In late 2024, Salesforce introduced Agentforce, a platform that allows businesses to easily build and deploy autonomous AI agents to automate business processes using Salesforce tools like Workflows, Apex code, and Flows. These AI agents can connect to enterprise data and take actions across sales, service, marketing, commerce, and other functions.
For example, Agents can use sales data, prospect information, calendar data, and email functionality to help sales reps reach out to prospects, schedule meetings, and recommend products and services that prospects are most likely to buy.
Agentforce agents inherit the permissions of the users who run them, so if users have excessive access, agents can expose sensitive data.
Imagine a service appointment scheduling agent that mistakenly allows users, or even the public, to view, modify, or cancel other people's appointments. This could lead to unauthorized access to confidential information such as pricing information, order details, and personally identifiable information (PII) like payment information, home addresses, and birth dates.
Salesforce provides a combination of Profiles, Permission Sets, and Roles to define each user’s access to objects, fields, and individual records. However, Salesforce employs a shared responsibility model to secure data and access.
This means that Salesforce customers are responsible for ensuring that (1) only authorized individuals have access to their instance and (2) each authorized user only has access to the data they need. Organizations with over 100 Salesforce users, usually find it hard to determine who has access to what data and what they can do with their access.
Consider a financial institution with several dozen users who were unintentionally given permissions to view, export, and delete all data. (Note: this isn’t a hypothetical example. We see cases like these in our work all the time.)
Without first remediating these misconfigurations, deploying Agentforce could have disastrous consequences. If one such user builds an AI agent whose intended purpose is to identify cross-sell opportunities based on customers’ financial data, this agent could inadvertently export the entire customer database (complete with the most sensitive information like social security numbers, transaction histories, credit scores, loan application details, and supporting documents) into a third-party analytics engine.
An AI agent designed to reconcile payment gateway transactions with Salesforce order records may unintentionally retrieve all transactions due to excessively broad data viewing permissions. Additionally, the agent might accidentally modify transaction details and system audit logs because of overly permissive data editing rights.
Before Agentforce and other AI technologies, misconfigurations could remain hidden for years. However, once AI is deployed, it will process and analyze every piece of data it can access, so all misconfigurations and access paths will likely be discovered and exploited, whether intentionally or unintentionally.
To safely deploy Agentforce, organizations must make sure that they (1) identify all sensitive data throughout their Salesforce instance, (2) ensure that users can only access the data they need, and (3) ensure that access rights are never misused.
While Salesforce object and field names indicate which data is sensitive, there can be files, attachments, free-text fields, and objects and fields that are not clearly labeled and classified that also contain sensitive or highly regulated data like PII, PHI, or PCI. This means you can’t rely on object and field names alone to identify sensitive data and must scan your entire Salesforce instance instead.
Salesforce's access model is identity-centric, meaning a user's profile and assigned permissions determine that user’s access. However, reviewing each user's access individually is not scalable and is likely impractical. Instead, start by identifying all your sensitive data in Salesforce, determine who can access it, and right-size permissions so that only the users who need to access that data have permissions to do so.
The majority (57%) of data breaches involve stolen identities, so companies must have a way to analyze user behavior across all systems to ensure that access rights are only being used for legitimate purposes.
Varonis empowers security teams and Salesforce admins to identify sensitive data, right-size access to that data, and prevent unauthorized activity in Salesforce and other SaaS apps. Our Unified Data Security Platform makes it simple for organizations to answer critical questions such as:
Varonis offers organizations complete security, visibility, and control over sensitive data in Salesforce and their entire SaaS app portfolio, delivering the key capabilities required for a safe Agentforce deployment. Specifically, Varonis can help:
To protect your sensitive data, you must be able to manage where it lives, who can access it, and how it's being accessed and edited, and only Varonis provides you all of these critical capabilities in a single platform.
If you’re curious to see what risks may exist in your Salesforce environment, a free Salesforce Data Risk Assessment is the best way to get started. In less than 24 hours, you’ll have a clear, risk-based view of the data that matters most and a clear path to automated remediation.