Salesforce is the lifeblood of many organizations. One of its most valuable assets-the data inside-is also its most vulnerable. With countless permission and configuration possibilities, it's easy to leave valuable data exposed.
That, coupled with the fact that most security organizations aren't very familiar or involved with Salesforce's administration, opens organizations up to massive risk.
Here are five things every security team should know about their Salesforce security practices to effectively gauge and reduce risk to data.
Get a Free Data Risk Assessment
5 Questions You Should Ask:
1. How many profiles have "export" permissions enabled?
Exporting data from Salesforce makes it a lot easier for someone to steal information like leads or customer lists. To protect against insider threats and data leaks, export capabilities should be limited to only the users who require it.
2. How many apps are connected to Salesforce via API?
Connected apps can bring added efficiency to Salesforce, but they can also introduce added risk to your Salesforce security.
If a third-party app is compromised, it could expose internal Salesforce data. You should know exactly what's connected to your Salesforce instance and how to ensure that connection doesn't expose valuable information.
3. How many external users have access to Salesforce?
External users, like contractors, are often granted access to Salesforce. Surprisingly, 3 out of 4 cloud identities that belong to external contractors remain active after they leave the organization.
Salesforce security teams should ensure all contractors are properly offboarded from all SaaS apps to prevent data from being exposed.
4. How many privileged users do you have?
Privileged users have a lot of power within Salesforce. They can make configuration changes that have dramatic effects on how information can be accessed and shared.
Salesforce security teams need the ability to audit privileged users, be notified when changes are made, and understand exactly what changed to assess risk.
5. Are your Salesforce Communities exposing internal data publicly?
Misconfigurations are one of the easiest ways to unintentionally expose sensitive data. For security teams that aren't intimately familiar with every configuration within Salesforce (of which there are many!), it's easy to miss critical gaps.
Check to see if settings for Salesforce Communities, meant to share information with customers, are inadvertently making data accessible to anyone on the internet.
Improve your Salesforce security with DatAdvantage Cloud
With Varonis DatAdvantage Cloud, it's easy to answer these and other critical security questions about Salesforce and other SaaS apps in your environment, like Google Drive and Box.
DatAdvantage Cloud keeps valuable data in Salesforce secure by monitoring access and activity, alerting on suspicious behavior, and identifying security posture issues or misconfiguration.
Get answers
Want answers to these questions for your environment? Schedule a 1-1 engineer-led risk assessment of DatAdvantage Cloud for free.
What should I do now?
Below are three ways you can continue your journey to reduce data risk at your company:
Schedule a demo with us to see Varonis in action. We'll personalize the session to your org's data security needs and answer any questions.
See a sample of our Data Risk Assessment and learn the risks that could be lingering in your environment. Varonis' DRA is completely free and offers a clear path to automated remediation.
Follow us on LinkedIn, YouTube, and X (Twitter) for bite-sized insights on all things data security, including DSPM, threat detection, AI security, and more.