of 2024 compared to previous years.
Dark Angels behind a record ransom payment
In early 2024, Zscaler and Chainalysis detected a monumental ransom payment of $75 million directed to a cryptocurrency wallet managed by the Dark Angels ransomware group. The identification of the victim was not disclosed as per standard reporting practices, but it is strongly suggested that the payor was Cencora, a Fortune 50 pharmaceutical company. Why so? Cencora publicly acknowledged a ransomware attack and data theft in February 2024, making them a probable candidate. The company, valued at $10 billion with annual revenues reaching $262 billion in 2023, found the payment necessary to restore operations and prevent further data leaks.
Further investigations reveal that the attack’s ramifications extended beyond Cencora. The company, along with at least two of its subsidiaries, reported stolen data to regulators, implicating a broader network of affected entities. In May, additional disclosures indicated that the data breach had impacted numerous major pharmaceutical companies including Pfizer, Bayer and Novartis, among others. These partners also experienced breaches connected to Cencora’s compromised systems, specifically through the Lash group subsidiary.
The sizable ransom from this single incident highlights Dank Angels’ impact. The strategy employed by Dark Angels suggests a focus on high-value targets – often termed “big game hunting” – which involves fewer, highly profitable attacks rather than numerous smaller-scale ones. It’s difficult to say whether Dark Angels have an intentional strategy of big game hunting, or if they just got lucky.
There were no major outages or operational disruptions reported (at least so far). However, the widespread effects of this attack, involving a network of companies with a combined revenue in the trillions, illustrate the extensive potential for damage and disruption caused by ransomware operations targeting major players in critical industries.
Japanese media giant’s market value plummets in the ransomware attack aftermath
Another example, the ransomware strike on Japanese media company Kadokawa Corporation served as a stark reminder of the broad and enduring impacts such attacks can have on businesses. The assault not only disrupted daily operations but also inflicted severe financial and reputational damage. Prior to the attack in early June, Kadokawa’s market value stood at approximately JP¥465 billion (USD$3 billion). Following the incident, its share price plummeted by 15%. Subsequently, this erased JP¥70 billion (USD$500 million) from its market capitalization. This significant drop in share price, which appears solely attributed to the ransomware attack, underscores the high stakes of cybersecurity in protecting not just operational capabilities but also financial stability and public perception.
Public health at stake
The National Health Laboratory Service (NHLS) of South Africa suffered a ransomware attack on June 22nd. The attack continued to disrupt services into July. This attack has been particularly critical as it hindered access to laboratory test results amid an outbreak of mpox disease. This incident demonstrates how significantly ransomware impacts public health and safety of citizens globally.
To pay or not to pay
Ransomware groups often aim to build trust with victims by promising data recovery upon ransom payment, giving false hopes that this will restore normal operations. Ransomware operators often brand themselves as ‘pentesters’ with the intention to appear professional and reassure victims about data deletion and decryption.
Despite this, the majority of organizations paying ransoms suffer subsequent attacks, often facing even higher demands than before. Cybereason reaserch claims that percentage of victims facing a second attack is as high as 78%.
Ransomware operators are unreliable and their assurances of not targeting victims again should not be trusted. Therefore, paying a ransom based on trust in these actors is not advisable. Acknowledging research that quantifies the deceitfulness of ransomware actors is crucial, as it together with prohibiting legislation significantly influences the ransomware landscape.
Salesforce security implications of the current threat landscape
The emergence of new ransomware groups and the evolving tactics suggest that Salesforce environments are likely to be increasingly targeted as an alternative to traditional and easier to detect vectors. In fact, we’ve detected a 366% increase in malicious files on Salesforce in Q2 2024 compared to Q2 2023.
For Salesforce, it’s important to stay vigilant against ransomware campaigns that leverage Salesforce as a channel for malware delivery or social engineering tactics to lure users to phishing sites. Besides human errors, novel campaigns can target vulnerabilities in cloud environments or through third-party integrations.
Salesforce security recommendations simply put
Constantly transforming threats require a layered and proactive approach to cybersecurity. No silver bullets. Because of that, we’ve compiled a comprehensive list of Salesforce security recommendations in light of recent cyber crime developments:
Auditing: Activate comprehensive auditing that covers cloud environments including Salesforce to identify and patch security gaps.
AntiVirus: Threat protection such as WithSecure™ Cloud Protection for Salesforce solutions at the entry-point such as Salesforce together with endpoint security will block the majority of file-based ransomware threats. Make sure that the solution has up-to-date threat intelligence source.
Employee training and awareness: Social engineering remains a significant threat vector. Training Salesforce users to recognize phishing attempts and other social engineering tactics is critical.
AntiPhishing: By implementing an antiphishing solution on Salesforce level, you can automatically stop phishing attacks. It’s important to go beyond traditional attack vectors like email.
Strengthened access controls: Enforce strict conditional access to mitigate credential compromise. Salesforce environments should adopt the principle of least privilege. Routinely audit permissions.
Third-party risk management: As Salesforce often integrates with numerous third-party applications, ensuring these connections are secure is essential to prevent ransomware spread or data leaks. You should choose security tools based on integration simplicity, preferring native solutions.
Data management policies: The revelation that Lockbit held onto data it claimed to have deleted is a crucial reminder of the risks involved in data handling and storage. You should implement robust data encryption, regular audits, and follow strict data handling and deletion protocols to minimize potential damage.
Limit BYOD: The breach of Disney’s Slack data resulted from a malware infection on an employee’s personal device – a reminder to limit allowing personal devices into corporate systems.
Extortion preparation and response: You should include Salesforce in incident response strategies. This means close collaboration between security and Salesforce teams, having secure and tested Salesforce backups and a clear communication plan for dealing with ransom demands.
Tailored for high compliance sectors, our certified solution safeguards Salesforce clouds for global enterprises, including finance, healthcare, and the public sector.
Support from our experts with setup and configurations
With Dreamforce 2024 upon us, WithSecure™ Cloud Protection for Salesforce is excited to announce customer and product milestones that underscore how we have become the leading trusted and natively integrated solution for securing Salesforce. We would not have achieved these milestones without the support of our customers and partners and, of course, Salesforce. And, speaking of Dreamforce, the Cloud Protection for Salesforce team will be at Booth 2005 to answer your Salesforce security questions regarding malware, ransomware, and other threats to your Salesforce instance.
Leading Brands Trust Cloud Protection for Salesforce
Joining the ranks of companies like Coca-Cola Bottlers, Southern Glazers and SiriusXM, Cloud Protection for Salesforce added 44 new customers in the first six months of 2024. “Even in this tough economic climate, Cloud Protection for Salesforce has delivered unmatched security and compliance protection for enterprise and public sector organizations,” said Lance Jacobs, Vice President of Cloud Protection for Salesforce. “Our customer growth reflects the surging popularity of the Salesforce platform as a core enterprise solution that is increasingly the target of nefarious threat actors. That is why an easy-to-deploy, easy-to-use security solution to defend from malware, phishing and ransomware attacks is in high demand.”
Learn more about Cloud Protection for Salesforce
“By using WithSecure for Cloud Protection, customers can satisfy their security obligations as defined by the Shared Responsibility Model,” said Juhana Autio, General Manager of Cloud Protection for Salesforce. “Our natively-integrated application stops cyber threats like ransomware and phishing in real-time. We scan Salesforce’s incoming and outgoing data for cyber threats, such as files and URLs. The WithSecure for Cloud Protection solution is up and operating in minutes, leaves customers’ customizations untouched, and keeps Salesforce running undisrupted. That is why over 200 enterprises and public sector organizations worldwide use Cloud Protection for Salesforce and why it is a recommended security solution by Salesforce.”
New Product Features Further Ease Salesforce Security
Cloud Protection for Salesforce works closely with Salesforce and customers to develop new mission-critical features and capabilities. New features are added every quarter. Here are some of the latest additions now available on Salesforce AppExchange:
URL Protection Within Files: Malicious links can lurk inside files, waiting to be clicked. WithSecure™ Cloud Protection for Salesforce detects and blocks malicious URLs hidden inside files uploaded to Salesforce.
QR Code Scanning: WithSecure™ Cloud Protection for Salesforce also scans URLs behind QR codes uploaded to Salesforce. QR codes pose a risk as they can lure users to access dangerous phishing sites with their mobile devices.
Shortened URL Protection: Shortened URLs are often a mask for risky content and can bypass traditional security controls. WithSecure™ Cloud Protection for Salesforce now uncovers and blocks these threats, ensuring that every link is verified, whether shortened for convenience or masking a threat.
URL Protection for Salesforce Custom Objects: URL Protection has expanded to include both Salesforce’s standard objects and custom ones. Custom objects, tailored to specific company or industry needs, are unique database tables that store organization-specific information. Now, Salesforce users can build custom workflows with enhanced security.
Presence and Demonstrations at Dreamforce 2024
Cloud Protection for Salesforce will showcase live demonstrations at Dreamforce 2024, booth 2005. Security experts and consultants will be available to discuss all matters related to Salesforce security and how Cloud Protection for Salesforce can address an enterprise’s Salesforce security requirements. Visitors can pre-book meeting times with Cloud Protection for Salesforce experts.
Additional Resources
Learn more about Cloud Protection for Salesforce, take a test drive and read user reviews on Salesforce AppExchange
Book a demo to see Cloud Protection for Salesforce live and learn how it can protect your Salesforce instance
Follow us on LinkedIn and read the Cloud Protection for Salesforce blog
In the wake of the fallout from the outage, IT teams are rapidly reevaluating their testing methodologies, incident response strategies and plans. Additionally, enterprises are rethinking the automated, manual and human oversight of code development, testing and deployment.
The CrowdStrike incident falls into the category of ‘unknown unknowns’—unexpected or unforeseeable conditions that represent a risk because they cannot be expected based on past experience or events.
A quick CrowdStrike recap: A single computer update took down computer systems across the globe
CrowdStrike is a cybersecurity company based in Austin, Texas, USA. It provides endpoint protection, threat intelligence and response services to customers of all sizes across many different industries. CrowdStrike’s core technology, the Falcon platform, stops breaches using cloud-delivered technologies that prevent malware and other attacks.
CrowdStrike has an outstanding track record and is an excellent company. Customers and competitors view CrowdStrike as an industry-leading, top-tier organization. Their impressive customer roster and global deployments underscore their success.
As part of a regular operational update on Friday, July 19, 2024, CrowdStrike pushed a configuration update for the Windows sensor to gather telemetry on possible novel threat techniques. Included in that update were changes to the Rapid Response Content, designed to respond to the changing threat landscape at operational speed. The Rapid Response Content update contained an undetected error, resulting in a Windows system crash. Detailed information about the error and the systems impacted can be found here.
The crash was not foreseen or anticipated based on prior events, nor was the resulting damage and inconvenience expected or forecast. The incident impacted at least 8.5 million Windows devices globally (though Microsoft now believes the number of devices involved was higher), causing major service disruptions across industries and geographies.
Early on during the incident, CrowdStrike took immediate action to remedy the situation, and they should be applauded for their rapid and transparent response to the crisis.
The biggest worldwide workstation shutdown
Even with their rapid response, CrowdStrike could not stop the avalanche of IT disruption that followed. WithSecure’s Chief Research Officer Mikko Hyppönen, quoted in Wired, said, “It’s the biggest case in history. We’ve never had a worldwide workstation outage like this.” According to insurer Parametrix, U.S. Fortune 500 companies, excluding Microsoft, face an estimated $5.4 billion in financial losses from the CrowdStrike event.
How can enterprises defend against “unknown unknowns” and mitigate cybersecurity vulnerabilities?
CrowdStrike has documented and made public the events that led to the incident. However, in the aftermath, enterprises everywhere are (or should be) evaluating their incident response strategies and plans, including:
Continuous, robust automated testing procedures and protocols with human and AI oversight
Incident Response strategies, plans and procedures:
Continual Learning and Adaptation
Ongoing testing and training
Securing Salesforce: Defending against the often overlooked ‘known knowns’
One lesson learned from this incident is that security teams must double down against the more obvious IT vulnerabilities and cover any existing gaps: The known-knowns.
For example, nearly every Fortune 500 organization uses Salesforce to manage customer relationships. However, many of those organizations assume that Salesforce takes ownership of all security aspects of their product offering. They do, but only up to a point.
The Shared Responsibility Model (SRM), used by most cloud providers, is used by Salesforce for securing Salesforce. This security and compliance architecture model delineates the respective cloud provider and customer responsibilities for securing the cloud environment, including hardware, infrastructure, endpoints, data, configurations, settings, operating system, network controls and access rights.
For example, Salesforce doesn’t scan incoming data for cyber threats – that’s your responsibility as the customer.
WithSecure Cloud Protection for Salesforce: Designed with and for Salesforce
WithSecure Cloud Protection for Salesforce is a native application that runs in your Salesforce environment. The app prevents malicious and disallowed content from entering your Salesforce environment via files, web links and email messages.
WithSecure Cloud Protection for Salesforce focuses on securing Salesforce to mitigate advanced cyber threats on Salesforce. It:
Provides real-time protection and instant visibility into your entire environment
Works seamlessly with your customizations and workflows
Fully complements the infrastructure security controls that Salesforce provides
WithSecure Cloud Protection for Salesforce is a highly certified solution. It meets the strict compliance requirements of modern enterprises and critical public sector organizations. Furthermore, It is an ideal choice for enhancing your Salesforce security. WithSecure Cloud Protection for Salesforce was designed for Salesforce, together with Salesforce.
While it may be impossible to defend against unknown unknowns, defending against the ‘known knowns’ and securing Salesforce is much easier. Get to know WithSecure Cloud Protection for Salesforce, or use the form below to contact our team to discuss your Salesforce security requirements.
BOOK A DEMO
Secure your Salesforce today
Tailored for high compliance sectors, our certified solution safeguards Salesforce clouds for global enterprises, including finance, healthcare, and the public sector.
Support from our experts with setup and configurations
Salesforce is designed to be highly customizable. There isn’t a standard configuration that works for all companies. Every organization uses the platform differently. In addition, there are more than 7,000 applications on the Salesforce AppExchange. In additiona, countless third-party APIs and plugins readily accessible online.
The platform allows non-technical users to easily create websites, forms, and chats that collect data and automatically transfer and process that information. This information can include text, URLs, media files, and links to business applications and cloud-based ‘community’ shared storage areas. With the level of data sharing often involved in a Salesforce environment, you would expect security to be built in, but this is not the case.
Your Salesforce data is not secure by default
Like all enterprise software as a service (SaaS), Salesforce operates through the ‘Shared Responsibility’ model for security.
It is up to each Salesforce admin team to ensure it is scanning the links and files submitted through forms and campaign websites, support chats and partner portals. Unfortunately, most business users are unaware of this responsibility and mistakenly assume the platform handles this critical task. Websites and shared storage spaces often lack even basic access controls, such as usernames and passwords.
Salesforce is a large attack surface. It is a tempting target for cyber criminals looking to launch phishing or ransomware attacks. Or to gain a persistent foothold on a corporate network, or simply to steal data. The flexibility and extensive integrations of Salesforce create an automated third-party supply chain that can quickly and easily grow out of control.
If your organization doesn’t properly protect itself, the sharing and automation features of Salesforce could result in you being responsible for infecting one or more of your partners’ internal networks with malware.
This can mean you end up dealing with expensive remediation, suspension of revenue-generating activities, or the loss of commercial and potentially personally identifiable data. Accordingly, Yyou could also be faced with possible compliance fines, as well the loss of customer trust and unwanted damage to your brand reputation.
Traditional security methods don’t work
You pay tens of thousands to secure your network, your email, and your endpoints. Why let attackers send the same malicious files through your unprotected Salesforce environment? Email and endpoint solutions will not protect it. Even CASB solutions that protects cloud-hosted services may not offer sufficient protection.
WithSecure™ Cloud Protection for Salesforce
WithSecure™ Cloud Protection for Salesforce offers a fast, user-friendly, and cost-effective solution for organizations in all industries. The tried-and-tested solution integrates with Salesforce workflows and customizations, scanning files and content in real time and automatically quarantining threats.
The solution was developed in partnership with Salesforce itself, which is using our tooling to tackle security issues. There are no deep integrations—it can be installed and up and running in minutes from the Salesforce App Exchange.
So, if you don’t know what’s going on in your Salesforce cloud, maybe it’s time to check it out. And if you’d like to hear more about how WithSecure can help you work safer in minutes—talk to us today.
Tailored for high compliance sectors, our certified solution safeguards Salesforce clouds for global enterprises, including finance, healthcare, and the public sector.
Support from our experts with setup and configurations
Your data, your problem: Your responsibility for securing Salesforce
Salesforce is used by customer-facing teams in over 150,000 organizations around the world to collect customer data, run campaigns, and close deals. Given it’s a SaaS platform, it’s easy to sign up and start using Salesforce for marketing and revenue-generation activities. But this is often done without the oversight of the IT department or security team.
Salesforce environments fall outside the protection of traditional security solutions, like email or endpoint security. The result is that criminals can upload phishing links and malware into websites, forms, chats, support emails, and community portals created in Salesforce to compromise a network or steal data. Because these are not scanned by the traditional solutions, those files and links can put customer and commercial data at risk.
Don’t let one malicious file ruin your business. Follow these five steps to work more securely with Salesforce:
1. Talk to your Salesforce coworkers and your security team
Most SaaS software operates under the Shared Responsibility model. That means that, while Salesforce secures the platform itself, the activity that takes place within your Salesforce environment is your responsibility to secure—it’s not safeguarded by default. As a result, links and content that are uploaded aren’t scanned for harmful files.
Better to plan proactively for a secure Salesforce than to have to react to an attack. Ask yourself the following questions: Who in the business is most likely to support you in raising your security concerns with the necessary stakeholders—and help you implement a solution?
The IT department is clearly a good place to start. Is the chief information security officer aware of the security issues? Get them onboard or create a small taskforce and identify an internal sponsor.
Train your Salesforce team on good security practices. Cybercriminals are constantly evolving attack vectors and methods. It’s essential for every organization to keep its workforce up to date with the regular cybersecurity training and good practices.
2. Find out where you are today
Take a Salesforce health check. What are the risks of your current and upcoming Salesforce projects? Creating forms that capture user-generated data is a great way of capturing data about your customers and their needs. But it’s also an opportunity for cybercriminals to breach your systems.
What Salesforce products is your organization currently using or planning to use? What data will be uploaded—and how? Where will that be stored and what will be done with it? What’s the potential fallout—both from a business risk and an operational standpoint?
Our free risk assessment tool can help you run this health check. It takes just a few minutes to complete and will give you a high-level report of the risks you face for each Salesforce product.
3. Talk to the Salesforce security experts
WithSecure’s experts are ready to advise you on how to get started securing your data in Salesforce. We developed an effective solution to secure Salesforce by partnering with Salesforce itself. This began when we started using the platform as our own CRM back in 2015. As a security company, we wanted our environment to be secure, so we built a solution ourselves—with strategic and technical input from Salesforce.
Today, even Salesforce is using the WithSecure tooling to tackle the same problem in its own solution. Connect with one of our advisors now to discuss your concerns and understand how you can reduce your risks.
4. Use a tried-and-tested technology solution
Whatever solution you try, make sure it has an established track record for reliability. WithSecure™ Cloud Protection for Salesforce delivers just such a solution. It works seamlessly in the background. It runs scans of links and files in real time—or on demand—with no disruption to Salesforce activities. In addition, it has zero impact on any customizations in your Salesforce environment. The solution has been around for several years and is tested, tried, and works for customers in all industries.
WithSecure™ Cloud Protection for Salesforce solution is available directly within the Salesforce AppExchange. It can be installed easily and integrates natively with Salesforce. There are no deep integrations—you can have it up and running in minutes.
5. Enjoy peace of mind
With WithSecure™ Cloud Protection for Salesforce in place, you can focus on running campaigns, closing deals, and growing your customer base with confidence using the full capabilities of Salesforce. Sales and marketing teams can innovate and experiment with new campaign ideas safe in the knowledge that company and customer data is protected.
Tailored for high compliance sectors, our certified solution safeguards Salesforce clouds for global enterprises, including finance, healthcare, and the public sector.
Support from our experts with setup and configurations
Your data, your problem: Your responsibility for securing Salesforce
To understand this risk, you need to understand how Salesforce security works and what all users need to take responsibility for. Salesforce has solid infrastructure security in place, but not all security areas are the cloud vendor’s responsibility, and are therefore not covered by the platform’s built-in capabilities. And care is needed: during 2023, WithSecure detected over a 700% increase in malicious files and URLs on Salesforce through monitoring.
A shared responsibility for security
Like most SaaS vendors, Salesforce uses the shared responsibility model for securing its platform. The principle is simple: the responsibility for securing Salesforce is shared between the vendor and the user. Salesforce is responsible for the security of the cloud service infrastructure, which includes the servers, compute, storage, and networks.
Your part of the bargain is to take ownership of securing the activity that takes place in the cloud. When your Salesforce is protected, so too is your business’s ability to maintain speed and to innovate. That means securing the files, links, text, and other content collected by Salesforce-generated forms and websites. This content is typically created and submitted by your customers or your partners.
Too many enterprise customer-facing teams assume that this content is scanned for harmful files and that their activity and data is secure, but this is not the case. In reality, Salesforce users are increasingly falling prey to cyber criminals who are using implementations of the platform to piggyback malicious files and links into corporate networks. If you don’t think you have a Salesforce security problem, then you do have a problem.
Traditional security methods fall short
The security industry has long provided solutions for traditional forms of cyber threat. Email and network monitoring software is ubiquitous in the enterprise tech stack. Endpoint solutions have evolved to deal with the nature of modern employment, with many users adopting a hybrid approach of remote and office-based working. So far, so good.
But Salesforce environments fall outside the protection of these solutions. The result is that criminals can upload phishing links and malware into customer-facing websites, forms, chats, support emails, and partner and community portals created by Salesforce in order to compromise a network. Because these are not scanned by the traditional solutions, malicious files and links can be opened by unsuspecting teams and put customer and other sensitive or commercial data at risk. In addition, Salesforce teams risk operational disruption in the event of a breach.
The results can be data loss, operational disruption, loss of sales revenue due to suspended campaign activity, fines for failing to meet industry compliance standards, loss of trust, and reputational damage. Customers naturally place a high value on the privacy of their data. Once that’s lost, trust is hard to rebuild.
Securing Salesforce in seconds
Taking action is easier than you think. Salesforce allows business users to easily engage with prospects and customers and experiment with new ideas. Engaging with the technical or security team around securing your Salesforce environment at an early stage, fostering good lines of communication, and developing safe security practices now will save pain and cost in the future.
Don’t let one malicious file disrupt your business. WithSecure™ Cloud Protection for Salesforce stops advanced cyber threats. You can run your digital business undisrupted—free from malware and phishing links. Get constant clarity of your content security status and see what is happening in real time. The bespoke solution is designed with Salesforce and can be deployed in minutes, providing instant protection and security visibility.
If you want to learn more about WithSecure™ Cloud Protection for Salesforce, reach out for a conversation—we’d love to talk with you about your current Salesforce risks and how we can help you manage them.
BOOK A DEMO
Secure your Salesforce today
Tailored for high compliance sectors, our certified solution safeguards Salesforce clouds for global enterprises, including finance, healthcare, and the public sector.
Support from our experts with setup and configurations
The recent attack at CDK Global, a software-as-a-service vendor for more than 15,000 car dealerships, is a clear reminder of the ever-present threat that cybercriminals pose. And, since many in the automotive industry are also Salesforce users, Salesforce security should be top-of-mind.
What happened to customers of CDK Global?
The cyberattack began on June 19. It caused widespread disruption at about 15,000 North American auto dealers that rely on CDK’s management software. Accordingly, the potential financial impact of this attack is staggering. Some industry analysts estimate the cost could reach up to $16 billion. Further, the disruption extends to all aspects of the automotive ecosystem, including repair services, supply chain, vendor payroll services, etc. It is a sobering reminder of the collateral damage caused by such attacks.
Details on the CDK Global attack have not been officially or publicly disclosed. However, many accounts suggest the company was subject to a ransomware attack. Ransomware can be delivered in various ways, with malware or phishing attacks being the most common vector. But here is what we do know about the sequence of events:
June 18, 2024: CDK Global experienced its first ransomware attack, resulting in the encryption of critical files and systems. Dealerships across North America lost the ability to track and order new parts, schedule service, and manage inventories. Dealers also reported they could not complete sales transactions or process payrolls.
June 19, 2024: CDK Global shut down its IT systems to initiate a system recovery. Then, during recovery operations, the company experienced a second cyberattack.
June 21, 2024:Bloomberg reported that the ransomware gang BlackSuit had demanded “tens of millions of dollars” from CDK and that CDK was planning to pay up.
June 24, 2024: CDK again announced it had restarted the restoration process.
July 4, 2024: Most CDK customers were back online. Many reported huge transaction backlogs that would take weeks to resolve.
It is unclear whether BlackSuit will use or attempt to sell the customer and business data obtained during the attack.
The CDK attack is a reminder to always invest in Cybersecurity
In the wake of the CDK attack, automotive industry influencers have called on dealers to review their IT and software application infrastructure. For example, Autonews ran an opinion piece that did not mince words: The CDK attack is a wake-up call for dealers. The message in the article is clear: Dealers must now prepare for business continuity management and make cybersecurity a strong priority.
Auto and truck dealers often rely on Salesforce to help manage their customer relationships, sales and service operations, and marketing campaigns. As such, Salesforce security should be top-of-mind for every organization. While Salesforce applies advanced technologies to secure its infrastructure to protect customer data, it acknowledges that cybersecurity is a shared responsibility. Thus, customers must further strengthen the security of their Salesforce instance.
Salesforce emphasizes that customers must take charge of anti-abuse, fraud detection, and prevention measures. Salesforce doesn’t scan incoming data for cyber threats – that’s your responsibility as the user.
While we don’t know the exact vector that led to the CDL Global hack, malware and phishing often lead to ransomware attacks.
WithSecure Cloud Protection for Salesforce: Designed with and for Salesforce
WithSecure Cloud Protection for Salesforce is a Salesforce security solution designed to mitigate the risk of advanced cyber threats on Salesforce. It:
Provides real-time protection and instant visibility into your entire environment
Works seamlessly with your customizations and workflows
Fully complements the infrastructure security controls that Salesforce provides
WithSecure Cloud Protection for Salesforce is a highly certified solution. It meets the strict compliance requirements of modern enterprises and critical public sector organizations. Furthermore, It is an ideal choice for enhancing your Salesforce security. WithSecure Cloud Protection for Salesforce was designed for Salesforce, together with Salesforce. Additionally, it is used and recommended by Salesforce.
Tailored for high compliance sectors, our certified solution safeguards Salesforce clouds for global enterprises, including finance, healthcare, and the public sector.
Support from our experts with setup and configurations
Meet your compliance requirements and control your Salesforce data location
Data residency is a critical consideration for organizations using Salesforce to ensure the security and compliance of their sensitive customer data. With Salesforce’s global reach, understanding where your Salesforce data is physically stored and the legal implications is key to mitigating both cyber and compliance risks.
What is the difference between data residency, data localization, and data sovereignty?
While these three terms are related, they have distinct meanings within the realm of data management and compliance. Data residency refers to the physical or geographical location where an organization’s data is stored, whether on servers, databases, or in data centers. Data localization is the requirement that certain data must be stored and processed within the country or region where it was collected, without being transferred outside of those borders. Data sovereignty is the principle that data is subject to the laws and regulations of the country or jurisdiction where it resides, regardless of the nationality of the person or entity that owns the data. Understanding the nuances between these concepts is crucial for organizations to ensure they are complying with relevant data privacy and security regulations.
What is Salesforce data residency?
Data residency refers to the physical location where an organization’s Salesforce data is stored, whether on servers, databases or in data centers. The country or region where Salesforce data resides determines the privacy laws, data sovereignty regulations and security requirements that apply to that data. For Salesforce users, data residency is especially important because Salesforce has data centers located around the world. Depending on your Salesforce org’s settings, your Salesforce data could be stored in the U.S., Europe, Asia or elsewhere.
Depending on the country’s legislation and regulations, these themes are often included:
Storage location: Many countries have laws that require certain types of data to be stored within their own borders.
Transfer restrictions: Some jurisdictions have requirements surrounding data transfer across borders. For instance, the EU’s General Data Protection Regulation (GDPR) stipulates that data can only be transferred out of the EU to countries that provide adequate levels of data protection.
Local access: Regulations may require that the local government or specific regulatory bodies have access to the data.
Privacy protections: Depending on the country, organizations may be required to provide specific privacy protections for the data they store, such as practices around data encryption, pseudonymization, or anonymization.
Data breach notifications: Some countries require that organizations notify the relevant authorities and/or the affected individuals in the event of a data breach.
Record keeping: Organizations may be required to keep records of all data processing activities.
Consent: In some cases, organizations might need to obtain explicit consent from the data subjects before storing or processing their data.
For example, in Australia and Singapore, there has been high demand from public sector organizations and private companies operating in regulated industries to have control over their Salesforce security data’s residence in the home country.
Why Salesforce data location matters?
There are several key reasons why Salesforce data residency is critical for security:
Legal compliance: Different countries and regions have varying laws around data storage, protection and privacy. Storing Salesforce data in compliance with local data residency regulations is mandatory to avoid legal issues and penalties.
Data privacy protection: Data residency rules exist to safeguard the privacy of individuals whose data is collected. Adhering to Salesforce data residency ensures customer data is handled securely and with proper privacy controls.
Reduced security risks: Storing Salesforce data locally within a country’s borders minimizes the risks associated with cross-border data transfers, such as unauthorized access, data breaches and data loss. Local storage is typically more secure.
Customer trust: Customers will have more confidence in a Salesforce-powered business that respects data privacy laws and stores data in accordance with Salesforce data residency requirements. This builds trust.
Business continuity: In the event of a disaster, having Salesforce data stored locally can enable faster recovery, as data centers in the affected region can focus on restoring service.
Best practices for managing Salesforce data residency
To ensure your Salesforce data is secure and compliant from a data residency perspective, follow these best practices:
Know where your Salesforce data is stored: Determine the specific data centers and regions where your Salesforce org’s data is physically stored. This information should be available from Salesforce or your Salesforce consulting partner.
Understand relevant data residency laws: Research the data residency, data sovereignty and data privacy laws that apply to your Salesforce data based on where it is stored. Consult with legal counsel to ensure compliance.
Implement proper data encryption: Use strong encryption to protect Salesforce data both at rest and in transit, especially if data is being transferred across borders. Leverage Salesforce’s built-in encryption capabilities, and make sure that third-party applications align.
Restrict Salesforce data access: Limit access to Salesforce data to only those employees and systems that require it. Use Salesforce’s robust user permissions and sharing settings to control data access.
Monitor Salesforce data activity: Continuously monitor Salesforce data usage, access and sharing activity to detect any suspicious behavior that could indicate a data breach or compliance issue. Leverage Salesforce’s security monitoring tools.
By following these best practices and partnering with a Salesforce consulting firm that prioritizes data residency and security, you can keep your Salesforce data safe and compliant no matter where it is stored around the world.
How WithSecure™ Cloud Protection for Salesforce helps you meet your compliance requirements
WithSecure™ Cloud Protection for Salesforce is hosted on AWS data centers. The solution runs on data centers in Europe (Ireland), USA, Australia and Singapore – and more countries will soon follow, including Japan and Canada.
You can fully control your data’s location, in other words, in which data center your data is processed. Data is strictly encrypted both during transit and rest. Data handling and security practices follow the strictest industry standards. Also, you don’t have to worry about any hidden hosting costs or efforts.
BOOK A DEMO
Secure your Salesforce today
Tailored for high compliance sectors, our certified solution safeguards Salesforce clouds for global enterprises, including finance, healthcare, and the public sector.