Get to Know Marketing Cloud Security
After completing this unit, you’ll be able to:
- Describe the types of Marketing Cloud encryption.
- Choose the best features for your security needs.
Secure Your Data
You’ve probably heard that trust is our number one value at Salesforce. And it’s not just talk—trust is at the core of everything we do. Security is an important part of that trust—we process and store lots of data, and we want you to feel confident that we maintain and use that data in a secure and responsible way. That’s why we provide the tools and settings outlined in this unit to make sure that only authorized users (or external integrations) touch your data.
Choose Your Account Security Settings
Want more secure access to your account? Marketing Cloud gives you the power to go beyond a simple username and password. As part of your account configuration, you can set up extra security measures at login, like asking users to:
- Implement an additional verification method for login using our Multi-Factor Authentication (MFA) system, which includes:.
- Adhere to strict password requirements for length, characters, and expiration.
Security settings also restrict the apps and information users can access in Marketing Cloud. That’s where admins come in. Marketing Cloud admins can assign roles and permissions to individuals for more granular control of access and activities, so work with your Marketing Cloud admin to fine-tune these settings and secure your account.
Know Your Passwords
Security—in any application—usually boils down to passwords. And in Marketing Cloud, that’s true as well. As a Marketing Cloud developer, you need to know two important passwords.
- Your account password
- The FTP password for your Marketing Cloud account
Both of these passwords are used in many automations—the account password to gain access to Marketing Cloud and authorize activities, and the FTP password to import and export data files. Remember that the entire account uses a single FTP password, so you need to make sure all users and automations are updated when changes occur. It’s also a good idea to change these passwords regularly (no less than every 90 days) to keep your account secure. And not just any password will do. Create a strong, unique password with:
- Eight or more characters
- Mix of letters and numbers
- Mix of uppercase and lowercase
- Special characters
Simplify Login with SAML and SSO
Passwords help secure our software, but we know you don’t want another password to remember. That’s why Marketing Cloud allows third-party, single sign-on (SSO) authentication via SAML 2.0. You can use Salesforce federated authentication or another service, depending on your security needs. After you activate this feature (with the correct metadata), Marketing Cloud users can securely access all the resources they need with fewer passwords. Hooray! We talk more about SSO in the next unit, so stay tuned.
Protect Your Data with Data at Rest Encryption
If you want to encrypt data within your account at rest, you can do just that with Data at Rest Encryption. This solution helps you encrypt data without modifying any existing code and protects against a variety of scenarios, including stolen physical media. In other words, if someone gets their hands on the drive that contains your data, Data at Rest Encryption prevents them from decrypting and accessing the data. This feature is transparent to Marketing Cloud and does not impact any application-level features.
In addition to this encryption, Marketing Cloud requires secure connections for API calls and SFTP interaction. As part of these interactions, Marketing Cloud uses tenant-specific endpoints to maximize security. You can find your account’s tenant-specific endpoints in the installed package you created to allow SOAP and REST API calls. Haven’t created the installed package? Hop over to Marketing Cloud APIs to learn more. All set? You can review the installed package in the Setup menu of your Marketing Cloud account.
Track Account Activity with Audit Trail
Part of keeping your Marketing Cloud account secure is knowing who is performing what actions in your account. After you assign the proper roles and permissions to your account users, any Marketing Cloud Security Administrator can track user actions using the Audit Trail feature. The basic version of Audit Trail is available to all Marketing Cloud accounts and provides 30 days of information for all users in your account.
- User authentication
- IP addresses
- Changes to users, roles, and user permissions
- Changes to Security Settings, such as logins, password changes, and logouts
There is also an advanced version of Audit Trail which captures changes to user agents, session IDs, and business units—plus, changes to content and data for Email Studio, CloudPages, MobilePush, and MobileConnect.
You can retrieve available Audit Trail information via an automated data extract in Automation Studio or via REST API calls.
In the next unit, you learn about encryption keys and how they power Marketing Cloud security features.