CLOUDTWEAKS CONTRIBUTOR PROGRAM

Join the CloudTweaks thought leadership contributor program which includes a customized profile, branded identity page, newsletter marketing, social amplification and more...

The program is currently available to consultants, influencers or executive level contributors.

harold-byun

Salesforce Gets Serious About Its Security Ecosystem

Security Ecosystem

Salesforce is one of the fastest growing enterprise software companies in history and while security is a major roadblock for many cloud projects, the company’s extensive security investments appear to be paying off. Salesforce is one of just 9.4% of cloud providers that store data encrypted and they support a wide range of security controls including IP address whitelisting, device pinning, and multi-factor authentication. If there’s a concern about data going to Salesforce’s cloud, it’s a concern about how users treat that data, not the integrity of the platform.

password

Under a shared responsibility model, Salesforce takes care of platform security, while customers are responsible for taking precautions to ensure their users don’t expose that data to risk. That means the end customer is responsible for ensuring their salespeople don’t download all the company’s sales contacts before quitting to join a competitor, or that users have appropriate application permissions that don’t give them access to data they shouldn’t be able to access based on their role at the company.

One of the primary concerns of companies with large Salesforce deployments is a rogue employee taking sales contacts when leaving the company for a competitor. One study found that half of employees took data with them when they left their job and 40% planned to use that data at their next job. Key indicators that something is amiss can include an employee downloading an unusual amount of data. Let’s say this employee typically views 50-100 opportunities each day, and then downloads a report with 1,500 opportunities. That could indicate there’s a problem.

Another threat faced today is the possibility that a user or administrator will sell sensitive data. A shocking survey recently found that 25% of employees would sell company data for less than $8,000. Many companies store a vast amount of sensitive data in Salesforce including customer credit card numbers, Social Security numbers, patient information, and other sensitive or regulated data. Even if a rogue employee is at fault, a company can still be fined and sued if this data is stolen.

Such “insider threats” are increasingly common. Skyhigh recently analyzed data across its customers and found that companies, on average, experience 9.3 insider threat incidents each month. Not all of these events are malicious, they also include users mistakenly sharing data when they shouldn’t. All told, 89.6% of companies experience at least one insider threat each month on average. Salesforce recognizes these concerns and is making investments to support the development of security solutions that help address these concerns.

To help support customers in identifying these types of negligent or malicious activities, Salesforce has made available new event monitoring APIs that provide a record of user and administrator activity within Salesforce. The volume of these events is enormous. In the most recent quarter, Salesforce’s core platform processed 234 billion transactions, including logins, edits, and downloads. That’s an average of 3.7 billion events each business day – quite the haystack to search for a few needles.

API Connect

For customers looking for unusual user or account activity, the sheer number of events in Salesforce would be impossible to manually review. In making these new APIs available, Salesforce is making a significant investment to support its security ecosystem to build solutions that help Salesforce customers understand and manage user activity. Also, these APIs provide a near real-time feed of events that can be captured by security solutions and archived, rather than forcing customers to go to their Salesforce account manager and request logs for a post-incident investigation.

Salesforce is already one of the most secure cloud services available. Owing to its investment in platform security, Salesforce is one of the 8.1% of cloud services that meet the security standards of enterprises today. With the introduction of new APIs to support third party security solutions that give greater visibility into usage and the ability to detect threats, the company is well positioned to continue its leadership position in the cloud market.

By Harold Byun

Harold Byun

Harold is currently VP of Product Management at Skyhigh Networks. Prior to Skyhigh, he worked at MobileIron where he focused on mobile application delivery and security. Prior to MobileIron, he led the product management group at Zenprise (acquired by Citrix), where he launched their mobile DLP product and cloud offering to market. He also worked with the Vontu/Symantec DLP group and is the co-inventor on a patent filed for security risk visualization and scoring.

View Website
The Lighter Side Of The Cloud - Pocket Money
The Lighter Side Of The Cloud - The Cloud Lecture
The Lighter Side Of The Cloud - Disaster Recovery
The Lighter Side Of The Cloud - The Migration Strategy
The Lighter Side Of The Cloud - Whoops!
ERP Ain’t Got the Same Soul, I Like that Old Time Rock ‘n’ Roll

ERP Ain’t Got the Same Soul, I Like that Old Time Rock ‘n’ Roll

Designing Enterprise Software around People Looking back, business owners talked to their customers and employees in person or by phone ...
Google Cloud Platform: Enabling APIs

Google Cloud Platform: Enabling APIs

Enabling Google APIs The Google Cloud Platform is a comprehensive tool that helps companies manage their IT resources. Completing software ...
CloudTweaks Q&A: How Smart Will Your City Be by 2025?

CloudTweaks Q&A: How Smart Will Your City Be by 2025?

How Smart Will Your City Be by 2025? What role does back end infrastructure play in connecting IoT devices? Probably ...
3 Steps to Better Security in the API Economy

3 Steps to Better Security in the API Economy

API Security Whenever you’re working online with the Internet, security is also a top concern. Any mistakes or lapse of ...
Critical Success Factors when shifting Workloads into the Cloud

Critical Success Factors when shifting Workloads into the Cloud

Shifting Workloads into the Cloud By 2020, 92 percent of all workloads will reside in the cloud. Yet challenges remain ...
3 Ways to Protect Users From Ransomware With the Cloud

3 Ways to Protect Users From Ransomware With the Cloud

Protect Users From Ransomware The threat of ransomware came into sharp focus over the course of 2016. Cybersecurity trackers have ...
Quantum Computing opens new front in Cloud!

Quantum Computing opens new front in Cloud!

Quantum Computing As the amount of data in the world is rapidly increasing, so is the time required for machines to ...
Data Vulnerability Tools

Data Vulnerability Tools

Provided is a list of popular data vulnerability tools to help your company keep an eye out for any security related exploits that you should be made aware of ...
Key Findings of the 2018 IDG Cloud Computing Study

Key Findings of the 2018 IDG Cloud Computing Study

IDG Cloud Computing Study The results of the 2018 IDG Cloud Computing study highlight how interest in the technology isn’t fading and a growing number of companies are embracing it or at least want to do so. The survey, which ...
The Developer’s Guide to Azure

The Developer’s Guide to Azure

Develop on a cloud platform designed for you. In this update of the Developer’s Guide to Azure, see how the comprehensive set of Azure app platform services fits your needs. Use it to navigate the architectural approaches and most common ...
Network Management Software Buyer Guide 2018

Network Management Software Buyer Guide 2018

This concise data-driven report covers the Network Management software landscape, as of August 2018. he 24-page report includes: Market Overview - Top 10 Network Management products in 2018, User reviews and vendor size data, In-depth look at the Top 3 ...
10 Prototyping Tools To Help Build Your Startup

10 Prototyping Tools To Help Build Your Startup

Prototyping Tools We are continuing this week by focusing on startup tools, tips and tweaks that will help you build, design, manage and market your way into the cloud based business that you want to be. Last week we offered a ...
Business Analytics Vs Data Science

Business Analytics Vs Data Science

Big Data Continues To Grow Big Data continues to be a much discussed topic of interest and for good reason.  According to a recent report from International Data Corporation (IDC), "worldwide revenues for big data and business analytics will grow ...