Best Practices for Enhancing Salesforce Security

November 25, 2022

All SaaS applications invariably have their own strong security measures. However, the strength of any security feature is only as good as how well it is used or configured. This is where adherence to best practices helps.

Here are 10 tips on best practices that should be adopted by companies deploying Salesforce for ensuring information security -

1.Set strong password policies

There are 3 essentials of a strong password security policy -

  • Password expiry – Salesforce recommends password expiry of no more than 90 days.
  • Password complexity – Admins should mandate the use of a mix of alpha-numeric and special characters.
  • Password length – Salesforce suggests a minimum password length of 8 characters.

2.Enable Multi-Factor Authentication (MFA) for all users.

This reduces the risk of unauthorized access. MFA helps add another layer of user identity verification on attempting to log in. The first factor is the username and password and the second factor is based on a verification code. This can be validated using an authenticator app (on the phone) or typing in the security key shared over email.

3.Limit session time

Users sometimes do not log off and leave their computers unattended. By automatically closing sessions that are inactive for a period of time, the risk of unauthorized access is minimized. While Salesforce default timeout is 2 hours, you can set this for a shorter duration like 30 minutes.

4.Enable Salesforce Shield

Salesforce Shield is a family of 3 add-on tools -

  • Platform Encryption - This is integrated with most key features of Salesforce such as search, lookups, validation rules etc. Your sensitive data is encrypted while at rest. Salesforce application functionality remains intact. 
  • Event Monitoring - This tool continuously monitors the detailed performance, security, and usage of your Salesforce apps. This not only helps in monitoring the security policy compliance but also helps to understand user adoption across your apps, and to troubleshoot and optimize application performance.
  • Field Audit Trail - This allows you to track changes to your data for up to 10 years. Further, it also reports on its value and state with reference to time. This helps in forensics and delivers greater operational insights.

5.Run Health Check periodically

This helps you to identify and fix potential vulnerabilities in your security settings. You can monitor the strength of your security policies by comparing your security score against a security baseline standard (Salesforce Baseline Standard).

6.Restrict application login based on IP range

This forces the users to log in to Salesforce from a pool of specified IP addresses only. Administrators can specify this range of permitted IP addresses. Any login attempt from any other IP address is denied.

7.Setup Field Audit Trail

Field Audit Trail allows you to track a variety of both standard and custom objects (up to 60 objects and 20 fields per object) and helps in enforcing stringent audit requirements for your Salesforce org.

8.Configure object level security

You can specify the base-level access to create, read, edit, and delete records for each object. You can manage object permissions using permission sets and profiles.

9.Set field level security

You can control which user profiles can view, edit, and save information on specific fields within your org. 

10.Define record level access rules

You can manage record permissions by using the Organization-wide sharing settings, defining role hierarchies and creating sharing rules. This will determine the records a user can access.

And all this needs to be done on a regular basis. It is NOT a one-time exercise!

Please keep in mind that protecting your data is the joint responsibility between you and Salesforce. Salesforce empowers you with a lot of security tools. You need to be vigilant and diligent enough to apply them. 

Over configuring security rules can impact user productivity. So you need to tread the fine line between maintaining the sanctity of your data and enabling users to work efficiently.

Just in case you are a bit paranoid about the security of your information within the Salesforce environment, we at SK have a specialized service for enhancing Salesforce security. 

Let’s build something amazing together