Salesforce Enterprise Data Security: Tested Lessons Through an Architect’s Lens

Lately, some notable Salesforce clients like Chanel and Google have been hit by data breaches. Preliminary investigation seems to rule out any inherent security vulnerability of the Salesforce platform. Instead, it indicates that the attacks were mainly orchestrated through social engineering – attackers tricked people into installing fake versions of popular apps. Once installed, when employees used the app to log into Salesforce, the attackers had full access.

In the age of generative AI, I believe that these attacks are going to become more sophisticated, convincing, and frequent to unsuspecting end users. Thus, it behooves us to have a proactive security culture, a strong governance framework, and an iterative end-user education plan to prevent similar incidents in the future.

Designing the Enterprise Security Council: A Practical Framework

The Enterprise Security Council acts as a governance body that brings structure, stability, and foresight to platform security. Its primary purpose is to review security-sensitive design decisions, set guardrails for development practices, and ensure compliance alignment across all work streams.

Council Membership

The council should include the following: Salesforce Platform Owner, business unit leads from all work streams, and the Scrum Master. Legal and Compliance can participate on an ad hoc basis when sensitive data or compliance issues are in scope.

This mix promotes a thorough review of the decisions from multiple angles, thereby promoting cross-track visibility, standardization, and data compliance alignment.

Scope of Discussions

The council’s discussions typically revolve around practical governance matters that cut across teams and work streams. They review requests for new integrations and determine the appropriate authentication and authorization standards to safeguard access. They also evaluate and approve data-sharing patterns between internal and external systems, ensuring alignment with both security and compliance requirements.

Another recurring topic is the establishment of clear guidelines for handling sensitive fields such as personally identifiable information, financial records, or donor data. In addition, the council takes responsibility for prioritizing and resolving cross-track risks that surface during development sprints. Finally, it defines and enforces escalation paths so that critical incidents or vulnerabilities can be addressed in a timely and coordinated manner.

Decision-Making Model 

Disagreements are inevitable, but when they arise, multiple options are presented with pros and cons. The council weighs the trade-offs collectively and proceeds with the approach that balances risk with value. Final decisions are taken based on group consensus rather than individual subjective preferences.

Example in Practice

For example, if a work stream proposes integrating a new third-party app, the council would examine the proposal from multiple angles:

• Platform Owner: evaluates alignment with Salesforce architectural standards.
• Business Unit Leads: assess feasibility and downstream impact on their work streams.
• Legal/Compliance: confirm if sensitive data is involved and ensure regulatory alignment.
• Scrum Master: facilitates the discussion and ensures decisions are documented.

After deliberation, the council evaluates three possible paths: approve the integration immediately to meet sprint timelines while accepting limited risk; reject it outright until full compliance and encryption safeguards are in place; or grant a conditional approval that allows progress behind feature toggles, provided token-based authentication and encryption at rest are implemented as mandatory controls.

Following a balanced discussion, the council agrees on the conditional approval approach – protecting delivery momentum while enforcing measurable safeguards. This outcome reflects the council’s purpose: to transform debate into structured decision-making where every stakeholder’s concern informs a unified, risk-aware resolution.

Why Governance Falls Through the Cracks

From personal experiences in leading enterprise-scale implementations, I have seen three main challenges that lead to security and governance work getting overlooked and falling through the cracks – even when the intent is strong.

Misalignment with Agile Practices

One core challenge lies in the way agile-based development is done. Most teams are engineered and even incentivized to prioritize speed and agility – delivering through incremental and short bursts of sprints. 

But security work, by its core nature, is rooted in foresight and caution. It’s more akin to the “measure twice and cut once” mindset. So, there seems to be some misalignment. The most effective way to reconcile the two is by embedding lightweight security reviews within existing sprint ceremonies.

Lack of Recognition for Security Efforts

The security-related work seldom provides any internal recognition or visibility. Due to its core nature, even the best of efforts remain unnoticed and underappreciated. If an incident happens, the same team quickly gets subjected to scrutiny, despite having operated quietly in the background and preventing multiple risks all along. The remedy lies in making these contributions measurable and visible through valid and relevant metrics.

Governance Misperceived as Bureaucracy

Perhaps the biggest challenge is the perception that governance is often viewed as bureaucracy rather than foresight and discipline. This can be countered by reframing governance as a business accelerator, using real examples where early reviews prevented costly rework, reduced compliance friction, or expedited approvals.

Navigating Governance Challenges: Practical Recommendations

To address the challenges listed above, a bottom-up approach would be futile. Instead, meaningful progress requires strategic and tactical actions that work together.

At the strategic level, executive ownership is critical. The responsibility of establishing a culture of proactive security must flow from the top, with governance positioned as a strategic priority rather than a purely technical initiative.

This requires sponsorship, encouragement, and even incentives from leadership, making it clear that security is a shared organizational value. Equally important is the way governance is framed: it should be seen as a partner to product teams rather than a blocker, preventing rework, chaos, and technical debt.

To reinforce this culture, organizations should institutionalize security rituals by making reviews and audits recurring in nature so that they become second nature rather than occasional exceptions.

At the tactical level, the focus shifts to embedding governance into everyday delivery practices. Governance meetings should align with the cadence of agile sprints, ideally introducing an approval stage once solution design and technical architecture are finalized, but before development begins.

This timing ensures risks are addressed early, reducing the likelihood of costly rework later. Recording these meetings provides valuable reference material, as similar scenarios often arise in subsequent sprints, and having historical context accelerates decision-making.

To further streamline governance, decisions can be tracked as custom objects within Salesforce, with each record linking user stories, design decisions, council meeting details, and recordings, thereby creating a single source of truth for future reference.

Standards should not remain hidden in static documents but be actively documented, publicized, and integrated into developer onboarding, with content kept live and evolving. 

Finally, governance should be made visible in sprint planning by allocating specific story points or effort toward governance and documentation. When teams see their contributions recognized, quantified, and even rewarded, security governance transitions from being perceived as overhead to being embraced as part of the value-driven delivery process.

Final Thoughts

An enterprise-grade platform is only as secure as the decisions made by people using it. For comprehensive outcomes, tools in a vacuum prove futile unless augmented by the culture of proactive security. A culture that’s not only a strategic preference, but one that’s deeply embedded in the day-to-day operations.

Extending beyond executives and architects to include end users, who often represent the first line of defense. By equipping them with the knowledge, training, and awareness to recognize risks and act responsibly, organizations turn security from an abstract policy into a shared responsibility.

Ultimately, governance is not about taxing agility or slowing innovation. It is about enabling teams at every level – from executives to developers to end users – to scale securely and sustainably, with confidence that their collective decisions protect both the platform and the business it serves.