Many enterprises ask, "How secure is my data in Salesforce (SFDC)? SFDC has compiled a good baseline of documents for such Q&A. The repository is located here https://developer.salesforce.com/docs/atlas.en-us.securityImplGuide.meta/securityImplGuide/salesforce_security_guide.htm
"Salesforce is built with security to protect your data and applications. You can also implement your own security scheme to reflect the structure and needs of your organization. Protecting your data is a joint responsibility between you and Salesforce. The Salesforce security features enable you to empower your users to do their jobs safely and efficiently."
Some questions to ponder:1) How many enterprises are using SDFC's guidance repository?2) How are they leveraging the repository?3) Do enterprises consider the repository to be complete?4) If not, which other sources are enterprises seeking out for security best practices?