By: Nick Kurbatov, Digital Business Analyst
Data Security – when I see these two words – the first thing that comes to my mind is “Johnny Mnemonic”, where the brain of the main character is used as data storage and antagonists are trying to break and steal the data.
Data Security is without a doubt one of the biggest trends in IT nowadays. According to the current speed of the Internet spreading – it’s only a matter of time when all of us will be connected in a single grid.
According to Gartner research, in 2020, 25 billion connected “Things” will be in use. Taking that into consideration, the question of data protection arises in a completely different perspective.
I will cover BYOD (Bring Your Own Device) in more details as this is directly connected to data security. I can share the experience of using BYOD in Salesforce.com CRM at my previous company.
The idea of BYOD is very comfortable for employees as they, for example, get used to work on Macs – not PCs , or vice versa, get used to Android mobiles – not iOS. In my experience, BYOD was very useful in terms of the following question: do I really want to enroll (this is a procedure of creating an additional tier of authentication, according to company policy, in order to use your device) my device and set-up a work e-mail agent or I want to leave my work at the company provided hardware?
Part of my role was closely connected to customer service, so I had to be online at all times. I can easily enter some meeting notes, create activities and contacts just by using my personal smartphone. I have chosen the first option. I’ve never regretted this decision. For example, work e-mail agent was really useful for quick replying to customers’ e-mails without delay from anywhere. I suffered only because of the enormous password I had to enter in order to unlock the phone (that was before TouchID), but on the other hand, if I lose my phone or if it gets stolen – I can sleep well.
At the end of the day, most companies have that rule for the employee because the company needs to be sure about the access the employee has to corporate data. BYOD creates a challenge for the IT team to control employees access. But if you take a look at this situation from another side? An employee having a secure and safe access to corporate data (fully observed by IT team) from a personal perspective, they would be more loyal to the company and could be a more efficient worker because they knows how to work with his own devices (that will eliminate some of the IT-Helpdesk tickets as well). In a long-term perspective, it will be a benefit for a company.
When it comes to Salesforce, of course there is the world class security at the data centres, but that is protection against physical data loss. Security breaches are more likely to be via social engineering or from current employees accessing or downloading data. There are a number of layers of protection that Salesforce provides, that we can take advantage of to secure access to the system and data.
Salesforce has its own system of user authentication, but some companies prefer to use an existing single sign-on capability to simplify and standardize their user authentication.
Network-based security limits where users can log in from, and when they can log in. This is different from user authentication, which only determines who can log in. Use network-based security to limit the window of opportunity for an attacker and to make it more difficult for an attacker to use stolen credentials.
CAPTCHA Security for Data Exports
By request, Salesforce can require users to pass a simple text-entry user verification test to export data from Salesforce. This type of network-based security helps prevent malicious users from accessing your organization’s data, and can reduce the risk of automated attacks.
Restrict Where and When Users Can Log In to Salesforce
You can restrict the hours during which users can log in and the range of IP addresses they can log in and access Salesforce from. If IP address restrictions are defined for a user’s profile and a login originates from an unknown IP address, Salesforce does not allow the login. These restrictions help protect your data from unauthorized access and phishing attacks.
As a Salesforce Admin, you can enhance your org’s security by requiring a second level of authentication for every user login. You can also require two-factor authentication when a user meets certain criteria, such as attempting to view reports or access a connected app.
Custom Login Flows
Login flows allow administrators to build post-authentication processes to match their business practices, associate the flow with a user profile, and send the user through that flow when logging in. Use login flows to collect registration information from users, provide terms of service acceptance form, prompt the user for the second factor of authentication, and other customization.
Back at the data layer, recently Salesforce has been focussing on introducing enhanced data encryption, called ‘Platform Encryption’. A few words about it provided by Salesforce.com in the guide: Shield Platform Encryption relies on a unique tenant secret that you control and a master secret that’s maintained by Salesforce. We combine these secrets to create your unique data encryption key. We use that key to encrypt data that your users put into Salesforce, and to decrypt data when your authorized users need it. Encrypting files, fields, and attachments have no effect on your organization’s storage limits.
As the name suggests, allows certain events to be monitored in real time. Examples include the number of logins, apex executions and report exports. If someone is planning to leave an organization and starts downloading data through reports, with event monitoring this activity can be monitored and acted upon proactively.
Now let’s switch to the global scale of data protection.
According to MarketsAndMarkets research mobile, the data protection market will grow to 3.54 Billion dollars by 2019. That number could give you a good overview of the size of demand. I’m personally worried about the speed of current internet spreading (just see Mark Zuckerbergs efforts to connect the world) as it gives an enormous opportunity to bad guys to get to your data. If they get access to your personal data, they can be you in terms of the IT-systems.
It’s scary, but it also creates demand from me, as an end-user and from my business to have the best protection possible to protect vital corporate data.