Get Started with Mobile Security
- Explain the difference between security and compliance.
- Describe the risk and challenges of mobile security.
- Find and talk to your company’s security experts.
If you’re a Salesforce admin, you sleep better at night knowing that your company’s data is safe and secure. We totally get it! Here at Salesforce, trust is our number one priority. And we want to help you protect your sensitive enterprise data, whether your employees access it from laptops, phones, or tablets.
Your company probably already has a number of security and compliance policies in place, and that’s awesome. And if you’re thinking about implementing the Salesforce mobile app—or you’ve already rolled it out—perhaps you're wondering how to prevent valuable company data from being compromised on mobile devices.
In this module, we explain the security and compliance options available with the Salesforce app so you can make sure your mobile implementation aligns with your existing policies.
But wait! What if your company doesn’t have a mobile security and compliance policy? That’s OK. Now is the perfect time to start developing one. Check out the links in the resource section for some guidance.
Let’s draw this important distinction now because it’s confusing for security newbies. Although there can be some overlap between security and compliance, they serve different purposes. Here’s one way to think about it: Typically, security measures are put in place by your company, while an external organization mandates compliance measures.
First up is mobile security. When it comes to security, your company wants to minimize threats that could jeopardize its data and intellectual property. Your mobile security policies help make sure corporate data is protected on mobile devices, and that only authorized users are allowed to access that data.
On the other side of the fence is compliance. If your company operates in a regulated industry like healthcare or financial services, you’re legally bound to follow certain rules, guidelines, and processes outlined by the government or a standards organization.
Just in case you’re still confused about the difference between security and compliance, here’s a quick example. Let’s say your company requires mobile users to connect to VPN before accessing certain enterprise apps. That’s a security policy.
On the other hand, maybe companies in your industry are required by regulators to maintain records of all official email communications for future audit. This means your employees must use a corporate email app to communicate with customers instead of their device’s default email app. That’s a compliance policy. Make sense? Great! Let’s move on.
Before we talk specifically about security in the Salesforce mobile app, let’s discuss mobile security in general. Why do mobile devices pose an increased security risk?
Well, mobile is fundamentally different than any other enterprise technology. Here are some of the unique security challenges it presents:
- Data loss: We carry our mobile devices everywhere, which means they’re more susceptible to loss or theft. When a mobile device goes missing, organizations can lose control over the device and the information on it. Data can also be leaked when employees use personal accounts—like email or cloud storage—to access corporate data.
- Personal devices: More and more companies are implementing a Bring Your Own Device (BYOD) policy, which lets employees use personal devices for work. If you let users access enterprise data from personal devices, what security measures can you put in place to protect sensitive information? How can you segregate personal data from corporate data?
- Compromised devices and risky apps: If a device is compromised, the critical security protections provided by the operating system are disabled. Corporate data can be exposed, and it’s easier for malware to be installed. And even if a device isn’t compromised, a user could unintentionally install a risky app that collects sensitive information, like contacts or geo-location data.
- Unprotected Networks: Mobile users are constantly on the go, so their devices aren’t usually on your corporate network. They’re connected to open Wi-Fi networks at locations such as hotels, coffee shops, and airports. Unsecured networks put users at greater risk because attackers can more easily intercept and hijack valuable data.
Biting your nails yet? Never fear—the Salesforce app can help mitigate many of these potential mobile security threats. More on that shortly.
Compromised devices, data loss, unprotected networks...yikes. It’s a scary world out there, isn’t it? Luckily you don’t have to brave it alone. Depending on the size of your company, there are other people to involve in the conversation about Salesforce mobile security, whether it’s an Information Security team, chief security officer, compliance officer, or IT professional.
Talk to your experts. They’re security gurus, and you’re a Salesforce guru—it’s a match made in heaven! Together you’ll decide how to implement the security features available with the Salesforce app. So here’s your to-do list:
- Complete this module to learn about Salesforce mobile app security and compliance. (Hey, you can practically check this one off already!)
- Download the Salesforce Mobile App Security Guide.
- Take your newfound knowledge and the guide to your experts. Tell them about the security capabilities the mobile app provides. Then figure out how to best embrace the spirit of your company’s security and compliance policies while maximizing the experience for mobile users. Your mission is to strike the optimal balance between security and ease of use.
In the next unit, you’ll tackle item number one on your to-do list by learning about the security and compliance features available with the Salesforce app.