Salesforce is at the center of many organization’s mission-critical applications and has become the primary database for storing sensitive information. Data such as prospect and customer information, financial information, and your company’s own proprietary knowledge can be accessed around the clock by different devices.
With vast amounts of sensitive data at risk, many Salesforce customers are pursuing additional security and governance controls to protect their data. Sure, your IT team has implemented policies and best practices across the organization, but how are you holding individuals accountable and ultimately securing your Salesforce Instance?
In this webinar, FairWarning’s Senior Product Marketing Manager Mike Mason walks you through the business challenges most Salesforce customers are facing and how they are resolving these concerns. You will also hear from FairWarning’s Salesforce Administrator Tommy Strickland, who will discuss how he manages security and governance controls in FairWarning’s own Salesforce Instance.
Risky Insiders are the Biggest Threat to Confidential Information
Repeatedly, research has found that insider threats continue to pose the biggest security risk. According to the 2018 Insider Threat Report conducted by Crowd Research Partners, 90% of surveyed organizations felt vulnerable to insider threats. Of those insider threats, Regular Employees (56%), Privileged Users (55%) and Contractors (42%) posed the largest concern for respondents.
In regards to Healthcare, the Verizon 2018 Protected Health Information Data Breach Report published that 58% of breaches involved insiders. With more than half of breaches stemming from insider threats, it’s important to implement and follow up on Data Governance and Security across all applications – including Salesforce.
Data is no longer just an IT asset – it is a core strategic asset, and some types of data are more valuable than others. Security professionals believe that the data most vulnerable to insiders fall into three top categories:
- Confidential Business Information – financials, customer data, employee data
- Privileged Account Information – credentials, passwords, etc.
- Sensitive Personal Information – PII, PHI
Knowing who is a threat to your data is only half the battle. It’s also important to understand what they are doing to put your data at risk. Are they logging in from a restricted IP address? Are they exporting data? Do they have access to data they shouldn’t have access to? In the next section, we will look at the different ways to monitor for insider threats.
Two Paths Forward: Options for Proactively Monitoring Insider Threats
Your Salesforce Instance can be complicated. With hundreds of users, multiple admins, sandboxes, community portals, customized data structure – the list goes on. So where do you start to monitor for accidental or malicious activity?
Out of the box, Salesforce allows you to track log files related to recent setup changes made by administrators and data changes recently made to fields. It is through View Setup Audit Trail that you can track all metadata changes including objects, layouts, fields, and pages. With the Field History Tracking, you can track changes made to field values in records within the respective object.
Or, with an additional purchase of Salesforce Shield – specifically the Event Monitoring product – you can track even more log files showing detailed usage data of all Salesforce apps. This data is integral to helping Salesforce customers troubleshoot and optimize performance, increase adoption of new capabilities, and address compliance by monitoring access to business-critical data.
In either case, FairWarning for Salesforce instantly creates security and governance monitoring for your Salesforce Instances. By leveraging the log files produced by Salesforce, FairWarning detects and alerts on changes in your Salesforce org while simultaneously protecting against insider threats.
Monitoring Privileged Users and Login Access
Privileged users have credentials that give them the keys to the kingdom, which in this case is your Salesforce. Sometimes these users are your Salesforce administrators and other times they can be management or senior associates. In either case, it is important to monitor their activities to ensure security, compliance and overall application functionality.
Monitoring login activity can shed a light on who is accessing your application, when and where. By monitoring login access, you can prevent logins from restricted locations, hours or IP addresses, and detect browsers or applications with known security vulnerabilities or out of date versions.
Abnormal User Behavior and Compliance Regarding Access Controls
For a more robust security program, you will want to monitor for abnormal user behavior, change in security controls, and tracking trending activity over given periods of time to help prevent data exfiltration and data theft. With this information documented, you can also conduct a forensic investigation of your organization’s Salesforce users, giving you a full picture of the activities conducted throughout your instance.
By monitoring privileged users, login access and abnormal user behavior, you are more equipped to satisfy state, federal, and global regulations regarding access controls and monitoring access. In addition, you are able to automate your compliance process and hold your associates accountable for their activity in Salesforce. In return, the sensitive data and confidential information in your Salesforce instance are more secure.