CRM systems have become irreplaceable tools for businesses, with millions of companies worldwide relying on platforms like Salesforce.com to help improve their business operations and customer relationships. This, however, comes with its own set of risks. The biggest risk involved here is that a single breach of data may result in serious damage to the service as well as its users. CRMs also continually collect and store large volumes of data, from business to customer information, most of which is bound by various regulations or compliance frameworks. A breach in data may have drastic consequences not only in the immediate destruction of data but also in compliance violations that could cripple the company in the long run.
Data breaches have become all-too-common in many tech industries; CRM software is no exception. To eliminate the risks for your company leverage Salesforce’s native capabilities, complemented by third-party solutions for data security when necessary.
This article describes the Salesforce Data Security Model applied to safeguard different information categories. Moreover, the features included in this model, recommendations on data storage, best practices in developing Salesforce applications, as well as a number of case studies for different use cases.
Salesforce and Data Security incidents
Data security is a problem for organizations big and small, and Salesforce isn’t an exception either, having its share of security incidents. Events like this always point to one important lesson learned: no platform, no matter how large and successful, can afford to be slack on security.
Salesforce Data Leak 2019: In late 2019, Salesforce experienced a data breach, wherein for a period of six months, the hackers had access to customer data. It was reported that they found this compromised database on the dark web.
Salesforce Data Outage of 2019: A data outage that occurred in 2019 due to some sort of error in the scripting, had accidentally granted higher permissions to several users. The aftermath was the suspension of some accounts and disruption of services.
With the data leakage or outage incidents that may occur, it’s crucial to focus on data security strategies to protect your company data.
The Salesforce Data Security Model
Salesforce’s data security measures are a set of systems and rules that make it more challenging for a customer’s data to be accessed by unauthorized users. This kind of goal might seem simple at first, but the sheer scope of operations for an average Salesforce environment does make it a lot more difficult than one could imagine at first.
To simplify the topic in question and make it more manageable, Salesforce has introduced its own approach to data security with four distinct levels:
Organizational Level Security
The “highest” possible security level that covers overarching data protection measures. One of the most fundamental goals of this level is to prevent unauthorized access to restricted information. Salesforce can use its Login Hours feature in order to restrict specific users from accessing the solution in a dedicated time frame each day.
Preventing a specific login IP range from accessing the environment or allowing it is within the range of Salesforce’s capabilities at this stage. Password requirement configuration and the addition of extensive security features such as Salesforce Shield (which will be discussed later in the article) are also a part of this security level.
Object Level Security
This security level is slightly “lower,” which offers it the ability to be a bit more granular with its restrictions and configurations. An “object” in Salesforce is a domain-level data set – the closest analogy would be a table or a sheet from Microsoft Excel or other similar solutions.
Object-level permissions allow administrators to restrict access to specific information, preventing the majority of users from opening or modifying the data in question. These permissions were set up via specific user profiles for a while before Salesforce’s implementation of Permission Sets was introduced.
Creating either a Permission Set or a Permission Set Group is the recommended action now, removing the need to manually set every single user’s permissions by hand. What you can do now is to set up rule sets, such as to allow everyone in the environment who has a specific job role to access the target information.
Field Level Security
Following the analogy mentioned above, a field in Salesforce is similar to a column in Excel. Being able to access a specific field in Salesforce does not provide the same user access to the entire file, offering even more flexibility and granularity.
Similar to the previous example, Salesforce does recommend using Permission Sets and Permission Set Groups to manage field-level access, but these kinds of permissions can also be set for every single user separately via their profile.
Record Level Security
The smallest entry of the four security levels, the record-level security, is the ability to restrict access to very small parts of the file, such as a single row of information from a large spreadsheet. Both object-level and field-level permissions make it possible for users to create new records and modify existing ones. However, this kind of approach would not be particularly useful in collaboration, so Salesforce can provide four different methods of record management capabilities to its users:
- Company-wide defaults refer to the most basic approach to record permissions: all users in the company have the same level of access to the record except for its owner.
- Role hierarchy implies the creation of a priority list for different positions in the company, with the users that have a higher hierarchy level having complete access to all records made by users placed below them.
- Sharing rules are another method of information exchange that revolves around public groups – making it possible for each user to share all of its records with the rest of the group.
- Manual sharing specifically covers individual record sharing with a single other person; it is only useful in specific situations and would be very tedious to perform in large teams.
Primary Measures of Salesforce Data Security
With that being said, permission management is not the only security measure Salesforce can offer. In fact, the total number of built-in security capabilities in Salesforce is surprisingly high, and we are going to try and go over most of them below.
First of all, it is important to understand what Salesforce has to do per its agreement with all clients and what is left for the end user to work with. The Shared Responsibility Model that Salesforce uses is similar to how a lot of cloud-based solutions in different fields operate.
Salesforce is responsible for protecting its own platform and the underlying cloud infrastructure, including both hardware servers and software applications that help the platform work as intended. It is also up to Salesforce to maintain compliance with regulations and industry standards both at the platform level and the infrastructure level.
That is the extent of what Salesforce has to do; the rest of the security matters are completely in the hands of the end user – including data backup and recovery, user access control, data management, compliance management (in cases where the platform itself does not cover a specific regulation or industry rule, such as PCI DSS).
Now that we have gone over the topic of the shared responsibility model, we can finally cover the most noteworthy elements of the Salesforce Data Security Model.
Salesforce Health Check
Salesforce Health Check is used to answer the question, “Where do I start?” in terms of security vulnerabilities. It is a useful tool that can help users analyze their Salesforce environment for potential issues and offer ways to resolve them all.
The ability to customize the stringency of the analysis is what makes it incredibly useful as a part of the SFDC (SalesforceDotCom) security model, offering plenty of insight into each company’s environment with the potential resolutions to these issues.
Role-Based Access Control
RBAC is a well-known data security concept that provides customizable data access restrictions at scale. It relies a lot on different user roles that are used to determine the responsibilities and access levels for each user group.
The topic in question mirrors a lot of what we already covered before – a hierarchical approach to the organization’s structure, different data access levels, and so on. This system can be highly useful when configured correctly, but finding the balance between security and flexibility can be somewhat challenging in many environment types.
Data Encryption
It would be difficult to find a modern security system that does not use encryption in some way. Encryption itself has become one of the cornerstones for data security at this day and age, making sure that sensitive information cannot be accessed even if it was stolen or somehow misplaced.
Encryption efforts tend to differ depending on the state of the data itself. Encryption at rest is made possible by various encryption algorithms such as AES, while encryption in transit can be implemented by using dedicated data transfer protocols (HTTPS). Salesforce offers two different encryption levels, one of which is only accessible as a part of the Salesforce Shield feature set.
Data Masking
A security technique that is slightly less common than the ones mentioned above is data masking – a way of obfuscating sensitive information by replacing it with realistic-looking fictional data. It is a very useful practice for financial details, confidential business data, PIIs, and any other data type that needs to be protected in multiple ways without affecting its part in the company’s day-to-day operations.
Salesforce Data Mask is a native solution for this exact purpose, offering the ability to replace sensitive information with masked or anonymized values when necessary. It can be used in training, testing, and development environments while also providing several different approaches:
- Pseudonymization is used to alter the information without disrupting the original structure, such as replacing real names with fake ones.
- Anonymization is completely replacing sensitive information with unidentifiable random values.
- Deletion might seem like an obvious option, but it is also considered a part of data masking – setting the value of sensitive information to blank to eliminate any exposure risk.
Data masking acts as another layer of security that decreases the risk of data exposure without disrupting the consistency of the information and also helps with compliance matters.
Salesforce Shield
Salesforce Shield is supposed to be a combination of advanced security measures with the primary goal of enhancing Salesforce’s existing capabilities. Shield has several primary capabilities it can offer:
- Event Monitoring, which includes extensive log creation and the ability to perform a thorough security analysis based on the information gathered. These records can also greatly assist with meeting the audit trail requirements in specific compliance frameworks.
- Transaction Security, providing real-time threat detection with the ability to change and fine-tune them when necessary with completely custom policies.
- Advanced Encryption, unlocking support for a larger number of data forms than in the original Salesforce, including files, fields, attachments, etc. This feature also covers key management, offering the ability to store customer-managed keys in external hardware security modules.
- Field Audit Trail, an elaboration on the topic of extensive audits with the ability to track data changes over time with up to 10 years of history, if such requirements are necessary for data governance or other purposes. All of the retention limits can be freely customized to satisfy all of the necessary compliance frameworks.
Salesforce Identity
Salesforce Identity is another helpful solution in the context of information security, which can offer extensive user authentication capabilities with plenty of customization and added features. It is an Identity and Access Management tool tasked with improving information security while also simplifying the process of user identity management.
Single Sign-On is one of the primary features of Salesforce Identity, making it possible to use the same combination of credentials to access multiple services and applications, including both built-in and third-party ones. It works with various communication protocols, such as OAuth 2.0, SAML, OpenID Connect, and so on. The status of Salesforce Identity as both a service provider and identity provider makes it easy for the solution to be integrated with other similar products from Google, Microsoft, Okta, etc.
Multi-Factor Authentication is another helpful feature of Salesforce Identity, providing an extra layer of security by creating a requirement for two or more verification factors to be used for logging in – be it passwords, hardware tokens, software tokens, etc. Salesforce has a dedicated Authenticator app for this exact purpose while also supporting other MFA providers on both the software and the hardware side – YubiKey, Google Authenticator, Microsoft Authenticator, etc.
Other notable features of Salesforce Identity include:
- My Domain (custom branded login pages)
- Identity Connect (seamless integration with Microsoft AD)
- Centralized user management
- RBAC permission management
- Monitoring and auditing, etc.
Best Practices for Salesforce Data Security
It would be easy to see how a wide range of existing measures and capabilities can make it look like the Salesforce system is completely secure if all of these measures are implemented. Unfortunately, that is not the case, and there are still plenty of potential attack vectors and other inconveniences that have to be taken care of before they can be exploited in some way.
The list below includes some of the most commonly used best practices for information security in Salesforce:
Conduct Regular Audits
Regular security audits should be able to locate most, if not all, of the potential security issues and vulnerabilities in your system. The aforementioned Health Check tool is a great start, although there are multiple other examples that can also be useful in their own way:
- Apex PMD Tool
- Salesforce CLI Scanner Plug-in
- Checkmarx Code Scanner
- Clayton.io
Train Staff on a Regular Basis
All of your staff should be aware of how destructive data breaches are and how important security awareness is in a modern tech environment. Try to mix basic recommendations about strong passwords with common security pitfalls and the most popular attack angles for phishing scams. All of your security policies should be reviewed and updated on a regular basis to ensure the highest possible level of both security and awareness.
The lack of proper security training in place dramatically increases the risk of sensitive information being compromized through either actions or inactions of the end user. Uninformed employees are going to have a much easier time discerning phishing attacks and other social engineering practices from genuine messages.
Surprisingly enough, there are plenty of solutions and platforms that can provide extensive training and simulation capabilities to simplify the aforementioned processes. The most common examples of such software are:
Perform Penetration Testing
Malicious actors are not the only ones that can perform cyber attacks on your environment. Penetration testing is the same process but conducted by a trusted third party, making it possible to find potential weak spots in your security system and close them before real criminals can abuse them.
The lack of penetration testing or some other kind of vulnerability analysis makes it significantly more difficult to find vulnerabilities in your environment before they can be exploited by someone with malicious intent. The sheer variety of potential weaknesses makes it challenging to find them all without performing these tests – since practically anything as simple as a misconfigured security setting might be the gateway into your system for a cybercriminal.
Nessus can be used to scan the system for vulnerabilities, Burp Suite performs extensive security testing for web applications, and OWASP ZAP does the same while being completely open-source. Of course, this is far from a complete list, but it should be enough to provide an understanding that there are plenty of options to scan your system for weaknesses, including both third-party options and built-in solutions.
Review Existing Permission Configurations
As we have mentioned multiple times by now, permission configurations are extremely important in an environment such as Salesforce. It should be reviewed and updated on a regular basis to reduce the possibility of permission mismanagement or other potentially malicious errors in this field.
Excessive privileges might not seem like a big problem in itself, but it opens up opportunities for a surprisingly large number of different attacks. Not only do the over-privileged accounts now have an increased chance of accidental data misuse, but it also makes these accounts prime targets for external attacks while simultaneously increasing the potential damages of an insider threat.
The permission review process can be conducted by both internal and external tools. The aforementioned Salesforce Health Check is one such solution, and there are also many other alternatives to choose from:
Monitor Your Environment for Signs of Unusual Behavior
Real-time analysis and monitoring capabilities are the best possible way to detect anomalous behavior and prevent various cybersecurity incidents before they can steal or compromise sensitive information. The aforementioned Salesforce Shield is a great solution for this recommendation – with detailed activity logs capable of providing extensive visibility into user activity within the platform, as well as security analytics capabilities to inspect activity logs for signs of security breaches, unauthorized access, and other anomalies.
Failure to monitor the environment for signs of unusual behavior leads to an increased probability of many different event types, from unauthorized access to malicious activity, security breaches, and more. The lack of proper monitoring drastically limits the company’s ability to respond to threats while also providing attackers a lot more time to steal or manipulate sensitive information.
Solutions such as LogRhythm or Splunk work well as third-party alternatives to Salesforce Shield when it comes to performing continuous monitoring over a Salesforce environment.
Set up a Detailed Backup and Recovery Strategy
Information is an incredibly valuable resource for any organization, and it is very difficult to have any kind of business continuity without a proper backup and recovery system in place. Backups can serve as the means of preventing not only malicious cyber attacks but also reverting accidental data loss, data corruption instances, and more. The ability to recover information within a specific time frame is also a part of multiple compliance frameworks, be it FINRA, HIPAA, GDPR, or others.
Salesforce does not offer any built-in backup solutions, but it does have some services that can assist with data exporting, at the very least. Salesforce Data Export Service makes it possible to export Salesforce data as a set of CSV files, manually or according to a pre-defined schedule. However, it does not include metadata and can only be performed once a week (or once a month for non-enterprise users), which makes it less than ideal.Luckily, there is a large market of third-party Salesforce backup tools that offer extensive backup and recovery capabilities with different backup types, granular restore, in-depth configuration, and more. There are plenty of different options to choose from, including both solutions that specialize in Salesforce data management tasks, such as GRAX or software that can offer a boatload of other features alongside Salesforce compatibility, such as Druva or Veeam.
Is Your Salesforce Data Secure?
Ensure protection of sensitive Salesforce data easily with GRAX.
Manage Your Salesforce Code Correctly
Since application development can be a substantial part of many Salesforce environments, appropriate code management should also be a top priority for such users and companies. The code in question should only retrieve the data it needs from client sites, and all of the user credentials should be stored with the appropriate security measures.
Software such as Clayton.io can also be useful in identifying various code vulnerabilities, and the principle of least privilege should be commonplace in all of your development efforts.
Noteworthy Security Recommendations for Salesforce App Development
Since Salesforce App Development is a noteworthy topic in this context, we would like to dedicate another section of the article to code-related threats. Salesforce makes it possible to create Visualforce or Apex pages using Lightning Platform, among other use cases. Some of the most common aspects of application development that are important in the context of information security are:
SOQL Injection
SOQL is a database query language that Salesforce uses to perform certain actions. If an attacker is capable of modifying unvalidated user input queries for malicious intent, it leaves the potential for malicious actions to occur. Salesforce offers a separate web page dedicated to recommendations on how to avoid SOQL injection opportunities during the development process.
Cross-Site Scripting, or XSS
Applications that use dynamic web page content have the potential to compromise user interactions with security attackers, opening opportunities for malicious code execution, session control, and more. The issue itself is made worse by the fact that XSS does not rely on user action or authentication to activate, making it genuinely terrifying for the end user. Luckily, such scenarios can be excluded when following Salesforce’s strict guidelines on how to avoid such attacks from being launched.
Cross-Site Request Forgery, or CSRF
Most CSRF attack angles follow the same process as XSS – a dynamic web page content that opens up opportunities for the end user to be compromised, with the possibility of causing plenty of issues as a result. The primary difference between the two is that CSRF relies a lot more on user interactions to begin with, meaning that its capabilities are often limited to what the user is going to do before realizing the issue. Salesforce attempts to avoid such attacks by using anti-CSRF tokens and several other measures outlined in a dedicated Salesforce article.
Salesforce Security Tools and Practices for Developers
Aside from the potential attack angles mentioned above, Salesforce developers should also be aware of several other best practices and recommendations when it comes to coding and data sharing. For example, the Salesforce Security Scanner is a convenient way to look for different cases of insecure data handling, XSS injections, SOQL vulnerabilities, and so on.
It is also recommended that various security-related tools, such as Salesforce DX, be integrated into the development process to simplify the development process and have the ability to review code for security issues on a constant basis.
Custom Apps and Data Access
Other potentially useful recommendations include delicate control over sensitive data access in custom apps, which can be managed using everything we mentioned before – sharing rules, permission sets, profiles, and so on. All custom applications should enforce data access controls and respect user roles to decrease the probability of unauthorized data manipulation.
Hardcoded access permissions should be avoided in favor of Salesforce’s security model, which is much more flexible and versatile. These custom applications should also follow all of the organization-wide defaults and sharing restrictions, if there are any, to ensure consistency in the data security process.
Integration Security in Custom Apps
Custom applications do not have to stay within the borders of Salesforce, either. There are plenty of opportunities to be found in third-party app integration, but these processes should also be implemented with all the necessary precautions in mind. This includes API access limitation with the principle of least privilege and the adherence to secure encryption protocols such as TLS. Monitoring API calls on a regular basis to look for signs of abnormal activity is also a good idea.
Salesforce API access can also be provided within reason – you can implement OAuth 2.0 to simplify the logging-in process while also limiting the scope of the API access to avoid unnecessary permissions.
Security Testing in Custom Apps
The aforementioned security testing and monitoring should also be applied to custom apps, including both code analysis and penetration testing. Apex PMD and Checkmarx would do a great job in finding various code vulnerabilities when set up correctly. Even your CI/CD pipelines should incorporate security testing as a part of the workflow, to ensure that no code is deployed without going through a rigorous security validation process. That way, vulnerabilities can be caught and resolved early instead of being found post-deployment in a data breach of sorts.
Conclusion
Information security is one of the biggest considerations for any business in the modern world. Companies operate and process massive amounts of data continuously; a significant portion of this information becomes sensitive or valuable for one reason or another. The protection of this information without sacrificing a degree of flexibility in the existing workflows is an equally important concern for Salesforce and its clients alike.
Salesforce is responsible for the protection of infrastructure and the integrity of the platform, while Salesforce customers are themselves responsible for protection of the data of end-users since it is a function the clients should be managing themselves.
Thus, periodic revision of security strategies within Salesforce is crucial as a means of preventing data breaches in whatever form they occur. You can secure your Salesforce data now by following our recommendations in terms of best practices and security tools discussed above. The enhanced security model is just a few steps away.
Keep Your Salesforce Secure and Accessible
Explore demo to discover enhanced Salesforce security from Grax.