Your Salesforce Instance or cloud environment can be complicated. It may contain hundreds of users, multiple admins, sandboxes, community portals, customized data structure – the list goes on. So, where do you start to monitor privileged users? Below are five security considerations to take to prevent privileged user abuse in the cloud.
(To learn why privileged users can be a problem in the cloud, check out Part 1 of this post, 5 Reasons Why Privileged User Abuse is a Top Security Concern in the Cloud)
1) Apply the Principle of Least Privilege
Users should be given permissions to only what is necessary to perform their job role in your Salesforce instance or cloud environment. Organizations can customize user privileges per user and per application. For example, if an employee needs read/write privileges to a certain files system, then they don’t necessarily need root privileges. Applying unnecessary privileges puts your organization at increased risk.
2) Get a Consolidated View of User Profiles and Permissions
New objects, applications, functionality, roles and projects are constantly being added to your Salesforce environment. With security in mind, you probably find yourself comparing permissions to various users as their roles and workflows evolve. Obtaining a consolidated view of all users permissions lets you save time and not have to click into each permission set in Salesforce. With time savings, you can complete more thorough access reviews in much less time. Furthermore, if you’re managing multiple orgs or sandboxes, you may need to change permissions in one and not the other – this leaves a lot of room for errors. With a single view, you can identify errors and view who made what changes to permissions with proactive notification.
3) Detect Changes Within Salesforce
Do you know when a user is created in your Salesforce environment? How about when someone modifies an IP whitelist? Change in permission set? How about when an admin is created? Monitoring for changes to security controls within Salesforce gives you the ability to keep control of your users and your data. It’s most valuable to implement proactive alerting on changes that are most relevant to your role and your security posture.
4) Monitor Who, What and Where Users are Accessing Your Salesforce Environment
It’s important to understand how users are accessing your Salesforce environment. Why’s this important? Perhaps a user is logging into Salesforce from a restricted location or IP address, or after hours. Upon detecting such unwanted behavior, you can set up rules to prevent privileged user abuse. The data that’s available in the access count can also detect if users are logging in from unsupported devices.
5) Monitor for Abnormal User Behavior and Compliance
By monitoring privileged users, login access and abnormal user behavior, you are more equipped to satisfy state, federal and global regulations regarding access controls and monitoring access. In addition, you are able to automate your compliance process and hold your associates accountable for their activity in Salesforce. In return, the sensitive data and confidential information in your Salesforce instance are more secure.
Learn how to prevent privileged user abuse in the cloud and more with FairWarning for Cloud Security.