Five Salesforce Data Security Considerations for 2020
Every year as the clock strikes midnight and calendars flip to a new year, the same things always happen: Resolutions are made, changes are promised, and we reflect on the past, looking for hidden meaning and insights to guide us in the new year.
As a Salesforce Partner, I work with a number of companies at different stages of their life cycle. Whether it is with the consulting side of CloudKettle, or via our Salesforce monitoring tool SafeGuard, it has provided me with a well-rounded perspective on how businesses are interacting with the Salesforce platform over the past year.
As such, over the holidays, I decided to reflect on some of the insights I was able to gather from the various companies I was lucky enough to engage with. When thinking back on the year, a hot topic from 2019, and more than likely 2020, was data security. With customers trusting businesses with more and more personal information, stringent rules need to be in place to ensure privacy and data protection.
Thinking back on that topic, in no particular order, here are the top 5 trends on data security from 2019 that everyone should keep in mind as we head into 2020:
Monitor Applications with Salesforce Access
Integrating 3rd party applications with Salesforce is one of the most powerful ways to take your business to the next level. But do you know which apps are accessing your Salesforce data?
Many companies have an approved list of applications that can access their Salesforce data. With the popularity of applications allowing users to OAuth their Salesforce credentials with a 3rd party application, though, it’s important to continuously check which software has access to your Salesforce data. This will ensure you’re only granting access to necessary applications.
Use an Integration User to Manage Integrations
When setting up an integration between Salesforce and another platform, an Integration User should always be used. Many of the reasons why this role is vital are outlined in the blog post, Why You Need a Dedicated Salesforce Integration User, but it comes down to security and the need to have a Salesforce gatekeeper on your team.
Check Sharing Rules/Permission Sets as Your Company Evolves
One of the great things about Salesforce is its ability to scale. As a company continues to grow in size though, the data sharing rules of the company also continue to change.
Many smaller companies have an open culture where everyone can access everything. But as a company grows into hundreds and then thousands of employees, the sensitivity of data also evolves, and there is a real need for tighter permissions.
Revisiting your company’s sharing rules on a quarterly or semi-annual basis ensures that the regulations you have in place match your current needs.
Activate Two-Factor Authentication or Single-Sign On
Adding additional security to the log-in process of Salesforce ensures that only the people who should have access do have access. Whether it is activating Two-Factor Authentication or Single-Sign On, providing an additional layer of security in the log-in process is always a smart idea for protecting your data.
Limit Salesforce Accessibility
For complete control of when and where your Salesforce data is being accessed, setting Salesforce Login IP ranges and/or Salesforce Login Hours might be an option. Setting these allows you to control where users can log into Salesforce and during which time window that data can be accessed.
These are just a couple of the key trends that I have noticed but would love to hear from you on others that you have seen. Either leave me a comment or send me a message as I'd love to connect and discuss.
