Salesforce Security Best Practises

Recommended Security Best Practices

Implementing security best practices in Salesforce is crucial to protect sensitive data, maintain compliance with regulations, and safeguard your organization's reputation.

Salesforce Security

Multi-factor authentication (MFA)

MFA is a secure method of authentication where users must provide multiple pieces of evidence to log in. It can include a combination of username/password, security keys, or authentication apps. These apps generate unique codes for added security. Mobile devices can also use biometric authentication like fingerprint scans or facial recognition.

Implement precise access control using profiles and permission sets

Using profiles and permission sets in Salesforce is essential for implementing security controls to ensure that users have appropriate access to data and functionality within the system.

Profiles: Control access to objects by assigning appropriate object-level permissions to profiles. You can specify whether users can create, read, edit, or delete records for each object.

Permission Sets: Extend object-level permissions for specific users or groups by assigning permission sets. This allows you to grant additional access to certain objects without modifying profiles.

Secure password management policies: a must

A secure password should have a mix of uppercase and lowercase letters, numbers, and symbols, with a length of 8-10 characters. Salesforce suggests setting passwords to expire after 90 days. Also, enforce a password history policy that prevents reuse of the last 5 passwords.

Manage Password Expiration with Password Policies

IP Ranges and Session Restrictions

Salesforce IP ranges and session restrictions are security features that help control access to Salesforce instances and enhance data protection.

Salesforce IP ranges allow you to specify the IP addresses or ranges from which users can access your Salesforce instance. By restricting access to specific IP addresses or ranges, you can enhance security and prevent unauthorized access.

Session restrictions in Salesforce allow you to control various aspects of user sessions, such as session timeout settings and restrictions on concurrent sessions.

Shield Platform Encryption

Salesforce Shield Platform Encryption is a powerful feature that allows organizations to encrypt sensitive data stored within Salesforce. This encryption occurs at rest, meaning the data is encrypted while it's stored in Salesforce's databases.

Salesforce Shield Platform Encryption encrypts sensitive data such as Personally Identifiable Information (PII), financial information, and healthcare data.

Encryption occurs using industry-standard encryption algorithms, such as AES 256-bit encryption, ensuring robust security for sensitive data.

Audit Trails

Salesforce Audit Trails, also known as Setup Audit Trail, is a feature that allows administrators to track changes made to their Salesforce organization's setup configuration. It provides a record of changes made to critical settings, such as user permissions, security configurations, customizations, and more.

Event Monitoring

Salesforce Event Monitoring is a feature that provides detailed insights into user activity, API usage, and login events within a Salesforce organization. It offers administrators visibility into how users interact with the system, helping to identify security risks, optimize performance, and ensure compliance with regulatory requirements

Salesforce Data Security

Salesforce data security is critical for protecting sensitive information and ensuring compliance with regulations such as GDPR, HIPAA, and PCI-DSS.

Role-Based Access Control

Implement role-based access control to restrict access to data based on users' roles and responsibilities.

Assign profiles and permission sets with granular object and field-level permissions to ensure users only have access to the data they need to perform their job functions.

Apex Class and Visualforce Page Access

Control access to Apex classes and Visualforce pages by assigning appropriate permissions to profiles. You can specify whether users can execute or modify Apex code.

Grant additional access to specific Apex classes or Visualforce pages using permission sets. This is useful when users need access to custom functionality beyond what's allowed by their profiles.

Object-Level Security

Control access to objects by assigning appropriate object-level permissions to profiles. You can specify whether users can create, read, edit, or delete records for each object.

Extend object-level permissions for specific users or groups by assigning permission sets. This allows you to grant additional access to certain objects without modifying profiles.

Field-Level Security

Determine which fields users can view and edit within each object by configuring field-level security settings in profiles.

Grant access to additional fields beyond what's allowed by profiles using permission sets. This is useful when users need access to specific fields for reporting or data analysis purposes.

Record-Level Security

Implement record-level security mechanisms such as Organization-Wide Defaults (OWD), role hierarchies, sharing rules, and manual sharing to control access to individual records.

Configure sharing settings to ensure that only authorized users can view or modify specific records based on their role or relationship to the record owner.

Encrypted Fields:

Leverage Salesforce Shield Platform Encryption to encrypt sensitive data at rest, ensuring that it remains protected even if unauthorized access to the underlying database occurs.

Use encrypted custom fields or the built-in encrypted standard fields (e.g., encrypted text, encrypted email) to securely store sensitive data.


Salesforce References 

Choose the Right Salesforce Security Settings


Comments

Popular posts from this blog

Introduction to Salesforce Agent Script: Build Predictable AI Agents

Anti-Patterns in Salesforce Agentforce: What to Avoid When Building AI Agents

MCP vs. Traditional APIs: Choosing the Right Integration Approach