Gather and Review Security Data
After completing this unit, you’ll be able to:
- Set up a Security Center app.
- Identify where to find trend data in Security Center.
- Explain how authentication and user trends affect security policies.
Fortune Favors the Bold
As you saw in the first unit, successful companies pay close attention to how their data is stored, accessed, and secured. Let’s follow one company, Zephyrus Relocation Services (ZRS), as they use Security Center to plan for a secure and efficient expansion.
ZRS offers comprehensive relocation management for corporate employees moving out of their native countries for work. In these work-from-anywhere times, they see an opportunity to expand into the European market. ZRS leadership will need to examine and adjust their data governance policies to comply with European data governance and privacy laws. The company decides to hire a security specialist team to handle the necessary auditing, governance, and policy work ahead of the expansion.
Calvin Green, a resourceful new Salesforce admin, has an idea for jump-starting the project. He saw a demo of Security Center at a conference and thinks it’s the perfect tool for the job. Calvin offers to set up the Security Center app and complete an initial review of the company’s existing security settings.
ZRS has one production org and multiple sandbox orgs. These sandbox orgs are used throughout the company's DevOps process and may contain sensitive production data. Calvin configures Security Center with the prod org as the parent tenant and connects the sandbox orgs as child tenants. Now all security data will be aggregated and available in one view. When the new security team arrives, they can build their recommendations on Calvin’s initial review.
A few days after ZRS’s Security Center licenses go live, Calvin logs into a normally busy ZRS tenant. He opens the App Launcher and selects Security Center. From the Summary page, he sees an overview of metrics for yesterday along with how much each has changed from the previous day. The app is already gathering data for him. Excellent!
Now he can set up custom alerts to always stay informed of his tenant security posture. As he would like to ensure the Health Check score remains at 90% or above, he can create an alert to ensure that he receives a notification whenever the Health Check score decreases. Then he can assess security threats and act to secure his tenant.
Set Up Your Own Security Center Parent Tenant
Want to give it a try? Create your own parent tenant.
To follow along with these steps, you need at least two Playgrounds: one to serve as your parent tenant, and at least one more to serve as a child tenant.
- Make sure you have the Manage Security Center permission in both parent and child tenants. You can add this permission to an existing permission set that you’re assigned. Or, create a new permission set, add the Manage Security Center permission set to it, and assign the permission set to yourself. The key here is to make sure that you have the permission in both parent and child tenants.
- Log in to the tenant that you want to view aggregated security data in. This is your parent tenant.
- From the App Launcher, select Security Center.
- Click the Connected Tenants tab.
- Click Connect Tenant.
Out in the real world, tenant environment types matter. Parent tenants in production environments can connect to child tenants in production or sandbox environments. If the parent tenant is in a sandbox environment, you can only connect child tenants that are sandboxes.
A login screen opens.
- On the login screen, enter the credentials for the child tenant that you want to connect. Child tenant credentials must be for a user who has the Manage Security Center permission.
- Click Log In.
- Salesforce asks to confirm the authenticated connection. Click Allow.
The parent tenant is now created. The Connected Tenant page updates with details about the child tenant you just added.
You can connect as many child tenants as you like, and disconnect child tenants at any time.
Data Governance Made Easy
Now that Security Center is up and running, let’s take a look at how you and Calvin can use the app to make informed decisions.
Keep Tabs on Permissions
Like the keys to your house, permissions are worth keeping track of because they grant access to something valuable. At nearly 1,500 employees, ZRS needs to be diligent about who can access specific categories of data. ZRS admins follow the principle of least privilege, meaning that users are given the least amount of access necessary to do their jobs. In Security Center, Calvin can see how many people have access to sensitive permissions like Modify All Data and View All Data. He can also see specialist permissions like Author Apex, which provides access to custom tools that power essential business processes. In the Permissions dashboard, it looks like assignments have been steady. This is expected; the admin team didn’t have any changes planned over the last week. Calvin’s pleased with what he sees and moves on to the next task.
Evaluate Authentication Patterns
Admins are in charge of making sure that users are who they say they are, and can log in easily and securely. Safer authentication methods like multi-factor authentication (MFA) require users to provide more than just their password and username. ZRS requires MFA for all employees and some North American clients. They’re in the middle of their roll out and expect to have this phase complete by the end of the quarter. Calvin logs in to a parent tenant, and looks at the Authentication by Type dashboard card to see how the rollout is going.
It looks like there’s no MFA usage yet in a few tenants. While less than ideal, it’s valuable feedback. The security specialists can use this data in conjunction with the rollout plan to make recommendations for improving their MFA adoption rates.
Monitor Packages and User Activity
A fellow admin admitted to Calvin how hard it was to keep track of all the little moving parts that make up a Salesforce implementation. It takes a lot of time to track which installed packages are using their latest (and most secure) versions. Reviewing managed, unmanaged, and AppExchange packages often happens on a tenant-by-tenant basis. If you can see all packages in one place, you can quickly make sure that you don’t have any unapproved apps that might be exfiltrating data.
And then there’s onboarding new users, and tracking Salesforce licenses against employee turnover. Over on the User and Profile dashboard, Calvin sees a small number of users who have been inactive for the last 90 days. He opens the detail page for inactive users and selects yesterday’s date. From the record table, he discovers that these users are a mix of employees who have left the company and former clients. That means that ZRS can reclaim these Salesforce licenses for other users. Score!
Integrate Security Center into a Security Review Schedule
After a few days of analysis, Calvin writes up a preliminary report about the trends he discovered. Calvin has a few ideas for how to streamline the employee turnover process to recover licenses more quickly, and change permission set and profile assignments to tighten permission assignments. He also has ideas about why those MFA adoptions aren’t as high as they could be. He’ll hand off this report to the security team. And because Security Center retains data for 6 months, he’ll be able to walk the team through this data or give them access to it if they want to see the data themselves.
Security Center saved Calvin days’ worth of time. Zephyrus Relocation Services now has a head start on the work needed to create an efficient, secure, and scalable data compliance plan.