When a company adopts Salesforce as its CRM of choice, they’re putting a whole lot of trust in Salesforce.
A CRM hosts all kinds of important data that needs to be kept confidential and secure — financials, contact information, contracts, campaign data, and so on.
And, as Salesforce itself admits, the intangible Cloud doesn’t strike most people as being well-guarded:
“To the untrained eye, the cloud can seem like an open bank vault just waiting to be robbed. After all, it’s basically a massive database of sensitive information, and in the digital age, information is worth its virtual weight in gold. As such, it seems obvious that if you want to keep your data safe, you keep it where you can protect it — that means on-site and away from the cloud. But is there any truth to this assumption?”
The answer: nope.
As the number-one CRM in the world, Salesforce can’t afford to take chances with your data. And 150,000 companies using Salesforce can’t be wrong.
So how does Salesforce keep your data secure?
Let’s take a look at how Salesforce security works.
Extensive Monitoring and Transparent Reports
Salesforce and its various platforms are built to be as secure as possible, but Salesforce is constantly monitoring the security and performance of its systems, looking for possible threats or disruptions.
To give users as much information as possible, Salesforce provides real-time monitoring of system performance and security, on a microsite dedicated solely to security: trust.salesforce.com.
The trust site offers up-to-the-minute data on a variety of Salesforce platforms and provides alerts for any new and recent phishing and malware attempts. Email alerts are also available for maintenance and service disruption notifications.
Advanced Authentication and Encryption
Salesforce uses the latest Transport Layer Security (TLS) for authentication and encryption. TLS, the most widely used security protocol in the industry, protects the privacy and integrity of data as it moves between two communicating applications.
Earlier this summer, Salesforce extended its mandated use of the latest TLS to its users. It now requires that organizations use the newest TLS for its connected users and integrations if they want to continue connecting to communities, sites, partner app exchanges, and so on.
Salesforce is certified to comply with many international security standards, including PCI DSS, FISMA, ISO/IEC 27001:2005, SAS 70 Type II, SysTrust, and Eu-US and Swiss-US Safe Harbor.
Protection Against Unauthorized Access
Saleforce offers user organizations effective ways for making sure that only designated people can access their CRM.
One such way is the implementation of Login IP Ranges. Organization admins can define permitted IP addresses, like those of a corporate network and VPN, and limit Salesforce access to users signing in from those specific addresses. These ranges help ensure that unauthorized users can’t easily “hack” into your Salesforce.
Another tool: two-factor authentication. This is an optional setting that organization admins can choose to implement. Once it’s active, all users will need to have log-in credentials and a second authentication element (for example, by verifying their identity with the Salesforce Authenticator app). If they don’t have both elements, they will not be able to access Salesforce.
Extensive Education
Companies using Salesforce play a crucial role in keeping their own data safe and secure. Salesforce does offer its own top-notch security, but clients also need to make use of security tools and best practices to make sure they’re protected. Trust.salesforce.com is a rich resource for all Salesforce users. It offers in-depth guides and security training, for admins, users and developers.
Salesforce Shield
Salesforce launched Salesforce Shield in July 2016 and immediately attracted a lot of buzz. It helps developers from client organizations add extra security to apps built with AppCloud, Salesforce’s enterprise suite of tools for creating connected custom apps for Salesforce.
Salesforce Shield provides the ability to monitor app and data use, to encrypt sensitive data and to automate security policies.
Want to know more Salesforce security? Let’s chat.