Since its initial introduction, the Salesforce application has evolved considerably. What started as an application for cloud-based customer relationship management has gradually become a comprehensive information storage system, tightly integrated with nearly all critical functions of modern businesses. The number of organizations adopting Salesforce continues to increase, but such growth brings emergent risks that threaten data integrity. To prevent data loss, manipulation, and theft, CRMs like Salesforce require active management in the form of cloud application security.
This post contains an overview of data security in Salesforce, what risks and threats leading organizations focus their efforts on, and how to secure your most valuable information in light of security concerns.
Salesforce: A business-critical cloud application
Given the dramatic increase in Salesforce usage among enterprises, it would be difficult for many businesses to maintain normal operations without the application’s cloud storage facility. Organizations are storing more information than ever in the application, including:
- Highly proprietary, valuable customer and prospect information accumulated through years of relationship-building as well as automated gathering processes
- Detailed, sensitive information regarding employees and the organization
- Ordering systems that use price books, products, and contracts
- Financial information that feeds into corporate accounting systems, which in turn generate GAAP audited financials
Salesforce holds the most valuable asset of any enterprise
What exactly does this sensitive information look like? Credit card numbers, financial account details, protected health information (PHI), and personally identifiable information (PII) of all kinds are now held in the Salesforce application. This data about customers and prospects is essential to an organization’s trust between customers and its advantage in the marketplace. With Salesforce containing data – an organization’s most valuable asset – it’s more important now than ever for everything to be done to safeguard it from internal and external threats.
Many of today’s workers operate under the assumption that anything they create at work belongs to them. In reality, it belongs to the company. Because of this, organizational data is at risk of going out the door with departing employees looking to gain a personal advantage in the industry. According to Verizon’s 2019 Data Breach Investigations Report, one in three breaches involved internal actors – also known as insider threats. The cloud enables users to access data anytime, anywhere, so cloud application security is essential to prevent data theft.
According to Verizon, insider and privilege misuse were responsible for 20% of all cybersecurity incidents and almost 15% of all data breaches in 2018. A Ponemon Institute study revealed that insider threats cost companies an average of $8.76 million every year. In a study of 150 data theft cases, the Mishcon Recover report found that 60% of perpetrators stole proprietary information in order to secure a new position with a competing company. And, in 30% of cases, the internal perpetrator’s motivation was to use the stolen information for the creation of new business.
What this means is that privileged insiders can be a serious threat to data integrity, particularly because they’re overshadowed by external threats that make national headlines such as hackers or DDoS attacks. Security teams are realizing that in order to protect data, they need to trust employees, but verify that they have the proper credentials and business reasons for accessing sensitive information. Monitoring user behavior and data access can also prevent departing employees from stealing information, so InfoSec teams are implementing solutions like user activity monitoring to keep a close watch over Salesforce activity.
Legal and compliance considerations
Businesses are increasingly prepared to sue those who commit data theft. The identity theft resource report cites numerous examples of businesses bringing lawsuits against former employees accused of stealing confidential customer information. With more stringent regulations directed toward data compliance and the enforcement of privacy and security standards (i.e. FFIEC, FINRA, HIPAA, FCA, GDPR, and more), securing data is the first step in creating trust.
Salesforce Event Monitoring: Going beyond cloud application security
To avoid business risks and threats, organizations must implement a user activity monitoring and behavioral analytics program as part of their cloud application security procedures. Reliable and legally sound user activity monitoring is impossible without audit logs.
Salesforce administrators know all too well that audit logs have historically been made available only through Salesforce Customer Service at considerable cost in both time and money. To address this limitation, Salesforce released Event Monitoring as part of Salesforce Shield. Salesforce Event Monitoring files (audit log files) are automatically accessible through APIs and enable important aspects of data protection, including:
- Forensic investigations
- Continuous monitoring with alerts and filtering
- Flexible, multi-criteria reporting and filtering
- Governance reporting
- Audit log storage, encryption, and archiving
This sounds perfect, but trouble arises after you receive and attempt to read the audit logs. Salesforce event monitoring log files are long strings of complicated text that aren’t human-readable without programmatic or manual manipulation. In short, you need a translator to draw insights from the data.
FairWarning for Salesforce – your event log translator
FairWarning for Salesforce leverages Event Monitoring log files to boost cloud application security and provide data protection and governance through user activity monitoring. By automatically translating your event monitoring files into human-readable text, FairWarning enables business users to easily interpret and gain insights from event log data. FairWarning for Salesforce continuously monitors for unusual access, proactively alerts you of potential incidents, enables rapid investigations of user activity, and tests for satisfied regulatory requirements.
Using this visibility tool, you can unlock the full potential of Salesforce through expanded trust and more thorough cloud application security.