We’ve all seen it happen: just before a salesperson leaves an organization, they grab critical data from Salesforce. Both employee “stockpiling” of data – an employee diverting company assets to a personal repository – and Salesforce report exportation, are red flags that can have a significant impact on an organization’s data loss. Sensitive data, such as customer lists, intellectual property, or financial information, can fall into the wrong hands, be it a cybercriminal or a competitor. Make sure the situation is under control by establishing a data security policy and gaining visibility as to how, when, where, and by whom the policy is violated. Leveraging a cloud-based security solution is an easy way to do so as well as gain insight into what reports and data your Salesforce users are exporting. CloudLock for Salesforce allows admins to tune out the noise and focus on Salesforce report export incidents warranting additional investigation with increased levels of granularity in the policy engine. Through the Salesforce Event Log API, CloudLock admins can now customize policy criteria based on user location, export frequency, typical business hours, and/or Salesforce profile to policies relating to Salesforce report export.
- Location allows admins to whitelist a country, or series of countries, and subsequently flag report export events occurring outside of the prescribed locations.
- The Frequency criterion allows admins to flag report export incidents based on a given user exceeding a specified number of reports in a specified number of days.
- Admins are also capable of detecting report exports conducted by users outside of the admin-defined Business Hours.
- The Profile criterion enables admins to detect report exports made by users other than system administrators. In fact, admins can choose to define these parameters based on a large number of profiles pulled from Salesforce.
Policy violation instances, color-coded by severity, are shown on the CloudLock dashboard via the incident map. The map shows detailed data points that highlight specific incident areas across the globe. CloudLock admins are able to leverage powerful location-based awareness of report export incidents in their security activities. Zooming in to individual street-level data points allow admins to investigate a synopsis of the incident, which includes the event time, the user, the IP address, and the geographical location.
Building a report export policy takes seconds. Admins have the power to include any combination of the above parameters, allowing very tight policy construction with a high degree of fine tuning to surface incidents worth inspecting.
It’s 11:00pm on a Friday – do you know where your data is?
Contact us for a free security assessment to find out how secure your environment really is. We will review and audit your organization’s Salesforce, Google Apps and other SaaS application domains, as well as of the usage and consumption of third party applications connected to them to:
- Provide metrics, considerations, and recommendations that lead to the analysis
- Recommend actionable next steps for instituting Acceptable Use Policies (AUPs)
- Compare your Security Score to other customers