Keeping a Salesforce org safe and secure from cyberattacks can sound like an overwhelming task to a Salesforce Admin. Recently, a major attack resulted in hackers claiming to have stolen nearly a billion Salesforce records and holding that data for ransom. As an admin, this is a frightening scenario. Most Salesforce Admins don’t have a large amount of cybersecurity training (likely none at all).
Salesforce Ben has a lot of great resources for Admins to help protect your Salesforce orgs. These are great, and I encourage you to take a look and see what is missing and how to protect your Salesforce org. But just setting up these features does not constitute a thorough education on what the vulnerabilities are in Salesforce orgs, and how to protect against incursions.
Cybersecurity Experts’ Top Priorities
I think it’s important for admins to get some cross-training and hear from real cybersecurity experts about what the vulnerabilities are, how to protect a Salesforce org, and stay educated on all things cybersecurity. To get a better insight, I reached out to two cybersecurity experts with a few questions, and here’s what they said:
What Security Features Are Most Commonly Missed by Salesforce Admins?
“It may not shock anyone, but the biggest risks still tend to be around what people may refer to as ‘Core controls’ or ‘Security Hygiene’,” said Justin Beachler, Global Director of Trust and Security and Bugcrowd.
“Things like excessive permissions, lack of identity controls (such as Multi-factor authentication or Single sign-on), or hooks into third parties that don’t meet certain security standards.
“Another, slightly trickier problem, is insider (user) threats. Having systems in place to catch abnormal behavior, such as a user in a niche role exfiltrating all company records that contain sensitive information.”
“Integrations and hackers aren’t the only threats to a Salesforce org. Users with unlimited view/export capabilities can just as easily steal data. Make sure your users can see only what they need to see, and export only if they need to export.” Justin Beachler, Global Director of Trust and Security, Bugcrowd Inc.
What Security Features Do You Think Are Most Commonly Missed by Salesforce Admins?
“I would point towards permissions as a general category. Taking the time to model out which users, tools, and third parties should have access to specific data and enforcing those controls on a record or field level will go a long way towards protecting an organization from potential risk,” Justin said.
What Advice Would You Give Salesforce Admins to Make Their Orgs More Secure?
“‘Principle of Least Privilege’ is not a checkbox; it is a habit you apply to every decision,” said Jonathan Kuskos, Chief Hacking Officer at Chaotic Good Information Security. Start from the idea that no human or integration should have [full] access by default, then grant only what is needed for one job, for one system, for the shortest reasonable time.
“In practice, that means one integration user per app with only the objects and scopes it truly uses, connected apps on admin pre authorization, refresh tokens that expire on inactivity, and sensitive permissions like API Enabled, Modify All Data, Export Reports, and Manage Users tied to a high assurance session.”
“Principle of Least Privilege’ is not a checkbox; it is a habit you apply to every decision.” Jonathan Kuskos, Chief Hacking Officer, Chaotic Good Information Security
What Are Your Thoughts About the Recent Salesforce Data Theft?
“The fake Data Loader case is a reminder that attackers get a high return on effort by targeting the human path, not the hardest technical one,” said Jonathan.
“A busy admin searches for a familiar tool, clicks the top result that looks official, and either installs a lookalike binary or clicks through an OAuth consent that grants API plus a refresh token. Nothing exotic happens, just habit meeting a convincing prompt and a name that signals trust.”
Key Takeaways
So, as admins, what can we learn from cybersecurity experts? There are two main takeaways that I think are really important for Salesforce Admins to get out of this article.
- In Salesforce, the Principle of Least Privilege means that users should only have access and permission to see and do the things they need to do that are part of their job. Most users probably don’t need “Edit” permission on every single object, or the ability to install packages from the AppExchange. For example, a Business Development Rep whose job is to call leads and book meetings probably needs “Edit” on Leads, but only their own Leads, not Leads belonging to other people. And probably doesn’t need to see or edit support cases at all. Review all of your users, Profiles, Permission Sets, and Sharing Settings to ensure that users have what they need, and not what they don’t.
- Security is not something you think about once, turn on, and then forget about it. Keeping a Salesforce org secure is a never-ending job that requires a perpetual mindset of watching for potential dangers. Install packages, connected apps, and even users have the potential to be a threat to a Salesforce org. Security in Salesforce is a culture, not a one-time project.
Final Thoughts
While these takeaways are important, I don’t want you to panic if this is the first time you’re thinking about how to secure your Salesforce org! Creating a culture of security first in Salesforce can be tough, but there are a lot of great resources out there to get you started.
I’m going to include some great links here to other articles that will help you get on the right path. I hope this helps you develop a safer and more secure Salesforce for your company in the future.
Further Resources
- How to Secure Your Org in 30 Days
- The Essential Guide to Salesforce Data Protection
- Top Salesforce Security Mistakes that Could Cost You
- The Biggest Salesforce Security Threat Could Be Right Under Your Nose
