Brian Krebs recently reported that an alarming number of organizations—including banks and healthcare providers—are leaking sensitive information due to a misconfiguration in Salesforce Communities.
The misconfiguration, which Varonis Threat Labs documented extensively in October 2021, gives unauthenticated guest users access to records containing social security numbers and bank account info.
Discover your weak points and strengthen your resilience: Run a Free Ransomware Readiness Test
What actions should you take?
Follow our step-by-step guide that gives Salesforce admins detailed steps to:
- Ensure your guest profile permissions don’t expose things you don’t want to be exposed (account records, employee calendars, etc.)
- Disable API access for your guest profile
- Set the default owner for records created by guest users
- Enable secure guest user access
If you want hands-on help, please ask our team to perform an automatic (and free) audit of your Salesforce instances to uncover this issue and many others.
How did this happen?
The issue is not due to a vulnerability in Salesforce’s app, but a configuration within each customer’s control.
Salesforce, like many other cloud service providers (CSPs), operates under the shared responsibility model. While the CSP is responsible for securing the underlying infrastructure and code, each customer is responsible for configuring their applications and data to ensure they are secure, monitoring user access, and maintaining compliance with regulations.
Misconfigurations providing pathways to critical data are not unique to Salesforce. Gartner notes that "through 2025, more than 99% of cloud breaches will have a root cause of preventable misconfigurations or mistakes by end users."
This isn’t the first, nor the last time a SaaS configuration will create a potential security incident. In the Great SaaS Data Exposure, our research team uncovered the massive complexity of SaaS permissions and configurations.
Ensuring SaaS security posture
It’s imperative that security teams assess SaaS exposure continuously with automation. Varonis can help secure your critical SaaS apps like Salesforce, Microsoft 365, Google, GitHub, and countless others:
- Discover and classify sensitive data
- Detect and respond to abnormal behavior
- Auto-remediate excessive permissions and sharing links
- Find and fix critical misconfigurations
- Mitigate third-party app and supply chain risk
Varonis also makes it easy for Salesforce admins to analyze and compare permissions, so they can quickly identify unnecessary and risky access.
We can even automatically identify and remove unassigned Profiles and Permission Sets, getting you to a least privilege model without interrupting users.
What should I do now?
Below are three ways you can continue your journey to reduce data risk at your company:
Schedule a demo with us to see Varonis in action. We'll personalize the session to your org's data security needs and answer any questions.
See a sample of our Data Risk Assessment and learn the risks that could be lingering in your environment. Varonis' DRA is completely free and offers a clear path to automated remediation.
Follow us on LinkedIn, YouTube, and X (Twitter) for bite-sized insights on all things data security, including DSPM, threat detection, AI security, and more.
