In our previous article on Salesforce and security, we focused on how Salesforce protects your data, applications and privacy. Security on Salesforce is really a partnership between Salesforce and your manufacturing enterprise. In this article, we look at those things your own firm can do to ensure that your data and applications are secure.
What You Can Do
Salesforce provides security features that help your users do their jobs safely and efficiently while limiting exposure of data to users who act on it. Your firm can implement only those security controls that are appropriate for your data. Salesforce works with you to protect your data from unauthorized access from outside your company and from inappropriate usage by your users.
- End-user awareness – Your security partnership with Salesforce begins with a focus on end user awareness. This includes adopting industry-standard solutions to secure and protect authentication credentials, networks, servers, and computers from security attacks. Salesforce maintains a Trust website, where they communicate with you about current issues and trends, and emails end users about specific security issues if and when they arise. Salesforce also provides a Security Implementation Guide for customers as well as security-related sessions at their annual Dreamforce conference.
- Secure employee computers – An important security objective is to prevent email fraud before it occurs. Ensuring that all computers used by your employees are secure, have the latest desktop protection software and email filtering technology installed, and keeping all applications and definitions up to date helps to protect your users and your organization.
- Privacy and security settings – You determine which users can access different categories of data, set customizable password rules, define log-off times for inactivity, and create custom fields that are encrypted in storage for sensitive information types. Salesforce includes an Identity Confirmation feature that automatically recognizes whether a user is logging in from an IP address or device that has been previously used. Logins from unrecognized IP addresses or devices require identity re-verification.
- Strengthen password policies – Create and enforce policies that require more secure passwords that are difficult to break. You can do this by requiring your users to define complex passwords, setting up password expirations and implementing lockouts.
- IP restrictions – IP restrictions limit unauthorized access by requiring users to login to Salesforce from designated IP addresses (usually your corporate network or VPN). IP restrictions let your administrators define a range of permitted IP addresses to control access to the system. Anybody who tries to login to Salesforce from outside the designated IP addresses will be denied access.
- Two-factor authentication – Two-factor authentication requires that all login attempts have both login credentials and a second authentication factor, usually a unique, random code. Both Salesforce and a variety of security vendors offer two-factor authentication solutions. Anybody who does not provide valid credentials from both sources will be denied access.
- SMS identity confirmation – SMS (short message service) identity confirmation helps prevent unauthorized access to by challenging users to confirm their identity when logging in from an unknown source, such as a new device or IP address. Users must confirm their identity by entering a code that is sent SMS to their designated phone number.
- Data access – One of the most important factors that affects data security is choosing which data sets that each user or user group can access. Limiting data access also limits the risk of misused or stolen data. However, your organization may require the convenience of more data access, so you should try to find a good balance between too little and too much access. Salesforce’s layered data sharing design is flexible enough to let you expose different data sets to different groups of users, resulting in users being able to do their jobs without seeing unnecessary data.
- Field-level security – You can configure field-level security settings to either allow or restrict different users’ access to view and edit specific fields.
- Security monitoring – It’s critical that your organization continually monitor security. You can monitor login and field history, setup changes, and act based on events. Audit history is especially useful in firms with multiple administrators.
Rootstock Manufacturing Cloud ERP knows that the security of your data and applications is critical to the success of any cloud-based ERP solution. That’s why we are part of the Salesforce ecosystem, which provides built-in, state-of-the-art security technology and protocols as well as many security options that you control yourself.