What are the real risks of using Salesforce?

For businesses, cyber security is a shared responsibility. Like many software-as-a-service (SaaS) providers, Salesforce builds excellent infrastructure security into its products and services. In line with its shared responsibility model, it also encourages the integration of premium security capabilities. These allow you to further tailor and enhance your security based on how your users and customers interact with the platform. 

It’s therefore the responsibility of businesses using Salesforce to implement the extra layers of security you need to keep your Salesforce platform safe from external threats. In other words, without automated defenses, the buck stops with your end users to determine which files and links are legitimate content, and which are the beginnings of a harmful cyber campaign from someone up to no good. This can be a challenge, especially if those end users are support agents, claims handlers or other specialists outside security field.

If you didn't know this—you're not alone. There have been recent reports of Salesforce misconfigurations that mistakenly let unauthenticated users access company information, as well as sophisticated phishing attacks targeting customer service departments with rogue links and document uploads in attempts to gain access to enterprise infrastructure.

But where does your responsibility begin, and Salesforce's security remit end? How can you be sure that you are fulfilling your duty—to customers and partners—to ensure the business-critical data flowing in and out of your cloud is not harboring corrupt and harmful content that could jeopardize the work of you and your team—and leave your operations exposed to cyber criminals?

Not knowing where this line in the sand is drawn is the real risk to your Salesforce operations. A lack of education across your users and the wider business—while a concern—is not uncommon and easy to fix.

Here, we discuss the common risks that fall to the business user to address and practical ways you can take ownership of your Salesforce security strategy.

Tackle the lack of awareness across business departments on the risks posed by Salesforce activity by making sure security enters the conversation right at the start of Salesforce projects. Oftentimes the risk comes from modules created by employees who have little knowledge and experience of managing security threats.

Meanwhile, CISOs may not have complete visibility on how Salesforce is being used in the organization—or the content that is being uploaded and downloaded—and believe sufficient security measures are already in place. This is how confusion and poor communication happen—which may not be an obvious problem until something goes wrong. Getting everyone on the same page—perhaps by setting up a cross-departmental taskforce—will ensure you’re best placed to configure your Salesforce instance in a way that ensures you tick the basic Salesforce security hygiene practices, as well as find the right tech-enabler to cover your side of the responsibility—i.e. to monitor and remove harmful content that lives rent free on your Salesforce platform.

The flexibility and ease of use of many consumerized SaaS platforms can create a misguided assumption that data entering your system has been subject to filtering before it arrives—much like we’ve come to expect from email servers, for example. Which isn’t the case. Others—perhaps in the IT team—may think relying on existing endpoint security is enough, that threats that have landed on your virtual servers can be tackled once they land on company hardware—the last line of defense, and arguably too late.

Organizations that are serious about security can get off the back foot by opting for a Salesforce-approved partner solution that can be simply integrated and offers that same level of flexibility and user experience, such as WithSecure™ Cloud Protection for Salesforce. The key thing here is to stop the content entering your system in the first place.

It’s time to embrace real-time visibility into your data, so that you always know what’s being stored on your system.

Our Cloud Protection for Salesforce gives you live updates into uploads and downloads happening in your Salesforce environment, giving you peace of mind that your data is clean and safe. You’ll get clarity on whether you have already unwittingly let malicious content into your databases, as well as continuous monitoring for new activity. If a threat is detected, our technology blocks it automatically. Admins are notified and given clear guidance on what to do next. Your IT team can respond quickly using our in-built, advanced analytics to determine the scale of the threat, getting to the root of the problem fast.

If you’d like to learn more, download our latest ebook