SlideShare a Scribd company logo

Salesforce Security: Zero Trust and Beyond

A
Anna Loughnan Colquhoun

Doug Merrett presents a focus on Salesforce security to the Wellington Salesforce trailblazer community group in cybersecurity month - October 2023.

Technology
1 of 15
Download to read offline
Let’s discuss Salesforce Security Doug Merrett – Platinum7 Wellington Salesforce User Group Meetup October 2023
What is Zero Trust? • Zero Trust describes an approach to the strategy, design and implementation of IT systems. • The main concept is "never trust, always verify." • This brings about zero trust data security where every request to access the data needs to be authenticated dynamically and ensure least privileged access to resources. • In order to determine if access can be granted, policies can be applied based on the attributes of the data, who the user is, and the type of environment using Attribute-Based Access Control. • This zero-trust data security approach can protect access to the data. Besides a buzzword Source: https://en.wikipedia.org/wiki/Zero_trust_security_model
Hmmm… Not all hacks are complicated
Shared Responsibility Model Salesforce does not do all of it for you… Copyright © 2023 Platinum7 Foundational International Infrastructure Hardware Compute Storage Scalability Availability Datacentre Security Security Foundational Network (inc encryption) Server (inc encryption) Administrative Capacity High Availability Disaster Recovery Operational Management Audits Site Reliability CSIRT Secure SDLC Security Foundational Persona Level Record Level Field Level Performance Monitor / Audit Backup / Archive Secure SDLC Org Level Privacy / Data Gov Customer
Security is never “finished” Copyright © 2023 Platinum7 Assess Your Org Health Secure Your Application Secure Your Data Improve Security Awareness
Assessments • Health Check • Portal Health Check • Optimizer • Code Scan with Checkmarx/DigitSec S4/AutoRabit/Salesforce’s own Code Scanner • Third parties (shameless plug) Copyright © 2023 Platinum7
Security is never “finished” Copyright © 2023 Platinum7 Assess Your Org Health Secure Your Application Secure Your Data Improve Security Awareness
Secure your Application • Reconfigure broad sharing access (Public R/W, Public Read, …) • Ensure Aura based communities are protected : https://links.platinum7.com.au/Aura-Issue • Reconfigure API Users that are System Admins • Especially with the new Integration User license • Restrict access to Connected Apps with API Access Control • Raise a case with Salesforce Support to get enabled • Use Lightning Login to go passwordless • Fix the code issues found by the Code Scanner • SOQL injections - Where data from UI/API is put into a SOQL query without protection • Stored XSS - Where data from the database is shown in the UI without protection Use Least Privilege principles Copyright © 2023 Platinum7
Security is never “finished” Copyright © 2023 Platinum7 Assess Your Org Health Secure Your Application Secure Your Data Improve Security Awareness
Secure your Data • Remove permissions not needed (View All Data, API Access, …) • Use Event Monitoring’s Transaction Security policies to minimise data exfiltration • Use data masking in sandboxes to lower the attack surface • Data Mask by Salesforce, DataMasker by Cloud Compliance or Data Masking by Backup tools • Use archiving/deletion to remove data you no longer need • Don’t have too many System Admins • Backup your data • Look at Privacy and Consent • Embedded PII and other information • Look at David Norris’ Medium posts – https://dave-norris.medium.com or Blackthorn.io Copyright © 2023 Platinum7
Security is never “finished” Copyright © 2023 Platinum7 Assess Your Org Health Secure Your Application Secure Your Data Improve Security Awareness
Improve Security Awareness • Educate users on Cybersecurity for home and work • Educate Developers and Admins on security best practices • Look at using new techniques in your development cycles • Have a playbook for what to do in cyber events • Look at frameworks – eg NIST Cybersecurity Framework Copyright © 2023 Platinum7
Q&A Please reach out if you have any questions – I do not bite! And I am happy to have a chat about anything security related… Contact Details • doug@platinum7.com.au • +61 404 005 435 • https://www.platinum7.com.au • https://doug-merrett.medium.com
Interesting information Salesforce Security Information • Architecture: https://architect.salesforce.com/well-architected/trusted/overview • Security: https://developer.salesforce.com/developer-centers/security • Code Scanner from Salesforce blog post: https://www.linkedin.com/feed/update/urn:li:activity:6986508274858696704/ NIST Framework • https://www.nist.gov/cyberframework Platinum7 Salesforce Security Assessments • https://www.platinum7.com.au/assessments : NFP get 10% discount
Companies to investigate Backup • OwnData (fka OwnBackup) and Odaseva are the top tier • Salesforce has re-released their backup tool Event Monitoring tools • Imprivata’s FairWarning – prebuilt alerts and dashboards for Salesforce • Platinum7 Event Storage – keep your logs “forever” • Platinum7 Transaction Security Policies – complex and capable policies to block data exfiltration Let me know if you would like an introduction

Recommended

Cloud data governance, risk management and compliance ny metro joint cyber...
Cloud data governance, risk management and compliance ny metro joint cyber...Cloud data governance, risk management and compliance ny metro joint cyber...
Cloud data governance, risk management and compliance ny metro joint cyber...Ulf Mattsson
 
Aligning Application Security to Compliance
Aligning Application Security to ComplianceAligning Application Security to Compliance
Aligning Application Security to ComplianceSecurity Innovation
 
Starting your Career in Information Security
Starting your Career in Information SecurityStarting your Career in Information Security
Starting your Career in Information SecurityAhmed Sayed-
 
Comprehensive Security for the Enterprise III: Protecting Data at Rest and In...
Comprehensive Security for the Enterprise III: Protecting Data at Rest and In...Comprehensive Security for the Enterprise III: Protecting Data at Rest and In...
Comprehensive Security for the Enterprise III: Protecting Data at Rest and In...Cloudera, Inc.
 
Azure Fundamentals Part 3
Azure Fundamentals Part 3Azure Fundamentals Part 3
Azure Fundamentals Part 3CCG
 
Zero Trust and Data Security
Zero Trust and Data SecurityZero Trust and Data Security
Zero Trust and Data SecurityCareer Communications Group
 
Cloud Security: A matter of trust?
Cloud Security: A matter of trust?Cloud Security: A matter of trust?
Cloud Security: A matter of trust?Mark Williams
 
Security Architecture Best Practices for SaaS Applications
Security Architecture Best Practices for SaaS ApplicationsSecurity Architecture Best Practices for SaaS Applications
Security Architecture Best Practices for SaaS ApplicationsTechcello
 

Recommended

Cloud data governance, risk management and compliance ny metro joint cyber...
Cloud data governance, risk management and compliance ny metro joint cyber...Cloud data governance, risk management and compliance ny metro joint cyber...
Cloud data governance, risk management and compliance ny metro joint cyber...Ulf Mattsson
 
Aligning Application Security to Compliance
Aligning Application Security to ComplianceAligning Application Security to Compliance
Aligning Application Security to ComplianceSecurity Innovation
 
Starting your Career in Information Security
Starting your Career in Information SecurityStarting your Career in Information Security
Starting your Career in Information SecurityAhmed Sayed-
 
Comprehensive Security for the Enterprise III: Protecting Data at Rest and In...
Comprehensive Security for the Enterprise III: Protecting Data at Rest and In...Comprehensive Security for the Enterprise III: Protecting Data at Rest and In...
Comprehensive Security for the Enterprise III: Protecting Data at Rest and In...Cloudera, Inc.
 
Azure Fundamentals Part 3
Azure Fundamentals Part 3Azure Fundamentals Part 3
Azure Fundamentals Part 3CCG
 
Zero Trust and Data Security
Zero Trust and Data SecurityZero Trust and Data Security
Zero Trust and Data SecurityCareer Communications Group
 
Cloud Security: A matter of trust?
Cloud Security: A matter of trust?Cloud Security: A matter of trust?
Cloud Security: A matter of trust?Mark Williams
 
Security Architecture Best Practices for SaaS Applications
Security Architecture Best Practices for SaaS ApplicationsSecurity Architecture Best Practices for SaaS Applications
Security Architecture Best Practices for SaaS ApplicationsTechcello
 
Migrating Critical Applications to the Cloud - isaca seattle - sanitized
Migrating Critical Applications to the Cloud - isaca seattle - sanitizedMigrating Critical Applications to the Cloud - isaca seattle - sanitized
Migrating Critical Applications to the Cloud - isaca seattle - sanitizedUnifyCloud
 
Migrating Critical Applications To The Cloud - ISACA Seattle - Sanitized
Migrating Critical Applications To The Cloud - ISACA Seattle - SanitizedMigrating Critical Applications To The Cloud - ISACA Seattle - Sanitized
Migrating Critical Applications To The Cloud - ISACA Seattle - SanitizedNorm Barber
 
Social Distance Your IBM i from Cybersecurity Risk
Social Distance Your IBM i from Cybersecurity RiskSocial Distance Your IBM i from Cybersecurity Risk
Social Distance Your IBM i from Cybersecurity RiskPrecisely
 
Top 5 security errors and how to avoid them - DEM06-S - Mexico City AWS Summit
Top 5 security errors and how to avoid them - DEM06-S - Mexico City AWS SummitTop 5 security errors and how to avoid them - DEM06-S - Mexico City AWS Summit
Top 5 security errors and how to avoid them - DEM06-S - Mexico City AWS SummitAmazon Web Services
 
110307 cloud security requirements gourley
110307 cloud security requirements gourley110307 cloud security requirements gourley
110307 cloud security requirements gourleyGovCloud Network
 
Top Azure security fails and how to avoid them
Top Azure security fails and how to avoid themTop Azure security fails and how to avoid them
Top Azure security fails and how to avoid themKarl Ots
 
SC-900 Concepts of Security, Compliance, and Identity
SC-900 Concepts of Security, Compliance, and IdentitySC-900 Concepts of Security, Compliance, and Identity
SC-900 Concepts of Security, Compliance, and IdentityFredBrandonAuthorMCP
 
Security Imeprative for iOS and Android Apps
Security Imeprative for iOS and Android AppsSecurity Imeprative for iOS and Android Apps
Security Imeprative for iOS and Android AppsSymosis Security (Previously C-Level Security)
 
Understanding Database Encryption & Protecting Against the Insider Threat wit...
Understanding Database Encryption & Protecting Against the Insider Threat wit...Understanding Database Encryption & Protecting Against the Insider Threat wit...
Understanding Database Encryption & Protecting Against the Insider Threat wit...MongoDB
 
Cloud Security
Cloud SecurityCloud Security
Cloud SecurityAWS User Group Bengaluru
 
Cloud Security
Cloud SecurityCloud Security
Cloud SecurityAWS User Group Bengaluru
 
The Future of Data Management - the Enterprise Data Hub
The Future of Data Management - the Enterprise Data HubThe Future of Data Management - the Enterprise Data Hub
The Future of Data Management - the Enterprise Data HubDataWorks Summit
 
The Future of Hadoop Security - Hadoop Summit 2014
The Future of Hadoop Security - Hadoop Summit 2014The Future of Hadoop Security - Hadoop Summit 2014
The Future of Hadoop Security - Hadoop Summit 2014Cloudera, Inc.
 
Xylos Clients Day - Public cloud and security go hand in hand, if you approac...
Xylos Clients Day - Public cloud and security go hand in hand, if you approac...Xylos Clients Day - Public cloud and security go hand in hand, if you approac...
Xylos Clients Day - Public cloud and security go hand in hand, if you approac...Karim Vaes
 
Datacenter 2014: Trend Micro - Bill MCGee
Datacenter 2014: Trend Micro - Bill MCGeeDatacenter 2014: Trend Micro - Bill MCGee
Datacenter 2014: Trend Micro - Bill MCGeeMediehuset Ingeniøren Live
 
Finding Security a Home in a DevOps World
Finding Security a Home in a DevOps WorldFinding Security a Home in a DevOps World
Finding Security a Home in a DevOps WorldShannon Lietz
 
Securely Harden Microsoft 365 with Secure Score
Securely Harden Microsoft 365 with Secure ScoreSecurely Harden Microsoft 365 with Secure Score
Securely Harden Microsoft 365 with Secure ScoreJoel Oleson
 
5 Security Questions To Ask A Cloud Service Provider
5 Security Questions To Ask A Cloud Service Provider5 Security Questions To Ask A Cloud Service Provider
5 Security Questions To Ask A Cloud Service ProviderTyrone Systems
 
IBM Relay 2015: Securing the Future
IBM Relay 2015: Securing the Future IBM Relay 2015: Securing the Future
IBM Relay 2015: Securing the Future IBM
 
Top five security errors and how to avoid them - DEM09 - Santa Clara AWS Summ...
Top five security errors and how to avoid them - DEM09 - Santa Clara AWS Summ...Top five security errors and how to avoid them - DEM09 - Santa Clara AWS Summ...
Top five security errors and how to avoid them - DEM09 - Santa Clara AWS Summ...Amazon Web Services
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Anna Loughnan Top 10 Salesforce Apps for Christchurch Salesforce user group M...
Anna Loughnan Top 10 Salesforce Apps for Christchurch Salesforce user group M...Anna Loughnan Top 10 Salesforce Apps for Christchurch Salesforce user group M...
Anna Loughnan Top 10 Salesforce Apps for Christchurch Salesforce user group M...Anna Loughnan Colquhoun
 

More Related Content

Similar to Salesforce Security: Zero Trust and Beyond

Migrating Critical Applications to the Cloud - isaca seattle - sanitized
Migrating Critical Applications to the Cloud - isaca seattle - sanitizedMigrating Critical Applications to the Cloud - isaca seattle - sanitized
Migrating Critical Applications to the Cloud - isaca seattle - sanitizedUnifyCloud
 
Migrating Critical Applications To The Cloud - ISACA Seattle - Sanitized
Migrating Critical Applications To The Cloud - ISACA Seattle - SanitizedMigrating Critical Applications To The Cloud - ISACA Seattle - Sanitized
Migrating Critical Applications To The Cloud - ISACA Seattle - SanitizedNorm Barber
 
Social Distance Your IBM i from Cybersecurity Risk
Social Distance Your IBM i from Cybersecurity RiskSocial Distance Your IBM i from Cybersecurity Risk
Social Distance Your IBM i from Cybersecurity RiskPrecisely
 
Top 5 security errors and how to avoid them - DEM06-S - Mexico City AWS Summit
Top 5 security errors and how to avoid them - DEM06-S - Mexico City AWS SummitTop 5 security errors and how to avoid them - DEM06-S - Mexico City AWS Summit
Top 5 security errors and how to avoid them - DEM06-S - Mexico City AWS SummitAmazon Web Services
 
110307 cloud security requirements gourley
110307 cloud security requirements gourley110307 cloud security requirements gourley
110307 cloud security requirements gourleyGovCloud Network
 
Top Azure security fails and how to avoid them
Top Azure security fails and how to avoid themTop Azure security fails and how to avoid them
Top Azure security fails and how to avoid themKarl Ots
 
SC-900 Concepts of Security, Compliance, and Identity
SC-900 Concepts of Security, Compliance, and IdentitySC-900 Concepts of Security, Compliance, and Identity
SC-900 Concepts of Security, Compliance, and IdentityFredBrandonAuthorMCP
 
Understanding Database Encryption & Protecting Against the Insider Threat wit...
Understanding Database Encryption & Protecting Against the Insider Threat wit...Understanding Database Encryption & Protecting Against the Insider Threat wit...
Understanding Database Encryption & Protecting Against the Insider Threat wit...MongoDB
 
The Future of Data Management - the Enterprise Data Hub
The Future of Data Management - the Enterprise Data HubThe Future of Data Management - the Enterprise Data Hub
The Future of Data Management - the Enterprise Data HubDataWorks Summit
 
The Future of Hadoop Security - Hadoop Summit 2014
The Future of Hadoop Security - Hadoop Summit 2014The Future of Hadoop Security - Hadoop Summit 2014
The Future of Hadoop Security - Hadoop Summit 2014Cloudera, Inc.
 
Xylos Clients Day - Public cloud and security go hand in hand, if you approac...
Xylos Clients Day - Public cloud and security go hand in hand, if you approac...Xylos Clients Day - Public cloud and security go hand in hand, if you approac...
Xylos Clients Day - Public cloud and security go hand in hand, if you approac...Karim Vaes
 
Finding Security a Home in a DevOps World
Finding Security a Home in a DevOps WorldFinding Security a Home in a DevOps World
Finding Security a Home in a DevOps WorldShannon Lietz
 
Securely Harden Microsoft 365 with Secure Score
Securely Harden Microsoft 365 with Secure ScoreSecurely Harden Microsoft 365 with Secure Score
Securely Harden Microsoft 365 with Secure ScoreJoel Oleson
 
5 Security Questions To Ask A Cloud Service Provider
5 Security Questions To Ask A Cloud Service Provider5 Security Questions To Ask A Cloud Service Provider
5 Security Questions To Ask A Cloud Service ProviderTyrone Systems
 
IBM Relay 2015: Securing the Future
IBM Relay 2015: Securing the Future IBM Relay 2015: Securing the Future
IBM Relay 2015: Securing the Future IBM
 
Top five security errors and how to avoid them - DEM09 - Santa Clara AWS Summ...
Top five security errors and how to avoid them - DEM09 - Santa Clara AWS Summ...Top five security errors and how to avoid them - DEM09 - Santa Clara AWS Summ...
Top five security errors and how to avoid them - DEM09 - Santa Clara AWS Summ...Amazon Web Services
 

Similar to Salesforce Security: Zero Trust and Beyond (20)

Migrating Critical Applications to the Cloud - isaca seattle - sanitized
Migrating Critical Applications to the Cloud - isaca seattle - sanitizedMigrating Critical Applications to the Cloud - isaca seattle - sanitized
Migrating Critical Applications to the Cloud - isaca seattle - sanitized
 
Migrating Critical Applications To The Cloud - ISACA Seattle - Sanitized
Migrating Critical Applications To The Cloud - ISACA Seattle - SanitizedMigrating Critical Applications To The Cloud - ISACA Seattle - Sanitized
Migrating Critical Applications To The Cloud - ISACA Seattle - Sanitized
 
Social Distance Your IBM i from Cybersecurity Risk
Social Distance Your IBM i from Cybersecurity RiskSocial Distance Your IBM i from Cybersecurity Risk
Social Distance Your IBM i from Cybersecurity Risk
 
Top 5 security errors and how to avoid them - DEM06-S - Mexico City AWS Summit
Top 5 security errors and how to avoid them - DEM06-S - Mexico City AWS SummitTop 5 security errors and how to avoid them - DEM06-S - Mexico City AWS Summit
Top 5 security errors and how to avoid them - DEM06-S - Mexico City AWS Summit
 
110307 cloud security requirements gourley
110307 cloud security requirements gourley110307 cloud security requirements gourley
110307 cloud security requirements gourley
 
Top Azure security fails and how to avoid them
Top Azure security fails and how to avoid themTop Azure security fails and how to avoid them
Top Azure security fails and how to avoid them
 
SC-900 Concepts of Security, Compliance, and Identity
SC-900 Concepts of Security, Compliance, and IdentitySC-900 Concepts of Security, Compliance, and Identity
SC-900 Concepts of Security, Compliance, and Identity
 
Security Imeprative for iOS and Android Apps
Security Imeprative for iOS and Android AppsSecurity Imeprative for iOS and Android Apps
Security Imeprative for iOS and Android Apps
 
Understanding Database Encryption & Protecting Against the Insider Threat wit...
Understanding Database Encryption & Protecting Against the Insider Threat wit...Understanding Database Encryption & Protecting Against the Insider Threat wit...
Understanding Database Encryption & Protecting Against the Insider Threat wit...
 
Cloud Security
Cloud SecurityCloud Security
Cloud Security
 
Cloud Security
Cloud SecurityCloud Security
Cloud Security
 
The Future of Data Management - the Enterprise Data Hub
The Future of Data Management - the Enterprise Data HubThe Future of Data Management - the Enterprise Data Hub
The Future of Data Management - the Enterprise Data Hub
 
The Future of Hadoop Security - Hadoop Summit 2014
The Future of Hadoop Security - Hadoop Summit 2014The Future of Hadoop Security - Hadoop Summit 2014
The Future of Hadoop Security - Hadoop Summit 2014
 
Xylos Clients Day - Public cloud and security go hand in hand, if you approac...
Xylos Clients Day - Public cloud and security go hand in hand, if you approac...Xylos Clients Day - Public cloud and security go hand in hand, if you approac...
Xylos Clients Day - Public cloud and security go hand in hand, if you approac...
 
Datacenter 2014: Trend Micro - Bill MCGee
Datacenter 2014: Trend Micro - Bill MCGeeDatacenter 2014: Trend Micro - Bill MCGee
Datacenter 2014: Trend Micro - Bill MCGee
 
Finding Security a Home in a DevOps World
Finding Security a Home in a DevOps WorldFinding Security a Home in a DevOps World
Finding Security a Home in a DevOps World
 
Securely Harden Microsoft 365 with Secure Score
Securely Harden Microsoft 365 with Secure ScoreSecurely Harden Microsoft 365 with Secure Score
Securely Harden Microsoft 365 with Secure Score
 
5 Security Questions To Ask A Cloud Service Provider
5 Security Questions To Ask A Cloud Service Provider5 Security Questions To Ask A Cloud Service Provider
5 Security Questions To Ask A Cloud Service Provider
 
IBM Relay 2015: Securing the Future
IBM Relay 2015: Securing the Future IBM Relay 2015: Securing the Future
IBM Relay 2015: Securing the Future
 
Top five security errors and how to avoid them - DEM09 - Santa Clara AWS Summ...
Top five security errors and how to avoid them - DEM09 - Santa Clara AWS Summ...Top five security errors and how to avoid them - DEM09 - Santa Clara AWS Summ...
Top five security errors and how to avoid them - DEM09 - Santa Clara AWS Summ...
 

More from Anna Loughnan Colquhoun

Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Anna Loughnan Top 10 Salesforce Apps for Christchurch Salesforce user group M...
Anna Loughnan Top 10 Salesforce Apps for Christchurch Salesforce user group M...Anna Loughnan Top 10 Salesforce Apps for Christchurch Salesforce user group M...
Anna Loughnan Top 10 Salesforce Apps for Christchurch Salesforce user group M...Anna Loughnan Colquhoun
 
Spring24-Release Overview - Wellingtion User Group-1.pdf
Spring24-Release Overview - Wellingtion User Group-1.pdfSpring24-Release Overview - Wellingtion User Group-1.pdf
Spring24-Release Overview - Wellingtion User Group-1.pdfAnna Loughnan Colquhoun
 
Winter24-Welly Release Overview - Stephen Stanley.pdf
Winter24-Welly Release Overview - Stephen Stanley.pdfWinter24-Welly Release Overview - Stephen Stanley.pdf
Winter24-Welly Release Overview - Stephen Stanley.pdfAnna Loughnan Colquhoun
 
SFWelly dreamforce wrap up September 2023
SFWelly dreamforce wrap up September 2023SFWelly dreamforce wrap up September 2023
SFWelly dreamforce wrap up September 2023Anna Loughnan Colquhoun
 
Summer23-Welly Release Highlights - Stephen Stanley.pdf
Summer23-Welly Release Highlights - Stephen Stanley.pdfSummer23-Welly Release Highlights - Stephen Stanley.pdf
Summer23-Welly Release Highlights - Stephen Stanley.pdfAnna Loughnan Colquhoun
 
Salesforce Wellington User Group - devops for admins by David Smith
Salesforce Wellington User Group - devops for admins by David SmithSalesforce Wellington User Group - devops for admins by David Smith
Salesforce Wellington User Group - devops for admins by David SmithAnna Loughnan Colquhoun
 
Emily McCowan - My CTA Journey - Wellington User Group
Emily McCowan - My CTA Journey - Wellington User GroupEmily McCowan - My CTA Journey - Wellington User Group
Emily McCowan - My CTA Journey - Wellington User GroupAnna Loughnan Colquhoun
 
Anna Loughnan - The Power of the Community, CodeCamp Wellington April 2023
Anna Loughnan - The Power of the Community, CodeCamp Wellington April 2023Anna Loughnan - The Power of the Community, CodeCamp Wellington April 2023
Anna Loughnan - The Power of the Community, CodeCamp Wellington April 2023Anna Loughnan Colquhoun
 
DevOps Journey - BCITO Te Pukenga Presentation - Copado additions v2.pdf
DevOps Journey - BCITO Te Pukenga Presentation - Copado additions v2.pdfDevOps Journey - BCITO Te Pukenga Presentation - Copado additions v2.pdf
DevOps Journey - BCITO Te Pukenga Presentation - Copado additions v2.pdfAnna Loughnan Colquhoun
 
Stephen Stanley - Spring 23 highlights.pdf
Stephen Stanley - Spring 23 highlights.pdfStephen Stanley - Spring 23 highlights.pdf
Stephen Stanley - Spring 23 highlights.pdfAnna Loughnan Colquhoun
 
First Steps to Salesforce Release Management & DevOps [Salesforce User Group,...
First Steps to Salesforce Release Management & DevOps [Salesforce User Group,...First Steps to Salesforce Release Management & DevOps [Salesforce User Group,...
First Steps to Salesforce Release Management & DevOps [Salesforce User Group,...Anna Loughnan Colquhoun
 
Dreamforce review Wellington Salesforce User Group October 2022
Dreamforce review Wellington Salesforce User Group October 2022Dreamforce review Wellington Salesforce User Group October 2022
Dreamforce review Wellington Salesforce User Group October 2022Anna Loughnan Colquhoun
 
Ministry of Health / Health NZ Public Health response to Covid using Salesforce
Ministry of Health / Health NZ Public Health response to Covid using SalesforceMinistry of Health / Health NZ Public Health response to Covid using Salesforce
Ministry of Health / Health NZ Public Health response to Covid using SalesforceAnna Loughnan Colquhoun
 
Salesforce Wellington User Group - August 2022 - Salesforce integration witho...
Salesforce Wellington User Group - August 2022 - Salesforce integration witho...Salesforce Wellington User Group - August 2022 - Salesforce integration witho...
Salesforce Wellington User Group - August 2022 - Salesforce integration witho...Anna Loughnan Colquhoun
 
Wellington Salesforce User Group - Summer 22 Release
Wellington Salesforce User Group - Summer 22 ReleaseWellington Salesforce User Group - Summer 22 Release
Wellington Salesforce User Group - Summer 22 ReleaseAnna Loughnan Colquhoun
 
March 2022 Salesforce Welly _ Chch meeting.pdf
March 2022 Salesforce Welly _ Chch meeting.pdfMarch 2022 Salesforce Welly _ Chch meeting.pdf
March 2022 Salesforce Welly _ Chch meeting.pdfAnna Loughnan Colquhoun
 
SFWelly user group spring '22 release highlights with Mel Macdonald
SFWelly user group spring '22 release highlights with Mel MacdonaldSFWelly user group spring '22 release highlights with Mel Macdonald
SFWelly user group spring '22 release highlights with Mel MacdonaldAnna Loughnan Colquhoun
 

More from Anna Loughnan Colquhoun (20)

Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Anna Loughnan Top 10 Salesforce Apps for Christchurch Salesforce user group M...
Anna Loughnan Top 10 Salesforce Apps for Christchurch Salesforce user group M...Anna Loughnan Top 10 Salesforce Apps for Christchurch Salesforce user group M...
Anna Loughnan Top 10 Salesforce Apps for Christchurch Salesforce user group M...
 
Spring24-Release Overview - Wellingtion User Group-1.pdf
Spring24-Release Overview - Wellingtion User Group-1.pdfSpring24-Release Overview - Wellingtion User Group-1.pdf
Spring24-Release Overview - Wellingtion User Group-1.pdf
 
Winter24-Welly Release Overview - Stephen Stanley.pdf
Winter24-Welly Release Overview - Stephen Stanley.pdfWinter24-Welly Release Overview - Stephen Stanley.pdf
Winter24-Welly Release Overview - Stephen Stanley.pdf
 
Eva Sherwood Dreamforce Reflections
Eva Sherwood Dreamforce ReflectionsEva Sherwood Dreamforce Reflections
Eva Sherwood Dreamforce Reflections
 
SFWelly dreamforce wrap up September 2023
SFWelly dreamforce wrap up September 2023SFWelly dreamforce wrap up September 2023
SFWelly dreamforce wrap up September 2023
 
SFWelly - Backups Presentation
SFWelly - Backups PresentationSFWelly - Backups Presentation
SFWelly - Backups Presentation
 
Summer23-Welly Release Highlights - Stephen Stanley.pdf
Summer23-Welly Release Highlights - Stephen Stanley.pdfSummer23-Welly Release Highlights - Stephen Stanley.pdf
Summer23-Welly Release Highlights - Stephen Stanley.pdf
 
Salesforce Wellington User Group - devops for admins by David Smith
Salesforce Wellington User Group - devops for admins by David SmithSalesforce Wellington User Group - devops for admins by David Smith
Salesforce Wellington User Group - devops for admins by David Smith
 
Emily McCowan - My CTA Journey - Wellington User Group
Emily McCowan - My CTA Journey - Wellington User GroupEmily McCowan - My CTA Journey - Wellington User Group
Emily McCowan - My CTA Journey - Wellington User Group
 
Anna Loughnan - The Power of the Community, CodeCamp Wellington April 2023
Anna Loughnan - The Power of the Community, CodeCamp Wellington April 2023Anna Loughnan - The Power of the Community, CodeCamp Wellington April 2023
Anna Loughnan - The Power of the Community, CodeCamp Wellington April 2023
 
DevOps Journey - BCITO Te Pukenga Presentation - Copado additions v2.pdf
DevOps Journey - BCITO Te Pukenga Presentation - Copado additions v2.pdfDevOps Journey - BCITO Te Pukenga Presentation - Copado additions v2.pdf
DevOps Journey - BCITO Te Pukenga Presentation - Copado additions v2.pdf
 
Stephen Stanley - Spring 23 highlights.pdf
Stephen Stanley - Spring 23 highlights.pdfStephen Stanley - Spring 23 highlights.pdf
Stephen Stanley - Spring 23 highlights.pdf
 
First Steps to Salesforce Release Management & DevOps [Salesforce User Group,...
First Steps to Salesforce Release Management & DevOps [Salesforce User Group,...First Steps to Salesforce Release Management & DevOps [Salesforce User Group,...
First Steps to Salesforce Release Management & DevOps [Salesforce User Group,...
 
Dreamforce review Wellington Salesforce User Group October 2022
Dreamforce review Wellington Salesforce User Group October 2022Dreamforce review Wellington Salesforce User Group October 2022
Dreamforce review Wellington Salesforce User Group October 2022
 
Ministry of Health / Health NZ Public Health response to Covid using Salesforce
Ministry of Health / Health NZ Public Health response to Covid using SalesforceMinistry of Health / Health NZ Public Health response to Covid using Salesforce
Ministry of Health / Health NZ Public Health response to Covid using Salesforce
 
Salesforce Wellington User Group - August 2022 - Salesforce integration witho...
Salesforce Wellington User Group - August 2022 - Salesforce integration witho...Salesforce Wellington User Group - August 2022 - Salesforce integration witho...
Salesforce Wellington User Group - August 2022 - Salesforce integration witho...
 
Wellington Salesforce User Group - Summer 22 Release
Wellington Salesforce User Group - Summer 22 ReleaseWellington Salesforce User Group - Summer 22 Release
Wellington Salesforce User Group - Summer 22 Release
 
March 2022 Salesforce Welly _ Chch meeting.pdf
March 2022 Salesforce Welly _ Chch meeting.pdfMarch 2022 Salesforce Welly _ Chch meeting.pdf
March 2022 Salesforce Welly _ Chch meeting.pdf
 
SFWelly user group spring '22 release highlights with Mel Macdonald
SFWelly user group spring '22 release highlights with Mel MacdonaldSFWelly user group spring '22 release highlights with Mel Macdonald
SFWelly user group spring '22 release highlights with Mel Macdonald
 

Recently uploaded

Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsRoshan Dwivedi
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 

Recently uploaded (20)

Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 

Salesforce Security: Zero Trust and Beyond

  • 1. Let’s discuss Salesforce Security Doug Merrett – Platinum7 Wellington Salesforce User Group Meetup October 2023
  • 2. What is Zero Trust? • Zero Trust describes an approach to the strategy, design and implementation of IT systems. • The main concept is "never trust, always verify." • This brings about zero trust data security where every request to access the data needs to be authenticated dynamically and ensure least privileged access to resources. • In order to determine if access can be granted, policies can be applied based on the attributes of the data, who the user is, and the type of environment using Attribute-Based Access Control. • This zero-trust data security approach can protect access to the data. Besides a buzzword Source: https://en.wikipedia.org/wiki/Zero_trust_security_model
  • 3. Hmmm… Not all hacks are complicated
  • 4. Shared Responsibility Model Salesforce does not do all of it for you… Copyright © 2023 Platinum7 Foundational International Infrastructure Hardware Compute Storage Scalability Availability Datacentre Security Security Foundational Network (inc encryption) Server (inc encryption) Administrative Capacity High Availability Disaster Recovery Operational Management Audits Site Reliability CSIRT Secure SDLC Security Foundational Persona Level Record Level Field Level Performance Monitor / Audit Backup / Archive Secure SDLC Org Level Privacy / Data Gov Customer
  • 5. Security is never “finished” Copyright © 2023 Platinum7 Assess Your Org Health Secure Your Application Secure Your Data Improve Security Awareness
  • 6. Assessments • Health Check • Portal Health Check • Optimizer • Code Scan with Checkmarx/DigitSec S4/AutoRabit/Salesforce’s own Code Scanner • Third parties (shameless plug) Copyright © 2023 Platinum7
  • 7. Security is never “finished” Copyright © 2023 Platinum7 Assess Your Org Health Secure Your Application Secure Your Data Improve Security Awareness
  • 8. Secure your Application • Reconfigure broad sharing access (Public R/W, Public Read, …) • Ensure Aura based communities are protected : https://links.platinum7.com.au/Aura-Issue • Reconfigure API Users that are System Admins • Especially with the new Integration User license • Restrict access to Connected Apps with API Access Control • Raise a case with Salesforce Support to get enabled • Use Lightning Login to go passwordless • Fix the code issues found by the Code Scanner • SOQL injections - Where data from UI/API is put into a SOQL query without protection • Stored XSS - Where data from the database is shown in the UI without protection Use Least Privilege principles Copyright © 2023 Platinum7
  • 9. Security is never “finished” Copyright © 2023 Platinum7 Assess Your Org Health Secure Your Application Secure Your Data Improve Security Awareness
  • 10. Secure your Data • Remove permissions not needed (View All Data, API Access, …) • Use Event Monitoring’s Transaction Security policies to minimise data exfiltration • Use data masking in sandboxes to lower the attack surface • Data Mask by Salesforce, DataMasker by Cloud Compliance or Data Masking by Backup tools • Use archiving/deletion to remove data you no longer need • Don’t have too many System Admins • Backup your data • Look at Privacy and Consent • Embedded PII and other information • Look at David Norris’ Medium posts – https://dave-norris.medium.com or Blackthorn.io Copyright © 2023 Platinum7
  • 11. Security is never “finished” Copyright © 2023 Platinum7 Assess Your Org Health Secure Your Application Secure Your Data Improve Security Awareness
  • 12. Improve Security Awareness • Educate users on Cybersecurity for home and work • Educate Developers and Admins on security best practices • Look at using new techniques in your development cycles • Have a playbook for what to do in cyber events • Look at frameworks – eg NIST Cybersecurity Framework Copyright © 2023 Platinum7
  • 13. Q&A Please reach out if you have any questions – I do not bite! And I am happy to have a chat about anything security related… Contact Details • doug@platinum7.com.au • +61 404 005 435 • https://www.platinum7.com.au • https://doug-merrett.medium.com
  • 14. Interesting information Salesforce Security Information • Architecture: https://architect.salesforce.com/well-architected/trusted/overview • Security: https://developer.salesforce.com/developer-centers/security • Code Scanner from Salesforce blog post: https://www.linkedin.com/feed/update/urn:li:activity:6986508274858696704/ NIST Framework • https://www.nist.gov/cyberframework Platinum7 Salesforce Security Assessments • https://www.platinum7.com.au/assessments : NFP get 10% discount
  • 15. Companies to investigate Backup • OwnData (fka OwnBackup) and Odaseva are the top tier • Salesforce has re-released their backup tool Event Monitoring tools • Imprivata’s FairWarning – prebuilt alerts and dashboards for Salesforce • Platinum7 Event Storage – keep your logs “forever” • Platinum7 Transaction Security Policies – complex and capable policies to block data exfiltration Let me know if you would like an introduction