Previously, when I was the Head of Product for Salesforce’s nascent security suite, I got to work with some of the best engineers on the planet to build and release Salesforce Shield and Salesforce Security Health Check.
Since then, I’ve dedicated my career to enhancing the efficiency and security of the Salesforce platform and its administrators. One area I’d like to share some best practices on is around managing Salesforce integrations.
The Beginning of a Secure Journey
When I joined Salesforce a decade ago, I was thrilled to work for an organization that prioritized the safety of its customers, their data, and their workflows. Collaborating with some of the best security engineers in the world, my team and I addressed the pressing security challenges of that time. This effort led to the development and release of Salesforce Shield and Security Health Check, solutions that have significantly impacted the security landscape and are currently helping keep over 100,000 customers safe and secure.
Reducing Admin Workload Keeps Salesforce Instances More Secure
These solutions keep Salesforce instances secure by both reducing the workload of admins while concurrently updating security settings. In the Salesforce world, any successful security solution will only succeed (i.e. be widely adopted by Salesforce Admins) if it at the same time reduces admin workload.
The Evolving Salesforce Admin Landscape
Salesforce Admins are facing an expanding workload as they are concurrently tasked with significant security responsibilities. As the custodians of Salesforce data, admins are responsible for managing user roles, permissions, encryption, and integrations – and integrations have become quite the beast for a lot of instances.
One of today’s biggest challenges in managing Salesforce instances is handling integrations. Integrating Salesforce with other systems is a key value add of the platform.
However, for many companies, these integrations have become unwieldy and in many cases, left largely unmanaged due to the complexity and sheer amount of work required to monitor and maintain them on a daily basis.
Configuration Makes the Integration
When reviewing integrations it’s important to not only look at what permission it has but also dive deep into how it’s configured. With any integration, you want to be able to answer:
- Who is using the integration?
- In what ways is the integration active or inactive?
There are many nuances to look at and verify. For example, do you have an integration that should only be looking at opportunities objects but happens to also be looking at customer and contractor-related objects? These kinds of nuances are important for confirming the validity of any integration.
Fortunately, there are best practices that can tackle the integration challenge. Let’s look at five steps you can take to check the health of your Salesforce integrations.
5 Steps to Check and Improve the Health of Your Salesforce Integrations
The basics of managing integrations in Salesforce today typically involve:
- Audit all active integrations: Documenting a comprehensive audit of all active integrations is crucial to understanding the full scope of interconnected systems. This process involves identifying each integration and labeling its purpose.
- Review and restrict permissions and data access: With each integration documented and labeled the next step is to look at the data access levels granted to each integration.
- Review validity of integration: Along with the data access each integration has you also want to look at and document its configuration and activity. Being a Salesforce Admin, you’re already monitoring users and what they do. It’s important to note that it’s equally important for you to monitor your integrations and how they work.
- Active configuration: What’s the scope of configuration? Which objects does it have access to?
- Recorded activity: What’s the integration actually doing?
- Regularly review and revoke OAuth tokens: This is a key step we’ve been working up to in the health check. OAuth tokens are the central access mechanism of Salesforce integrations. Revoke all tokens that don’t pass muster in the first three steps. Ideally this becomes part of the continual monitoring and clean-up process.
- Conduct routine “integration” health checks to ensure ongoing security: Repeat these steps on a regular basis. The more often the better. Yes, this can be a lot of work and that leads to the bonus step.
- Bonus step – automate: There’s a new generation of AI tools that automate auditing, reviewing, and remediating your specific Salesforce environments. These tools look at metadata, integration logs, and activities created by 3rd party systems connecting to your environment. They have great potential to be a Salesforce admin’s best friend.
The Potential Role of AI in Salesforce Integration Management
AI solutions offer a promising avenue for reducing the workload on Salesforce Admins including automating integration health checks. Solutions like Valo automate auditing and monitoring tasks for Salesforce environments, providing insights and making changes in real time. This ensures that integrations are secure and well-managed while giving time back to admins.
Summary
Managing Salesforce integrations is a critical aspect of maintaining a secure and efficient Salesforce environment. By following the five steps outlined, admins can significantly enhance the security and performance of their Salesforce instances.
Furthermore, leveraging AI tools to automate these processes not only reduces the administrative burden but also ensures that integrations remain secure and well-managed over time. Prioritizing these practices will help maintain a robust and secure Salesforce ecosystem, allowing admins to focus on strategic initiatives.
