Flow / Admins / Architects / Business Analysts

Optimize Your Salesforce Org With These 7 Critical Insights

By Mike Bogan

While we hope your Salesforce org proves to be the exception, according to the latest research, it’s likely housing over 2000 custom code security risks, around 14 out-of-date installed packages, and many automation faux-pas. But surely your org is the exception, right?

We recently analyzed the aggregated metadata from hundreds of real Salesforce orgs and found some critical (and somewhat alarming) insights. Here are our top seven findings…

1. Salesforce Teams are Managing an Immense Amount of Metadata

Salesforce is a powerful tool that requires careful management – especially when it comes to handling the immense amount of metadata associated with the platform. However, did you know that the average Salesforce org has 24,000 metadata items that an admin must manage?

Beyond simply feeling overwhelmed and time-poor, it can also result in communication breakdowns, end-user frustration, and adoption issues. To overcome these challenges, Salesforce teams need an automated tool to quickly review org configuration, identify next steps, and communicate with stakeholders.

Source: Hubbl

2. Out-of-Date Installed Packages are Impacting Performance and Security

Salesforce orgs rely heavily on installed packages to expand their functionality and improve user experience. However, as the Salesforce ecosystem continues to evolve, keeping these packages up-to-date becomes increasingly crucial. Out-of-date packages not only impact org performance but can also pose serious security risks.

According to the 2023 Hubbl Diagnostics Benchmark Report, 99% of Salesforce orgs have out-of-date installed packages, and 15% of all custom code security issues come from installed packages. So, when was the last time that you reviewed your installed packages?

Source: Hubbl

3. Custom Code is Housing Security Risks

Custom code provides superpowers to your users – whether it’s Aura, Lightning Web Components (LWC), Visualforce, Apex, or triggers. However, with that power comes some data and security risks that must be managed. According to the report, the average Salesforce org has approximately 2000 custom code security issues.

The impact of these security vulnerabilities can range from accessing sensitive data by the wrong personnel to external leaks of regulated information that can be an existential threat to an organization.

4. Migration to Flow is Not Being Prioritized

Salesforce Flow is the new automation tool and is replacing Workflow Rules and Process Builder – however, only 14% of declarative automation in the ecosystem is in Flow. Flows and triggers can dramatically speed up your Salesforce org, improving employee adoption, customer experience, and your bottom line. In fact, 50% of Salesforce orgs could save over 100 hours per year if they migrated off workflow and Process Builder.

If you haven’t begun migrating to Flow, we recommend building your case using ROI metrics to demonstrate the value of migrating as soon as possible.

Source: Hubbl

5. Object Automation is Costing You More than You Think

Salesforce’s Well-Architected framework recommends consolidating all automation for a single object into a single automation type (if possible). However, due to the abundance of declarative and custom automation types, many Salesforce orgs are not following these guidelines. It was found that 47% of standard objects in use have multiple automation types.

While using multiple automation types on a single Salesforce object may seem like a quick fix, over time, maintaining multiple automation types can become challenging and costly.

6. Empty Custom Fields are Slowing You Down

Fields hold the critical transactional information in your org. Salesforce provides many standard fields out-of-the-box, depending on your licenses – but to get the most value out of the platform, businesses often add custom fields. The 10% of all custom fields on the most important objects in most orgs (Account, Opportunity, Case) are empty.

According to Salesforce’s Well-Architected framework, fields that have not been utilized constitute a technical debt that makes your org harder to maintain. Admins should identify unnecessary custom fields and get rid of them to create a better user experience, streamline processes, and improve efficiency.

Source: Hubbl

7. Too Many Users Have Access to Your Data

The average Salesforce org has 24 assignments that allow users to “Modify All Data” and another 20 that allow “Data Export”. Do you really need to provide access to so many users?

To protect your data, consider taking the following steps:

  • Review profile and permission set assignments to identify which users have the power to modify and export your data.
  • Define a clear policy on who in your organization should have this access and why.
  • Begin migrating permissions from profiles to permission sets to better control access to your data.


We trust that this article has revealed crucial insights that demand attention. See how your Salesforce org stacks up against ecosystem benchmarks and compare it against each of these metadata insights with Hubbl Diagnostics’ free org analysis tool.

The Author

Mike Bogan

Mike joined the ecosystem with Traction On Demand as the first presales solution engineer, growing ToD from 20 to >1500. Now with Hubbl Diagnostics, Mike leads product strategy efforts

Leave a Reply