Privileged User Monitoring: 5 Ways to Prevent Privileged User Abuse in the Cloud

April 20, 2018 Marc Lalosh

Privileged User Monitoring: 5 Ways to Prevent Privileged User Abuse in the Cloud

Your Salesforce Instance or cloud environment can be complicated. It may contain hundreds of users, multiple admins, sandboxes, community portals, customized data structure – the list goes on. So, where do you start with privileged user monitoring? Below are five security considerations to take to prevent privileged user abuse in the cloud.

(To learn why privileged users can be a problem in the cloud, check out Part 1 of this post, 5 Reasons Why Privileged User Abuse is a Top Security Concern in the Cloud)

1) Apply the Principle of Least Privilege

As part of your privileged user monitoring program, users should be given permissions to only what is necessary to perform their job role in your Salesforce instance or cloud environment. According to a Ponemon Institute study, 49% of organizations don’t have policies for assigning privileged user access, despite the clear risk that insiders pose. Organizations can customize user privileges per user and per application. For example, if an employee needs read/write privileges to a certain files system, then they don’t necessarily need root privileges. Applying unnecessary privileges puts your organization at increased risk.

2) Get a Consolidated View of User Profiles and Permissions

New objects, applications, functionality, roles, and projects are constantly being added to your Salesforce environment. When enacting privileged user monitoring, you probably find yourself comparing permissions to various users as their roles and workflows evolve. Obtaining a consolidated view of all users permissions lets you save time and not have to click into each permission set in Salesforce. With time savings, you can complete more thorough access reviews in much less time. Furthermore, if you’re managing multiple orgs or sandboxes, you may need to change permissions in one and not the other – this leaves a lot of room for errors. With a single view, you can identify errors and view who made what changes to permissions with proactive notification.

3) Detect Changes Within Salesforce with Privileged User Monitoring

Do you know when a user is created in your Salesforce environment? How about when someone modifies an IP whitelist? Change in permission set? How about when an admin is created? Utilizing privileged user monitoring to monitor for changes to security controls within Salesforce gives you the ability to keep control of your users and your data. It’s most valuable to implement proactive alerting on changes that are most relevant to your role and your security posture.

4) Monitor Who, What and Where Users are Accessing Your Salesforce Environment

It’s important to understand how users are accessing your Salesforce environment. Why’s this important? Perhaps a user is logging into Salesforce from a restricted location or IP address, or after hours. Upon detecting such unwanted behavior, you can set up rules to prevent privileged user abuse. The data that’s available in the access count of your privileged user monitoring software can also detect if users are logging in from unsupported devices.

5) Monitor for Abnormal User Behavior and Compliance

By monitoring privileged users, login access and abnormal user behavior, you are more equipped to satisfy state, federal and global regulations regarding access controls and monitoring access. In addition, you are able to automate your compliance process and hold your associates accountable for their activity in Salesforce. In return, the sensitive data and confidential information in your Salesforce instance are more secure.

Learn how to prevent privileged user abuse in the cloud and more with privileged user monitoring as part of FairWarning for Cloud Security.

Previous Video
5 Strategies to Prevent Privileged User Abuse in Salesforce
5 Strategies to Prevent Privileged User Abuse in Salesforce

80% of security breaches involve privileged user credentials, according to Forrester Research. So, who’s ma...

Next Article
5 Reasons Why Privileged User Abuse is a Top Security Concern in the Cloud
5 Reasons Why Privileged User Abuse is a Top Security Concern in the Cloud

Privileged user abuse is a common insider threat that leads to massive security incidents like data breache...

Discover Why Data Privacy Matters to Your Organization

Watch Now