Skip to main content
Junte-se a nós na TDX em São Francisco ou no Salesforce+ nos dias 5 e 6 de maio e assista à Developer Conference for the AI Agent Era. Registre-se agora.

Get the Scoop on Security

Learning Objectives

After completing this unit, you’ll be able to:

  • Explain the role of admins in safeguarding sensitive data within the Salesforce environment.
  • Develop and maintain effective communication and collaboration practices with IT.
  • Apply best practices for managing access and visibility in Salesforce.
  • Explain the Principle of Least Privilege and its importance for a secure org.
  • Continuously expand security knowledge through ongoing learning and use of Salesforce resources.

Learn Security Best Practices

As a Salesforce admin, it’s important to learn about security because you’re responsible for safeguarding sensitive data within the Salesforce environment. This includes understanding and implementing security measures like multi-factor authentication (MFA), IP restrictions, login hours, and permission sets to protect against unauthorized access and data breaches. When you’re well-versed in security best practices you help maintain the trust and integrity of the platform by ensuring users have the least level of access necessary to-do their jobs. And by minding security, you also contribute to increased user productivity by providing streamlined access to the resources your teams need.

Best Practices in Communicating with IT

Regular communication with IT is crucial, especially on security matters. IT can clarify compliance standards for your organization and outline user onboarding and offboarding processes. They can also provide needed documentation, such as a data dictionary, which is essential for tracking objects and fields in Salesforce. Sharing your data dictionary with IT helps ensure a smooth integration process, especially if your Salesforce organization interacts with external systems.

When integrations require connecting Salesforce sandboxes to external sandboxes, coordinating with IT well in advance is crucial, as sandbox provisioning can be time-consuming. Proactive communication helps build strong teamwork and ensure that all teams are aligned regarding security policies. IT may also be able to provide automated scripts to help simplify processes, like data seeding in sandboxes, or test scripts.

Weekly meetings with IT might be too much depending on the velocity of changes in your company and your org. The specific frequency and format of meetings depends on your organization’s needs and IT’s preferences. Gathering requests and updates throughout the week to share with IT ensures efficient and productive meetings. Remember that security needs vary, so it’s essential to adapt these best practices to your specific circumstances. Building a strong, continuous partnership with IT helps maintain a secure Salesforce environment and facilitate smoother integrations.

Review Access and Visibility

Salesforce access and visibility involves four layers: Organization, Persona, Record, and Field. Each layer has numerous features you can configure—from MFA and permission-set groups to field-level security. It can be overwhelming to manage, but focusing on reducing the number of profiles and prioritizing permiss​​ion sets simplifies security configuration.

The principle of least privilege dictates that users, devices, applications, and systems should have only the minimum level of access they need to perform their job functions. Salesforce recommends operating in a permission set-led model, which offers greater flexibility and control over user access compared to relying solely on profiles.

Permission sets are bundles of settings and permissions that can be applied to users without changing their profiles, allowing you to tailor access based on specific job functions and tasks. To implement this best practice, identify the job functions, tasks, and processes that are critical to users, then define permission sets accordingly. Remove high-risk permissions from profiles, and add those permissions back to users on an as-needed basis through permission sets. This approach streamlines security management and reduces the risk of over-privileged access.

To stay organized, compile access-related notes each week according to the four layers of Salesforce access. This helps prepare you for any necessary changes. Additionally, using the Security Health Check tool is essential. It compares your Salesforce instance to industry security baselines, flagging areas needing improvement and providing detailed recommendations by risk level. Addressing critical items highlighted by Security Health Check is vital for maintaining a secure Salesforce environment. Scheduling an hour midweek to review access levels, incorporating notes from your user observations, ensures that security configurations align with user needs and adhere to best practices.

By prioritizing permission sets, communicating regularly with IT, and using available tools like Security Health Check, you can establish a robust and adaptable security framework for your Salesforce organization.

AI and Emerging Technologies

As a Salesforce admin, you are responsible for customizing and deploying AI solutions like Agentforce, while focusing on improving business processes and the end-user experience. Regarding security, you play a vital role in managing agents and ensuring responsible AI practices.

From a security perspective, it’s important that you make sure your users aren’t exposing Salesforce data to LLMs that are outside of the trust layer. This could include downloading or exporting reports and uploading that data to an external AI client that’s not on the Salesforce Platform. (You learn more about data and analytics in the next unit.)

Agentforce, built on the Einstein Trust Layer, a core security component within Salesforce, uses data masking to safeguard sensitive data. This process involves substituting personally identifiable information (PII) and payment card industry (PCI) data with placeholder text within the prompts sent to the large language model (LLM). This masking technique ensures that the LLM processes the data without actually exposing the sensitive information, preserving data privacy and compliance.

Admins can give users access to autonomous agents through Agentforce to assist with common Salesforce tasks. Note that the Einstein Copilot permission respects standard Salesforce access controls, like licenses and permissions, ensuring secure user actions.

Continuous Learning Is Essential

You play a crucial role in maintaining the security of your Salesforce organization, and continuous learning is vital to stay ahead of evolving security threats and best practices.

Here’s why continuous learning in the realm of security is crucial.

  • Security threats are constantly changing: New threats and vulnerabilities emerge regularly, and you must stay informed about the latest trends and attack vectors. Hackers are continually developing new techniques, so you need to keep learning about the latest threats to effectively mitigate risks. Continuous learning enables you to anticipate and adapt to new threats and vulnerabilities.
  • Salesforce is constantly evolving: Salesforce releases updates three times a year, often introducing new security features and enhancements. Stay up to date on these releases to understand how they impact your organization’s security posture. This proactive approach helps ensure that the latest security measures are implemented and user access is managed effectively.
  • Best practices are continually refined: Security best practices aren’t static, and what was considered secure a year ago can be outdated today. Stay current on the latest recommendations from Salesforce and industry experts, such as those outlined in the Security Best Practices Guide. For example, implementing Multi-Factor Authentication (MFA) for all users has become a vital security practice, and you’re responsible for configuring and enforcing this across your organization.
  • Expanding skillset: Continuous learning helps you expand your security knowledge and skills, allowing you to better secure your Salesforce organization. Learning about new features and best practices enables you to become more valuable to your company, advocate for security needs, and‌ explore new career opportunities in cybersecurity. For instance, you can learn about the Security Health Check tool, which analyzes security settings and provides recommendations based on industry best practices.

Here are some helpful learning resources.

  • Trailhead: The Salesforce free online learning platform offers various modules, trails, and superbadges focused on security, providing you with hands-on experience and knowledge. Examples include the Security Advocacy Specialist Superbadge and the Secure Your Environment trail.
  • Salesforce admins podcast: The podcast often features security experts and offers insights into current security trends and best practices. For instance, the episode Being a Security Advocate with Laura Pelkey provides valuable advice on becoming a security advocate within your organization.
  • Salesforce security site: Online Salesforce documentation offers comprehensive guides on security features and settings. You can refer to the Salesforce Security Guide and guides focusing on specific security aspects, like identity confirmation and single sign-on (SSO).
  • Salesforce admin site: This website provides a curated collection of security resources, including blogs, podcasts, videos, and best practices specifically tailored for admins. This central hub offers valuable information on maintaining a secure Salesforce org.
  • Trust.Salesforce.com: This website provides updates on Salesforce system performance and security, helping you to stay informed about any potential issues or incidents that might affect your organization.

By embracing continuous learning, you can effectively address your security responsibilities, protect your organization’s data, and become valuable security advocates within your company.

Resources

Compartilhe seu feedback do Trailhead usando a Ajuda do Salesforce.

Queremos saber sobre sua experiência com o Trailhead. Agora você pode acessar o novo formulário de feedback, a qualquer momento, no site Ajuda do Salesforce.

Saiba mais Continue compartilhando feedback