Shared Responsibility of Salesforce Security

  • Webcast Aired Friday, 03 Apr 2020 1:00PM EDT (03 Apr 2020 17:00 UTC)
  • Speakers: Dave Shackleford, Pete Thurston

Salesforce security and compliance is a Shared Responsibility and you, the end-customer need skin in the game.'salesforce is a PaaS, and its compliance with regulations like HIPAA, PCI, HITRUST does not flow down to your compliance unless you (or your SI) configures the security controls correctly. 'It starts with anaccurate assessment of your current state to inform your actual risks and then prioritized daily, weekly, and monthly remediation plan to reduce risk. 'Well review some interesting statistics based on the Salesforce Security Risk Assessments RevCult completed in 2019 along with a checklist of actions you can take to complete your own assessment. 'We'll also discuss specific things you should be doing today to ensure your Salesforce security controls given current situation and rapid expansion of your remote workforce (eg. IP restrictions, user authorization, etc.)

  • Average production instance of Salesforce has over 1000 fields of sensitive data
  • Average production Salesforce Org has 13 methods of access which bypass Create, Read, Update and Delete permissions
  • 66% of organizations using Apex do not follow secure coding practices
  • 86% of all users have Read and Edit access to sensitive data