The Inner Circle

Expand all | Collapse all

Salesforce (SFDC) and Security

  • 1.  Salesforce (SFDC) and Security

    Posted 28 days ago

    Many enterprises ask, "How secure is my data in Salesforce (SFDC)?  SFDC has compiled a good baseline of documents for such Q&A.  The repository is located here https://developer.salesforce.com/docs/atlas.en-us.securityImplGuide.meta/securityImplGuide/salesforce_security_guide.htm


    "Salesforce is built with security to protect your data and applications. You can also implement your own security scheme to reflect the structure and needs of your organization. Protecting your data is a joint responsibility between you and Salesforce. The Salesforce security features enable you to empower your users to do their jobs safely and efficiently."

    Some questions to ponder:
    1)  How many enterprises are using SDFC's guidance repository?
    2)  How are they leveraging the repository?
    3)  Do enterprises consider the repository to be complete?
    4) If not, which other sources are enterprises seeking out for security best practices?




    ------------------------------
    Shamun Mahmud
    Standards Officer, Sr. Research Analyst
    Cloud Security Alliance
    WA
    ------------------------------


  • 2.  RE: Salesforce (SFDC) and Security

    Posted 25 days ago
    Shamun,

    So whereas vendor documents like these may be a good starting point, they (any vendor supplied document) only address the question to which they have good answers! The challenge is to find the comprehensive list of "nasty questions" - in this case I'd be asking "what happens if I want to use my own encryption key?", "what happens if the US government requests may data on your  servers?", "where do you stand on the US DOJ cloud act?".

    We saw this (in spades) when editing Guidance v3; with vendors objecting to specific parts because (guess what) their product could not do that, or it put their product in a dark light.

    My 2 cents

    Paul

    ------------------------------
    Paul Simmonds
    CSA UK Chapter
    ------------------------------



  • 3.  RE: Salesforce (SFDC) and Security

    Posted 24 days ago
    Shamun,

    having reviewed the link you shared, I must say the content covers (in some detail) only areas how Cloud Consumers secure their workloads and data IN your Cloud. It does not inform how Salesforce protects Cloud Consumer's data, i.e Security OF your Cloud. This is called Shared Responsibility model. Could you please share such information? A good example how cloud consumer could be informed of the security OF the cloud is AWS Security Whitepaper or Azure

    Thank you

    Vladimir Jirasek
    Director of Events, CSA UK chapter

    ------------------------------
    Vladimir Jirasek
    Director of Events
    CSA UK
    ------------------------------