At Salesforce, we build security into our products and processes from the ground up. But our commitment to delivering secure products is only half the story because we believe security is a shared responsibility between Salesforce and our customers.
As an admin, you have a unique opportunity to become a security advocate — or champion, as we like to say — at your company. Your Salesforce org contains a large amount of valuable data, and you play a critical role in keeping that data secure. That’s why we created this checklist to give you some immediate ways to boost the security of your Salesforce org. Before we go into the details of the checklist, let’s talk about what your main security priorities are as an admin.
Your Salesforce org is home to a plethora of valuable customer and user data, and protecting that data is your #1 priority as an admin. When it comes to protecting your data from inside your org, one of the biggest challenges is understanding the type of information each user needs access to. This is where the principle of least privilege — a fundamental tenet of information security — can be very helpful. Following this principle means that users should have the least number of permissions necessary to do their job. Limiting users’ permissions prevents unauthorized access to sensitive records and information. Ultimately, following the principle of least privilege can significantly reduce the amount of risk to your org.
Let’s dive in! Here are the five steps to securing your org:
Permission sets allow you to control users’ access to records, fields, and other data without changing their profiles. They can be a powerful way to control access — and increase security — within your org. When creating permission sets, remember to always follow the principle of least privilege. First, identify the job functions, tasks, and processes critical to your users and define permission sets appropriately. Remove high-risk permissions from profiles and add them back to users as necessary through permission sets.
Before creating net new permission sets, see if you can reuse or recycle existing permission sets by adjusting them to match job function changes. You can also use permission sets to grant temporary access when users need to fill in for another user or complete short-term projects. Regularly conducting an audit of the permissions that your users have is also a great way to prepare for your multi-factor authentication (MFA) rollout!
One of my favorite out-of-the-box security tools, Health Check gives you visibility into all of your security settings in one view. You can find and run Health Check in the Security Settings section in Setup.
Salesforce orgs have a high level of built-in security, but there are certain things left up to you, the admin, to configure based on the needs of your company. Things like setting up secure password policies and limiting session length will increase or decrease your score, depending on how you choose to configure them. We recommend running Health Check after every release (three times a year) to ensure that nothing has changed within your org and any new security settings are addressed right away.
MFA, or multi-factor authentication, is one of the strongest security controls available to Salesforce Admins. You’ve probably been hearing this phrase a lot in the Salesforce universe lately because we’re asking all customers to implement MFA.
MFA adds an extra layer of security to your login process by requiring users to verify their identity with two or more pieces of evidence (or “factors”) to prove they are who they say they are. MFA is a great way to put additional safeguards in place against common security threats like phishing attacks. Hackers often target users’ login credentials with phishing attacks, but setting up MFA makes it extremely difficult for an attacker to get access to a user account. Enabling MFA is one of the easiest, most effective actions you can take to safeguard your business and customer data.
Salesforce Optimizer is a powerful, free tool that takes a snapshot of your Salesforce org and looks for potential problems in your implementation. Optimizer can also help drive feature adoption with your users and is especially helpful when rolling out MFA. Admins can fine-tune their MFA implementation with Optimizer by checking if any users are still logging in with non-MFA methods.
You can also use Optimizer to strengthen your org’s overall security. For example, you can use it to find users who haven’t logged in for a while, which could mean they no longer need access to Salesforce and should be deactivated. You can also review how many users have a System Administrator profile; if there are too many, it might be time to reassess their permissions. Remember that it’s always best to limit those powerful permissions to the smallest number of people necessary (I’ll say it again: principle of least privilege!).
We’ve gone over a few actions you can take within your Salesforce org to boost the security of your data. Now, let’s talk about how to level up your skills. We like to say that security is never done, which means that staying educated about security is an ongoing project. Salesforce has amazing resources to help keep you up to date on security best practices, including Trailhead and the Admin Certification. We’re constantly updating Trailhead with new security training for new releases, so go take a look! These training resources will not only help you be the most secure admin you can be but also make you a more valuable employee and give your career a boost in the long run.
Make sure to check out the Security for Admins: Become a Security Champion episode at TrailheaDX for more info and demos of these tips!
What is Salesforce Backup? Salesforce Backup is our native backup and restore solution designed to safeguard customers’ valuable data. Geared for user-friendly operation, Salesforce Backup automatically creates backup copies of business data, empowering organizations to effortlessly restore data and recover from even the most challenging scenarios. With the Spring ’24 Release, we’re thrilled to announce […]
What is Salesforce Backup? On August 15, Salesforce announced the general availability of Salesforce Backup, a native backup and restore solution designed to safeguard customers’ valuable data. Built with ease of use in mind, Salesforce Backup automatically creates backup copies of business data, empowering any organization to restore data and recover from even the worst-case […]
Artificial intelligence (AI) is everywhere right now and everyone is talking about it. From having fun with generative imaging to staring in wonder at driverless cars, it seems that AI is popping up all over the place. Salesforce has made a ton of AI announcements with Sales GPT, Service GPT, Slack GPT, and beyond. As […]
