Salesforce Security Tips: The Dark Corners You Forgot to Check When was the last time you strolled down to your local office supply store and bought a box of software? When was…

Salesforce Security Tips: The Dark Corners You Forgot to Check

Michael Gleason

I spend my days (and nights) explaining how the strengths of the cloud - high availability, scalability, and interoperability - can help us overcome what is often considered its greatest weakness: security.


Salesforce Security - InfoSec


When was the last time you strolled down to your local office supply store and bought a box of software? When was the last time you downloaded an app?

The jury is in: there’s a fundamental shift occurring in the way humans obtain software. Businesses are gradually adopting more and more cloud applications, sanctioned or otherwise. At the same time, team leaders aren’t requesting software from IT – they’re seeking the quickest way to optimize the performance of their employees.

In nothing short of a business revolution, Salesforce CRM led the way. Statistics suggest the majority of the folks reading this already have Salesforce. It’s safe to say most of you trust that your data within the platform is safe – but have you considered the variable of user behavior? Here are the four places you may want to double check to ensure you’ve mastered Salesforce security.

Data Extraction Gone Wild

If you’re a Salesforce administrator, chances are you’ve received a request to terminate access for an employee. There’s a reason Salesforce access is cut off before an employee is let go – otherwise, they could export all kinds of information from the Salesforce environment, including sensitive data, as well as customer lists, and beyond. It’s important to not only cut access in time, but identify early indicators that someone is leaving. For example, a savvy employee may run a number of exports before even giving notice.

Whether it’s a soon-to-be former employee, or a malicious individual halfway around the globe, you’ll want to pay attention to any instances where users are rapidly exporting information – and you’ll want to detect it based on criteria you set (“x” number of report exports in “y” amount of time) as soon as possible.

The Chatter Surprise

Chatter inspires a huge boost to productivity and collaboration for Salesforce users. As a collaboration point that sees a high volume of usage in many organizations, Chatter receives a sizable injection of information on a daily basis.

To ensure comprehensive data protection throughout the entire Salesforce ecosystem, keep an eye out for sensitive data somehow landing in Chatter – you may find employee or customer information (PCI, anyone?), intellectual property, data regarding mergers and acquisitions, company financials, or that embarrassing photo from the holiday party – readily accessible. Surprise.

Don’t Forget the Sandbox

As an extension of your Salesforce production environment, Salesforce sandbox environments aren’t immune to user-driven security issues. Often populated via data migration or mirroring for the sake of testing, sandboxes may contain sensitive data. Additionally, it’s common for organizations to provide sandbox access to both internal employees and (less regulated) external third party contractors with administrative credentials. Naturally, this raises concerns around data security and compliance. As you build your security program, be sure Sandbox environments are a consideration.

Connected Applications

As the CRM platform of choice for many businesses, Salesforce is often set up to interact with many third party applications – such as DocuSign, Dropbox, and more. According to Bluewolf’s 2014 “State of Salesforce” annual report, 91% of companies have enabled at least one AppExchange application within their Salesforce environment, while nearly one in three environments have over five enabled. While this enables powerful inter-application workflows, such connectivity introduces a series of additional data entry and exit points. Arm yourself with knowledge by monitoring for third party apps, being mindful of the permissions they request and their risk / benefit potential on a case-by-case basis.

Ready for More?

If you’re looking to up your Salesforce security game, you may want to put your eyes on our eBook, “5 Things You Think You Know About Salesforce Security.” The guide covers the all-too-common misunderstandings administrators and security professionals may have about Salesforce security. Read the eBook to learn:

  • Easy steps to augment infrastructure- and platform-level security through securing user behavior
  • How you can balance the access benefits of Salesforce while protecting your sensitive data on the platform
  • Tips to manage the risk of data exposure – whether through insecure devices, third–party apps, or risky collaboration practices


Browser Not Supported

Your browser version is outdated.

We would recommend you upgrade to a recent version to ensure that you have a good experience on the CloudLock site. Outdated browsers also increase your security risk. So please update your browser and come back later!

Click on the icon below to download the latest version of your browser