Three Ways to Improve Security

Three Ways to Improve Security in your Salesforce Org

Your company has been hired to integrate Salesforce for its biggest client yet: the trillion-dollar company Carabiner Bank. But where should you begin? Carabiner Bank needs you to upload data such as bank account numbers, passwords, and security questions for millions of its clients. One wrong move and that data could be compromised. Which Salesforce security features can be used to build a safe and secure network?

As a Salesforce Admin, it is your job to ensure the proper people have access to the right information, but also keep sensitive information accessible to those who require access. To ease this task, Salesforce provides a number of important security features. There are many ways to understand Salesforce security features, but we find it important to focus on data access, auditing, and system access, or more specifically multifactor authentication. Let’s take a look at these three security concepts so you can ensure that your org’s data remains secure.

1. Understand the levels of data access

Before you can understand salesforce security features, it is essential to understand the framework of the Salesforce security system: levels of data access. Salesforce allows you to control user access at the org, object, field, and record levels. This table tells you everything you need to know to control user access at each level.

Org

Maintain a list of users who can access the org
Set org-wide password policies
Restrict where/when users can access the org

Object

Control who can view, edit, and/or delete records of a certain object

Field

Control who can view and/or edit any object record field. You can restrict users from viewing certain record fields, such as social security numbers, even if they have viewing access to the field’s record.

Record

Record level security is primarily used to control whose records a user can view and/or edit. This is done by using org-wide defaults and sharing rules in tandem:
Org-wide defaults are used to set default sharing levels for all users in the org. Org-wide defaults are the foundation of your security settings, as they outline the default restrictiveness of your org’s data. The next three record access security tools are then used to create sharing rules for groups of users as exemptions to the org-wide defaults. Therefore, it is essential to always set the org-wide defaults to the most restrictive level before increasing the level of record data access for certain users.
1. Role hierarchies are used to create a hierarchy in which higher roles are able to view the records of their subordinates.
2. Sharing rules are used to give certain users further access than that granted by the org-wide defaults
3. Manual sharing allows record owners to share their records with chosen users

Ultimately, the information in this table is essential in order to understand salesforce security features. Controlling data access is the crux of Salesforce security. Start there, and everything else will follow.

2. Audit system use

The next step to understand Salesforce security features is to learn auditing system use. Salesforce provides a way to monitor certain statistics for irregularities. Record edits, field edits, changes to your org's configuration, and login attempts can all be tracked. This information can then be used to look for unusual patterns or follow up on unexpected changes. For example, if a user has a habit of logging into the org at unusual times or from unusual places, auditing your system use will ensure you take notice. The following table shows certain categories of audit information and exactly what can be tracked within each category.

To properly understand salesforce security features, it is essential that you understand these auditing measures. Checking for irregularities in these data is vital to ensuring your org’s data isn’t being compromised.

3. Apply Multi-Factor Authentication (MFA)

To understand Salesforce security features, it is also important to understand how you can ensure you can verify your org’s users. For certain users with access to sensitive information, you may want to require more than a simple username and password. MFA requires users to provide a secondary identification source to verify their identity. The secondary identification source can be one of three things:

The Salesforce Authenticator App, which requires users to perform an action on their mobile device.
Third-Party Authenticator Apps, which provide the same functionality as the Salesforce Authenticator App; users must perform an action on their mobile device. Using a third-party authenticator can offer more flexibility depending on the needs of your company.
Security Keys, which are physical drives that users must plug into their computers to verify their identity, similar to how one’s ATM card is required to withdraw money. Without their personal security key, a user will not be able to access the org.

By requiring users to provide both something they know (a username and password) and something they have (one of the three identification tools listed above), you add an important extra layer of security to protect sensitive information in your org. For more information on MFA and how to set it up, check out this official Salesforce video.

Final Thoughts

Properly applying the levels of data access, auditing your org, and setting up MFA are essential points of learning for anyone who wants to understand salesforce security features and achieve maximum data security within their org. Salesforce administrators share a bulk of the responsibility for keeping a company’s sensitive data secure, and following these guidelines will ensure that you never compromise security. With this information, you’ll be able to take on any salesforce security task even one as daunting as Carabiner Bank. Happy Salesforcing!

Three Ways to Improve Security in your Salesforce Org

GET IN TOUCH