Answering 4 Common Salesforce Cloud Security Questions

“Data security” — the technology buzzword no business leader likes hearing. High-profile stories about consumer tech privacy and data confidentiality

3 min. read

“Data security” — the technology buzzword no business leader likes hearing.

High-profile stories about consumer tech privacy and data confidentiality have been all over the news, and these stories never bring good press to the companies involved. From Facebook’s potential misuse of user data to Equifax’s data breach in 2017 that exposed 147 million Americans’ sensitive information, the stories all end in similar ways: Regulatory and civil penalties, dips in company valuation and/or loss of public trust. The companies involved in these incidents include some of the biggest names in each industry: Sony, Target, Yahoo, Adobe...

The list goes on.

In the wake of these revelations, businesses, consumers and regulators alike are more conscious than ever about their data security. The EU, for example, begins enforcing new regulations on its citizens’ data, GDPR, on May 25th, 2018.

Given this atmosphere of increasing threats and scrutiny, companies are understandably concerned about storing their data on cloud platforms like Salesforce. As a consultant, I’ve had multiple clients ask me about Salesforce cloud security and how it protects them from threats. Here are the most common questions I hear — and how I respond to each.

The 4 Most Common Questions About Salesforce Cloud Security


1. “How does Salesforce protect its servers?”

This question speaks to the darkest fear of business leaders using Salesforce: “Even if I’m as secure as possible, what if Salesforce’s servers are compromised?” Here, it helps to know that Salesforce understands the sensitivity of the data its servers hold and takes every precaution to build an industry-leading cybersecurity system.

Salesforce’s security protocols include (but aren’t limited to):

  • Securing their data centers with bullet-resistant walls, closed-circuit television coverage and manned guard stations.
  • Protecting their networks via the same standards that global banks follow.
  • Employing multiple security tools to monitor for external threats and intrusion attempts.
  • Implementing industry best practices to harden the host servers that support all of their cloud systems.

2. “How can I secure my org from login hacking?”

So, if Salesforce’s servers stay secure, then the line of questioning often shifts to the next point of entry for potential attackers: Forced org access through a stolen password and username.

Once again, Salesforce sits at the forefront of login security. It offers multiple overlapping access security solutions to help you restrict when and where users can log in. It also provides numerous options for dictating user password strength and identity verification. When used correctly, these tools ensure that your org’s security practices align with those of the most protected cloud databases.

3. “How can I restrict my users from seeing or editing data they shouldn’t?”

The other realm of security that often worries customers concerns internal visibility. They worry about the amount of data any single user has access to, in case of account hacking or internal malfeasance.

In response, I always mention Salesforce’s highly customizable data security model. Its settings allow you to restrict or grant access to entire objects, records or even specific fields. Furthermore, you can toggle these permissions for your whole org, particular teams or individual users.

4. “How can I keep my users from mass exporting data they shouldn’t?”

Especially in industries with high turnover, business leaders worry about users exporting data from their cloud platform. Even if individuals should see records, lists or reports on the Salesforce platform, executives worry about what departing employees might do with CSVs of customer information downloaded from Salesforce.

Salesforce’s team of engineers has already thought this through for you, however. Through Salesforce profile permissions, you can prevent users from exporting reports, accessing printable views of lists and using tools like Dataloader.

In sum, I tell every security-conscious client that Salesforce offers a security model upon which they can build solutions that comply with some of the most stringent industry standards, including HIPAA, PCI DSS, and FISMA. Salesforce’s flexibility allows businesses to create an org as strict or open as they want — the only question is how they customize it.

So now it’s my turn to ask: Are you ready to turn your Salesforce cloud security questions into actions? Check out our checklist of Salesforce security best practices to guard your data against malicious threats.




Danielle Sutton