7 ways to secure your Salesforce instance
Do you use a secure password for your email account? Do you log in to your bank account only from trusted wi-fi network? Those are the examples form your day-to-day activities to keep your personal information and money safe. The same process applies to Salesforce. However, the security of the application is the combination of business and IT effort to keep data and users safe. I will show you 7 ways to secure your Salesforce instance. This will help you check the security health and apply missing items in your projects.
Login IP Ranges
Known by all Salesforce administrators and developers however sometimes forgotten and undervalued.
Setting up Login IP Ranges will help Salesforce instance be aligned with internal security restrictions and allow your users to log in to the instance only from the specific network settings. (VPN, company local network).
Although Business people are the real owners of the Salesforce instance, IT people give and set up access for domain users. When we have established trust between IT and business we are willing to give more access than we should to improve performance. This might have great results, but we should keep an eye on how many users with privileges like System Administrators you have created. One system admin can create another one and so on. System Administrator privileges should be restricted to the minimum number of users, so you can keep your instance clean and without any surprises of configuration.
Multi-factor authentication & password policies
I was thinking that using multi-factor authentication is only reserved for security freaks. However, I realized that creating secure passwords and changing them regularly is not an easy task for technical people, so how difficult it need to be for business?
People are using many applications not only for work but also privately. The majority is using the same password between platforms. Multi-factor authentication with email or Salesforce app can give your users additional security. When you will combine it with restricted password polices and expiration time – your users will be safe.
Keep your credentials safe
Have you ever seen hardcoded credentials to the external system in the code? I hope no. I also hope that you already know where we should store credentials. Salesforce provided predefined key storages where you can store credentials and easily use them.
The easiest way to store Salesforce credentials is a feature called Named Credentials. You can easily access username/password or setup oAuth2 in the Apex code and no one will be able to see them after you save the record (even you).
SOQL Injection prevention
One of the most common mistakes in a custom development is SOQL Injection. You can easily protect your code from unauthorized execution using simple methods like static queries with bind variables or String.escapeSingleQuotes() method. If you want to know how SOQL injection works please check this link.
Store protected data in encrypted fields
Imagine your users providing credit card number or social security numbers. How can you store those values securely in Salesforce? Great! Not String fields for sure 🙂 we should use encrypted fields which are using secure AES encryption method to store values to the database.
Data encryption is a very complex process and Salesforce is providing great capabilities which allow you to encrypt Einstein Analytics data, Files, Event Bus Data and much more, but we will go into details in the future posts.
When your company have extremely high restrictions about security or need to be aligned with regulatory compliance requirements – it’s time for you to use Salesforce Shield. You should know who and when download reports with sensitive data. You should also allow only specific users to get access to this data by applying security policies. Salesforce Shield is paid solution, so when you need to have 1 custom field encrypted – you can use classic free encryption.
I will recommend you to treat „7 ways to secure your Salesforce instance” as the quick health check of your Salesforce org. This will give you confidence that your users are safe using Salesforce.