Below, you’ll find the three most critical path items to ensuring the security framework “who sees what” can be extended.
Classify Data to Abide by Relevant Regulations
It is essential to identify and categorize sensitive data within your business before expanding the Salesforce security framework. You can prioritize protection efforts and comply with relevant regulations such as GDPR or CCPA with clear categorization.
Once you have categorized the data, it is recommended that you implement a granular tagging system to label different types of data based on their sensitivity levels. This tagging system helps you have accurate control over data access based on user roles and permissions.
Prevent Security Risks Through Data Encryption
Encryption of Salesforce data, both at rest and in transit, is an essential security measure to protect it from unauthorized access. While Salesforce offers encryption capabilities, adding an extra layer of security by extending this measure to an off-platform copy is highly recommended. Implementation of end-to-end encryption ensures that the data remains unintelligible without the encryption keys in the event of unauthorized access.
Establishing key management practices that securely generate, store, and rotate encryption keys ensures that only authorized individuals can access sensitive data. This prevents potential vulnerabilities and ensures that sensitive data is not compromised.
Set User Access Controls to Limit Access to Data
To better secure access to Salesforce data, utilizing the off-platform copy of the data is recommended to implement fine-grained access control mechanisms. This will enable administrators to precisely define who can access specific datasets based on roles, responsibilities, and business needs. For this purpose, they can employ role-based access control (RBAC) and attribute-based access control (ABAC) frameworks.
Additionally, it’s important to enable comprehensive audit trails and monitoring capabilities to track access to Salesforce data, both on the platform and off-platform. Real-time monitoring can alert administrators of any suspicious activities, enabling them to take immediate action to mitigate potential threats.
While Salesforce offers robust security features, augmenting its framework with an off-platform copy of data enhances control over “who sees what” within your company. By classifying, encrypting, and implementing precise access controls, you can improve your Salesforce security posture and protect sensitive information from unauthorized access. This proactive approach not only mitigates risks but also instills confidence among customers and stakeholders in your business and seeds your commitment to data security and privacy.
Join us each Thursday for more episodes of Radical Transparency as we show you how to harness Salesforce data for unparalleled growth and innovation. In addition, we would love to hear from you if you are looking for a fast, easy, and highly secure way to protect your Salesforce data & metadata! Contact an SFDC data expert or join us on LinkedIn, YouTube, or Twitter.
Video Transcription
Welcome to Radical Transparency, my name is Ted Pappas.
And in this video series we’ll talk about why having a Salesforce backup off-platform is critical to your business.
And we’ll work under the Salesforce framework of equal education. My goal in this series is really, really simple. It’s to make sure that everyone in the Salesforce community is equally educated in the art of possible with Salesforce data off-platform.
And today, we’re going to talk about topic that we get across every category of customer, whether they’re SMB, mid-market, or enterprise customers. And for our customers in the most highly regulated environments, this is a topic we get all of the time.
And it is this thing called Salesforce security framework. For four-tier security model, the four tier security model inside platform does not apply to data outside of platform. So outside of the platform, you really have one option, you have more than one option, I’ll tell you the second, but the primary option is to control the data, or secure the data on the edge of the data model, which means everything inside the data model is rendered useless because it’s open to everybody.
But if you want to make usefulness out of the data inside the data model, outside of the force.com platform, you can still use the framework, the Salesforce framework of who sees what, for data out a platform. So you can do three things with the data. You can classify it, you can encrypt it.
And you can also apply user access controls for data out of platform under the Salesforce “who sees what” security model.
So you may be thinking now, what does this mean for our business. And it means, it really means, two things, but I’ll say it in a single sentence. It means your GRC teams, your governance, risk and compliance teams, they can regulate what humans have access to the data.
And equally as important, maybe even more important, you can apply access controls to the robots that had access to critical and sensitive data as it flows through your enterprise data fabric. So whether you need to classify, encrypt or control the data under the Salesforce framework of “who sees what.” So your GRC teams can control humans and robots.
For user access controls for encrypting that data at rest as it moves through the enterprise data fabric, CS:Govern you should explore.
So again, my name is Ted Pappas. I’m the CEO of CapStorm. Please visit us at capstorm.com Or please find me on LinkedIn. I’d love to see you back here next Thursday for another episode of Radical Transparency. And thank you very much.
