13 Essential Steps to a Secure Salesforce Environment
Salesforce has been so successful that we tend to forget what a breakthrough it was when it debuted 25 years ago. At the time, people were skeptical that they could get enterprise-grade functionality on a browser. They were mistaken.
As the leading customer relationship management (CRM) platform, Salesforce is a testament to the innovation and agility SaaS apps bring to businesses. However, there are still risks, particularly when it comes to security.
39% of companies that use SaaS have experienced data breaches. Salesforce’s extensive integration capabilities, massive partner marketplace, and customization through purpose-built programming languages further exacerbate its cyber vulnerabilities.
Why you need to invest in Salesforce security
Salesforce is a highly professional organization that takes security seriously. However, the platform embodies several vulnerabilities, some of which are standard for SaaS and some particular to Salesforce. CRM apps like Salesforce hold sensitive data such as customers’ personally identifiable information (PII), financial details, and geolocation. Failure to secure SaaS data increases the risk of it being compromised by malicious actors and insiders.
This problem is not different from what happens with other SaaS apps, but Salesforce’s deployment is usually so broad and interconnected in an organization that it amplifies the risk. Likely, every sales, marketing, and customer support person and their respective managers have access to Salesforce. That’s a large number of accounts that attackers can hijack. Plus, any extra person accessing this data increases the risk of insider threats.
Salesforce security should, at a minimum, be part of your SaaS security best practices. However, Salesforce deserves extra attention because of the potential business impact of a security incident in this app.
Salesforce customers like Ohio’s Huntington Bank and the State of Vermont are dealing with the reputational fallout and expense of data leakage from the Salesforce Communities they set up. Securing your Salesforce app can prevent large-scale data breaches that often result in reputational damage, financial loss, and legal consequences.
The most common security risks of Salesforce
Custom code vulnerabilities
Salesforce customers can create custom-coded functions with its Java-like Apex programming language. Apex enables developers to build apps that call on the Salesforce backend database. While useful, Apex classes potentially expose sensitive Salesforce data to unauthorized database calls through its application programming interface (API). This is of particular concern if Apex is configured “without sharing,” a setting that ignores the user’s permissions, allows access to records, and offers the ability to change them.
Configuration weaknesses
You can configure Salesforce in ways that expose data to overly broad access. For example, the Salesforce Community module, which enables customers to set up public sites for their customers, can be configured to allow database access for guest users. Done wrong, this can easily lead to serious security misconfiguration vulnerabilities that facilitate data leakage.
Integration risks with third-party applications
Salesforce is usually integrated with email systems, enterprise resource planning (ERP) platforms, and accounting systems, making it a gateway for attacks. The platform integrates with thousands of applications, many created using Salesforce developer tools and APIs. As a result, the potential for improper access and malicious activities on the platform is extremely high.
Social engineering attacks
This threat is not unique to Salesforce. However, the breadth and scope of the app in most organizations makes it vulnerable to hackers who impersonate work colleagues to pry loose access credentials, commit account takeover and other data from unsuspecting users.
API vulnerabilities
Salesforce publishes numerous APIs that give other applications access to data and functionality on the Salesforce platform. While beneficial in business terms, the APIs create risk. One example is problems with object and file level security, where developers might generate an API call that does not consider the specific fields accessible, updatable, or deletable on the object invoked by the API. Significant risks also arise with the creation of third-party applications that invoke the Salesforce API but are themselves security deficient.
13 Essential Steps to a Secure Salesforce Environment
User Management & Permissions
1. Adopt the principle of “Least Privilege”
A Salesforce user should have the fewest possible access privileges. Applying this principle requires thinking and planning about user roles and what each role can access and clearly defining this in an Identity Governance framework. The “Least Privilege” principle should apply to system admins and developers working on custom Salesforce apps.
2. Implement strong passwords & MFA
The ability for Salesforce users to log in from anywhere, on virtually any device, is great for productivity but disastrous for security. Requiring strong passwords and multi-factor authentication (MFA) can help reduce the risk of malicious actors gaining access by guessing passwords or using stolen login credentials. Salesforce has its own native MFA feature, but customers can also use third-party solutions like Okta and Duo for this purpose.
3. Disable inactive users
Inactive user accounts are ripe for takeover by attackers. It’s wise to purge former employees or people who no longer need access to Salesforce from their user rolls. This should not be a manual process but take place automatically through integration with identity management solutions that manage the provision/de-provision of all system access for employees.
4. Integrate Salesforce with IAM solutions
Salesforce has its self-contained user management system. However, you shouldn’t let Salesforce be an identity silo, with a Salesforce admin taking care of provisioning/deprovisioning access.
Instead, integrate Salesforce with your organization’s identity and access management (IAM) solution, such as Microsoft Active Directory. This integration lets you switch Salesforce access on or off centrally when employees join or leave the company or change roles.
Allowing single sign-on (SSO) is a variant of this approach, enabling users to log in once and then automatically be signed in to Salesforce and other apps. Salesforce enables SSO through integrations with Okta, Duo, and many other SSO solutions.
5. Map organizational structure and roles to Salesforce access rules
Salesforce functionality and access privileges are hierarchical. For example, a Sales Manager can see the activities of her direct reports. It is a good practice to map your organizational structure carefully to Salesforce role definitions and privileges.
Data and Application Security
6. Implement field-level security
If you are using Apex code or Salesforce APIs, it’s wise to implement field-level security. This control forces you to decide which fields are exposed to access by the API or Apex classes. It is a countermeasure against exposing sensitive data to breaches.
7. Implement Data Loss Prevention (DLP)
Data Loss Prevention (DLP) for Salesforce can take various forms. Still, it mainly involves policies and processes like role-based access control (RBAC) and regular backups, which you can do using tools like Veeam. You should also implement data encryption as part of your DLP plan. Salesforce offers the Shield Platform Encryption feature, which encrypts data at rest on the Salesforce platform.
8. Mitigate third-party application risk
Third-party apps pose a significant threat to Salesforce, partly because it has little control over the quality of development and security of the third-party integration plugins that connect to its platform. SaaS security solutions like Suridata can scan for third-party plugins and flag integrations that may create risk in the Salesforce environment.
9. Engage in secure app development
If you’re developing applications for Salesforce using Apex or other developer tools, you should use secure development practices by leveraging approaches like the DevSecOps methodology. You should also review any AppExchange app for security before allowing anyone to implement it in your Salesforce environment.
10. Build an IP allowlist
Salesforce enables IP allowlisting natively. This countermeasure allows you to restrict the range of Internet Protocol (IP) addresses that can access Salesforce, e.g., only IP addresses in North America.
11. Focus on API security
APIs are a significant attack surface for Salesforce, so you should define and enforce security policies that reduce API-based vulnerabilities. This process may align with your organization’s existing API security and governance programs, so it may not be necessary to spin up API security just for Salesforce.
Possible countermeasures include:
- Scanning for “rogue” or abandoned Salesforce API integrations.
- Managing API access.
- Using IAM and privileged access management (PAM) solutions.
- Using API security tools to discover APIs vulnerable to injection attacks.
Monitoring & Logging
12. Create audit trails
Audit trails may not be a priority if you’re a small to medium company. However, generally, it’s helpful to create audit trails for review by stakeholders that range from executives to internal auditors and external regulators. Salesforce enables this capability natively in its Audit Trail Tab.
13. Develop and test incident response processes
Salesforce security incidents are not that uncommon, so it pays to be prepared. An incident response process for Salesforce might be the same as you have for other SaaS apps. SaaS security solutions like Suridata offer SaaS detection and response (SSDR) capabilities, so you can leverage those to automate your incident response workflows and solve vulnerabilities promptly.
Making Salesforce Secure
In a perfect world, your SaaS security measures would cover all risks affecting your Salesforce environment. However, the reality is that Salesforce is so far-reaching in the average organization and so profoundly interconnected that it embodies a unique level of risk. For this reason, you should review your Salesforce security, taking concrete steps to manage user access and permissions, protect data, and monitor Salesforce for signs of attack.
Suridata’s SaaS security solution can help you here. Suridata monitors user activities, checks for insecure configurations across all systems layers, and conducts granular vulnerability assessments. Plus, you get real-time alerts and in-depth vulnerability information to activate the correct workflows. Learn more here.
Co-Founder & COO