Learn real-world cyber security skills directly from top industry experts during SANS Live Training events. Explore options.


To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Sorry, the slides for this webcast are not available for download.

Shared Responsibility of Salesforce Security

  • Friday, April 03, 2020 at 1:00 PM EDT (2020-04-03 17:00:00 UTC)
  • Dave Shackleford, Pete Thurston


  • RevCult

You can now attend the webcast using your mobile device!



Salesforce security and compliance is a Shared Responsibility and you, the end-customer need skin in the game. Salesforce is a PaaS, and its compliance with regulations like HIPAA, PCI, HITRUST does not flow down to your compliance unless you (or your SI) configures the security controls correctly. It starts with anaccurate assessment of your current state to inform your actual risks and then prioritized daily, weekly, and monthly remediation plan to reduce risk. Well review some interesting statistics based on the Salesforce Security Risk Assessments RevCult completed in 2019 along with a checklist of actions you can take to complete your own assessment. We'll also discuss specific things you should be doing today to ensure your Salesforce security controls given current situation and rapid expansion of your remote workforce (eg. IP restrictions, user authorization, etc.)

  •    Average production instance of Salesforce has over 1000 fields of sensitive data
  •    Average production Salesforce Org has 13 methods of access which bypass Create, Read, Update and Delete permissions
  •    66% of organizations using Apex do not follow secure coding practices
  •    86% of all users have Read and Edit access to sensitive data

Speaker Bios

Dave Shackleford

Dave Shackleford, a SANS analyst, senior instructor, course author, GIAC technical director and member of the board of directors for the SANS Technology Institute, is the founder and principal consultant with Voodoo Security. He has consulted with hundreds of organizations in the areas of security, regulatory compliance, and network architecture and engineering. A VMware vExpert, Dave has extensive experience designing and configuring secure virtualized infrastructures. He previously worked as chief security officer for Configuresoft and CTO for the Center for Internet Security. Dave currently helps lead the Atlanta chapter of the Cloud Security Alliance.

Pete Thurston

Pete Thurston has spent over 15 years at the intersection of Business and Technology. Informed through opportunities to wear many different hats (often at the same time), he’s discovered his passion is really in identifying elegantly simple solutions to the business and technology problems all companies face. He has driven the leadership of the technology team as Chief Product & Solutions Officer at RevCult since Day One. Pete has also had the privilege of being a guest speaker and blogger for multiple publications, including Dreamforce, a variety of SFDC “Dreaming” events,and leads RevCult’s Security & Governance webinar series.

Need Help? Visit our FAQ page or email webcast-support@sans.org.

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.