Usually, cloud services are vulnerable to malware and attacks. A recent increase in credibility over cloud applications is due to the leading cloud service providers like Salesforce.
Salesforce has several in-house services to secure customer’s data and provide robust features to the enterprises. “Salesforce Trust” provides updates on various attacks that can affect Salesforce customers.
Salesforce users should prohibit themselves from providing Salesforces’ login credentials through emails. Recently, Vawtrak malware delivered by Pony steals login credentials and attempts to make unauthorized logins to access and take data from Salesforce.
Although Salesforce offers a single collection of cloud computing resources to serve its customers, data security is achieved by assigning a unique identifier to each Salesforce customer. This id further gets associated with each session accessed by the company.
Salesforce Health check is a feature that provides a security score to speak about the robustness of the configuration. The security score based on the Salesforce recommended baseline settings.
You, as the Salesforce customer, need to take some steps to secure your Salesforce environment.
The following practices should be your mantras:
Knock Knock! –who’s there?
Prevent unauthorized access to compromised accounts through IP restrictions and multi-factor authentication.
Restrict organization-wide sharing rules with ordinary business functions. To extend beyond the organization-wide sharing rules, implement role hierarchies, sharing rules, permission sets, etc.
- Make sure passwords contain uppercase letters, lowercase letters, numbers, special characters, and symbols, with a minimum of 8 characters.
- It advises restricting incorrect login attempts to between 3 and 5 times.
- Passwords and the secret answers to password resets should not be trivial.
- Force re-login with a warning upon session timeout, which should be reasonably low.
- Autocomplete and caching should be disabled on the login page.
- User passwords should expire within 90 days from creation, and the same passwords should not be used until at least five new passwords are used by enforcing password history.
- Two-factor authentication is the most effective approach to protect the user account. When a user attempts to view reports or access a connected app, two-factor authentication will help.
- The two-factor authentication classified into two types, Service-based & Policy-based.
- Service-based authentication is also known as device activation, which automatically enables for all orgs.
- Admin controls Policy-based, and it is an admin’s best tool to protect user accounts.
Usage of platform encryption should accompany the regular generation of a new tenant secret. The destruction of old encrypted keys should be carried out after the decryption of data using the old encryption key.
Remember to re-encrypt the encrypted data with the new critical irrespective of whether they are currently used or archived and not destroyed.
Clickjack protection to customer Visualforce pages with or without headers along with setup and non-setup Salesforce pages.
Protect your pages with the help of your security experts from illegal access to your account.
All devices accessing Salesforce should have the latest browser version, anti-malware software, and operating systems.
An updated version of your resources should include the latest bug fixes and hence will protect you from exploits.
- Restrict authorization and limit sharing rules
- Secure passwords and implement session timeout
- Regenerate encryption keys and update the data
- Protect from malicious attacks
- Stay updated with your resources
- Use two-factor authentication
Salesforce also has in-house features to keep your Salesforce secure, and you need to follow these best practices to stay safe from malicious attacks. CEPTES, a Salesforce Partner company and platform expert, with more than ten years of expertise and Salesforce, certified consultants would make sure your business grows securely with Salesforce. To know further details, contact us.