As a Salesforce Admin, you play a crucial role in maintaining the security of your company’s valuable data. In fact, security is one of the five admin core responsibilities.
New technologies like GenAI and Salesforce’s Agentforce bring increased value to admins, but also new security challenges. Following security best practices is more important than ever as these tools continue to advance and positively impact that way we work.
As the day-to-day owner of Salesforce, overseeing security can be a large task, and it isn’t something admins need to take on alone. We encourage admins to work with their stakeholders, IT, and security teams to help safeguard Salesforce data by creating a culture of security at their companies.
The first step to building a culture of security is by following security best practices. Make sure to prioritize the following things when it comes to security.
Investing in your company’s security isn’t just about configuring the product correctly—it’s also about people. Getting users to avoid clicking on and report phishing emails that target Salesforce credentials, for example, can save your company from a security breach. Admins can only control so much; the hardest part is getting your users and stakeholders to follow security best practices.
So, how can admins create a culture of security at their companies to ensure security best practices are followed by everyone with a Salesforce login?
First, you’ll need to understand what specific challenges your company faces when it comes to security. Almost all admins should be concerned about misconfiguration, data loss, and phishing emails, among other things.
The best way to gain a comprehensive understanding of this for your unique environment is to run a threat model to understand security needs for your implementation. Once you understand the risks, work to address risks based on priority (think biggest impact plus lowest effort).
The next step is to identify who your most important stakeholders are. For Salesforce Admins concerned with security, stakeholders within your company will typically be the IT team, the security team or security leader, the operations team, etc.
Once you’ve identified these individuals or teams, build a strong business case for them by creating a plan that clearly addresses existing security risks, calling out necessary resources. Remember that strong relationships are essential to stakeholder management.
The last piece of the security culture puzzle is your users. Understanding your user audience(s) is an essential component of success with this audience. It’s up to you to understand:
Understanding that your stakeholders and users are audiences that have different needs and incentives is the key to building a security culture. But once they’re on board, it will become second nature!
If this seems like a lot and you’re wondering how this translates into an actual program, not to fear—we created a template for you! You can use the template below to build a Security Culture Program at your organization.
If you’re looking for more specific tips on how to secure your Salesforce data, see the below resources to understand how to manage security of your org.
As admins, you hold the keys to success for your users and companies to get the most out of Salesforce. You have the unique opportunity to build and manage trusted solutions that drive productivity and innovation through five core admin responsibilities: security, user management, data management, analytics, and a new core responsibility: product management. The […]
Winter ’25 is almost here! Learn more about user management and check out Be Release Ready to discover more resources to help you prepare for Winter ’25. We’re continuing to innovate in Setup starting with user access and user management. We have several exciting enhancements in store for Winter ’25–many thanks to your feedback and […]
Awesome Admins, we know that troubleshooting user access is a common task. You’re frequently asked questions like “Why can Jane access this field, but John can’t?” or “Why can John view this record when he shouldn’t be able to?” In Summer ’24, we introduced helpful summary views for users, public groups, permission sets, and permission […]
