Ask a Salesforce Consultant

Data Security, The cloud, and Salesforce.com

Posted on 2015-03-21 13:52:05

Cloud computing blazed into the IT world as the red-caped, catchall savior from challenges faced by organizations both large and small. Limited budget, ease of access, user-friendly interfaces, flexible solutions for complex projects – cloud computing met the needs of just about every department. But with the highly-televised security breaches in the last few years (Home Depot, Target, WikiLeaks), the superhero seems to have revealed its kryptonite. The unfortunate repercussion of these security breaches is that consumers have become wary of using cloud technologies even though the they are, in fact, less vulnerable than other data storage options. In fact, no matter what security breach you are using, you should be aware of cyber threats and the ways to fight them off. For example, running Simulated Phishing Test can show if you are familiar with this threat and know how to act under the circumstances.

As the leader in cloud technology, Salesforce.com (SFDC) preemptively developed its product and services with data security in mind at all times, thus enhancing the strategy for ecommerce. With the invention of cloud services increasing along with concerns, consumers should feel comfortable knowing that SFDC continually adapts to trends in security. At Pracedo, we see the perceived vs. actual risk of cloud security to be an important topic that we want to address with our clients.

Like all data storage options, cloud computing is not exempt from vulnerabilities, whether malicious or accidental. But cloud-based storage is actually less at risk of security breaches than traditional storage, such as databases or fileservers. It is the perceived vulnerability that has so greatly affected the adoption of cloud-based storage solutions.

Vormetric recently conducted and released its 2015 Insider Threat Report by Atlanta Metro, revealing surprising and important insights about trends in data security. The report surveyed 818 IT professionals in the US, UK, Germany, Japan, and ASEAN.

According to the report, the actual risk of breaches to cloud storage is significantly less than that of traditional storage (36% compared to 47% respectively). And yet consumers perceive the traditional databases to be more secure. We believe this gap between perceived and actual risks is due to a lack of understanding about cloud technology in general, as well as a lack of understanding about security measures built into the cloud.

Cloud professionals, both designers and consultants, are responsible for bolstering consumers’ confidence in the cloud. As innovators, it is vital that we properly educate our clients to widen and strengthen the adoption of our technologies.

Other key findings from the Vormetric report:

• Perceived vulnerability and actual vulnerability did not align
• The top three locations by volume where company-sensitive data is stored and must be protected are: databases (49%), file servers (39%), and cloud service environments (36%).
• When asked about who posed the biggest internal threat to corporate data, a massive 55% of respondents said privileged users (system administrators, senior level management, etc.)
• The global survey results show that 56% of respondents will be looking to increase their security spend to deal with insider threats next year and the remaining 37% will be spending at least as much as they are now.

Pracedo consultants help both non-profit and for-profit clients develop and integrate a Salesforce.com (SFDC) solution that fits their unique operations. Like the companies and organizations surveyed in the two studies above, our clients also need the assurance that their data is secure.

As the cloud leader, Salesforce.com recognizes the rising concerns of data security. SFDC’s data security consists of three pillars: awareness, server and network security, and platform security.

Awareness:

Salesforce.com has a dedicated website to educate users on security: http://trust.salesforce.com. Here you can find best practices for setting up your SFDC platform, a list of the latest email and phishing scams, a data security webinar, and the list of privacy certifications and policies to which SFDC is compliant.

Server and Network Security

Salesforce.com physically secures data centers in the following ways:
• 24-hour manned security, including foot patrols and perimeter inspections
• Biometric scanning for access
• Dedicated concrete-walled Data Center rooms
• Computing equipment in access-controlled steel cages
• Video surveillance throughout facility and perimeter
• Building engineered for local seismic, storm, and flood risks
• Tracking of asset removal

Salesforce.com ensure network security in the following ways:
• Perimeter firewalls and edge routers block unused protocols
• Internal firewalls segregate traffic between the application and database tiers
• Intrusion detection sensors throughout the internal network report events to a security event management system for logging, alerts, and reports
• A third-party service provider continuously scans the network externally and alerts changes in baseline configuration

Platform Security

Within the Salesforce.com platform itself there are several levels of security and data access that are customizable to the needs of the business or organization.

The Vormetric report recommends that “all user groups with internal access to business systems should be monitored and the access to corporate data they have should be appropriate and no more than they need to fulfill their specific roles.” IMB encourages the same practices when dealing with cloud technology. Salesforce.com has a multitude of ways to achieve this security objective.

Organization-wide defaults set the base-line level of data access across the entire Salesforce.com instance, or in other words the most restrictive data access settings. From there you can open up data access as needed using several options including profiles, permission sets, field-level security, role hierarchies, and sharing rules.

Salesforce.com also addresses one of the concerns found in the Vormetric report: 55% of respondents said privileged users represent the largest threat to security. This means that the people with the most data access are perceived to be the most likely to exploit that data access. In the case of SDFC, the system administrator has access to all data within the organization. Restricting the system administrator is counter-intuitive to the development and management of a SFDC organization, so to address this concern SFDC has integrated the Audit Trail to monitor all activities executed by the system administrator.

Also within a Salesforce.com organization, activities executed by all other users can be monitored in several ways: field history tracking, debug logs, event monitoring, and through customized tools and integrations that don’t come with the standard SFDC editions.

You can learn more about Salesforce.com data security here.

What makes Salesforce.com the industry leader in cloud computing technology is that it anticipates customer needs ahead of time. The very structure of the SFDC platform lends itself to data security.

In the next post we will tell you about our business IT support in London. They help us to maintaine all communications. Stay tuned and read more here!

– The Pracedo Team

EMEA HQ

Address: Level 2, 70 Mark Lane, London, EC3R 7NQ, UK

Phone: +44 (0)203 510 0910

Where We Are

Our impact resonates globally as a Salesforce Summit Partner, with a vibrant presence in London (UK) and Amsterdam (The Netherlands). This footprint allows us to bring our innovative solutions and strategic partnerships  across continents. In these key cities, we leverage local insights and global trends to empower organisations worldwide, embodying our commitment to creating a lasting, positive change in the Salesforce ecosystem.

Our Services

Salesforce Consulting and Salesforce Implementation Specialisms

Salesforce Marketing Cloud, Salesforce Marketing Cloud Account Engagement, Salesforce Data Cloud, Salesforce Sales Cloud, Salesforce CPQ, Salesforce Service Cloud, Salesforce Einstein, Salesforce Revenue Cloud, Salesforce Nonprofit Cloud.

Industries we work with:

Technology, Media, FinTech, Built Environment, Education, Financial Services, Travel, Business Services, Manufacturing, Retail, Hospitality, Technology, Nonprofit and many more…

Terms of Use

Privacy Policy

About Pracedo,
Your Salesforce Summit Partner

We’re not just Salesforce Consultants; we’re innovators committed to boosting revenue with transformative solutions. We specialise in Salesforce Consulting, Salesforce Implementations, MuleSoft and custom integrations and Salesforce Managed Services. 

 

Our holding company, Ascendion is a global, leading provider of AI-first software engineering services, delivering transformative solutions across North America, APAC, and Europe. Headquartered in New Jersey, Ascendion combines technology and talent to deliver technical debt relief, improve engineering productivity solutions, and accelerate time to value, driving clients’ digital journeys with efficiency and velocity. Guided by “Engineering to the power of AI” [Engineering AI] methodology, Ascendion integrates AI into software engineering, enterprise operations, and talent orchestration, to address critical challenges of trust, speed, and capital.

Facebook-square Linkedin Vimeo-v Twitter Instagram

© Copyright Pracedo: Summit Salesforce Consulting Partner serving EMEA and APAC