Have you ever wanted to know what your Salesforce users are clicking on? Have you ever needed to know what files your employees are downloading? Normally, uncovering this information is challenging if not impossible, but Salesforce’s Event Monitoring logs shine a light on the otherwise unclear activities happening in your Salesforce instance.
Introduced by Salesforce in 2014, Event Monitoring records and delivers robust user activity data on a regular basis that can be used to inform your Salesforce security and privacy, auditing, usage, performance, and compliance.
Salesforce security options
In addition to Event Monitoring, Salesforce has historically offered features that allow customers to audit and understand the state and health of their org, including:
- Field history tracking
- Setup audit trail
- Debug logs
- System overview
- API usage
- Custom object usage
- Forensic investigations
- Login history
Even with these features, Salesforce identified a monitoring gap that Event Monitoring was custom-designed to fill. As a customer-friendly solution, Event Monitoring addresses a multitude of use cases and has transformed the security possibilities in Salesforce.
What value does Event Monitoring provide for financial services?
If you’ve ever been interested in tracking who did what, when they did it, where they did it from, how frequently they did it, and how quickly they did it in your Salesforce instance, you might be a Salesforce Admin, a CISO, or an IT Director who wants to enhance security or measure your Salesforce ROI. Regardless of your role, Salesforce Event Monitoring logs make it possible to improve nearly every aspect of your organization’s Salesforce usage. User activity monitoring solutions that double as data visualization tools can digest the raw, unreadable event logs provided by Event Monitoring to deliver detailed, actionable insights, allowing you to easily audit every aspect of your Salesforce instance.
Financial services utilize Salesforce to:
- Manage sensitive client information
- Track performance and fee data
- Store LP information
- Monitor account and proceeds disbursement
The stakes of not protecting this sensitive data are high – competitive loss, reputational damage, regulatory compliance, and the integrity of sensitive customer information are all top of mind when it comes to the risks associated with having such valuable data in one location.
Fortunately, the security of the Salesforce platform is robust. However, even though you can enable sharing rules and protection around chatter, it’s ultimately possible for someone to pilfer data with malicious intent, or even inadvertently to share their session ID with a third-party hacker. Insider threats are one of the most serious threats to Salesforce security, and user activity monitoring using Event Monitoring can identify internal risks by tracking every transaction in detail.
Why audit your Salesforce instance?
Organizations, especially those in the financial services industry, regularly audit applications like Salesforce to ensure they’re secure, effective, and a valid investment. Salesforce is a mission-critical application for thousands of organizations across the globe, many of them banks, credit unions, investment groups, insurance companies, and other financial services. Within those organizations, employees, partners, and customers in the form of users all interact within the same org. Therefore, whether it’s for privacy, security, compliance, or all of the above, tracking who did what, when they did it, where they did it from, and how frequently they did it is essential for preventing potential data breaches.
It’s also important for organizations to audit for compliance, adoption, troubleshooting, or performance monitoring for Visualforce pages and apex classes. Once you have this data, courtesy of Salesforce Event Monitoring logs, you can use visualizations to explore and analyze the data.
Event Monitoring use cases
Every interaction for a user – from the time they click into a tab, go to export a report, or even API transactions – is visible and clear once examined from the event log files. The top use cases for Event Monitoring include:
- Activity – Track detailed user activity including location, IP range, browser, and application information.
- Adoption – Monitor adoption of applications and the success of IT initiatives while gaining deeper insight into how people are using Salesforce and the investment value of your projects.
- Audit – Identify and act on anomalies in user behavior; identify what’s normal, what isn’t.
- Performance – Trend performance of your users and your Salesforce instance.
By pulling the raw Salesforce Event Monitoring logs into a visualization tool, you can turn the unreadable data into easily digestible, action-oriented insights. The information contained in the logs can help facilitate discussions with developers to identify what in your org needs to be fixed and how to fix it. Plus, the insights can help automate admin tasks and improve workflow.
Reading Salesforce Event Monitoring logs
The attributes all log files have in common that enable admins and InfoSec to obtain an in-depth look at the state of their Salesforce org include:
- Who (“USER_ID”)
- What (“EVENT_TYPE”)
- Where (“CLIENT_IP”)
- When (“TIMESTAMP”)
- How long (“RUN_TIME”)
These attributes can be used to inform your performance, adoption, security, and compliance postures.
The introduction of Event Monitoring helped fill a critical security gap in the form of much-needed user activity monitoring. While drivers may vary across industries – regulations, preventing data theft, user adoption – what every organization has in common is the need to secure sensitive data and to track activity at a user-centric level. With its ability to extract log files and deliver them on a regular basis, Event Monitoring helps eliminate day-to-day challenges for Salesforce Administrators while also reducing external and internal threats.
To begin using your Salesforce Event Monitoring logs, contact your Salesforce Account Executive; they’ll help you set up the program and start receiving your first batch of detailed event log files.