1. Let’s discuss Salesforce Security
Doug Merrett – Platinum7
Wellington Salesforce User Group Meetup
October 2023
2. What is Zero Trust?
• Zero Trust describes an approach to the strategy, design and implementation of IT
systems.
• The main concept is "never trust, always verify."
• This brings about zero trust data security where every request to access the data
needs to be authenticated dynamically and ensure least privileged access to
resources.
• In order to determine if access can be granted, policies can be applied based on
the attributes of the data, who the user is, and the type of environment
using Attribute-Based Access Control.
• This zero-trust data security approach can protect access to the data.
Besides a buzzword
Source: https://en.wikipedia.org/wiki/Zero_trust_security_model
13. Q&A
Please reach out if you have any questions –
I do not bite! And I am happy to have a chat
about anything security related…
Contact Details
• doug@platinum7.com.au
• +61 404 005 435
• https://www.platinum7.com.au
• https://doug-merrett.medium.com
14. Interesting information
Salesforce Security Information
• Architecture: https://architect.salesforce.com/well-architected/trusted/overview
• Security: https://developer.salesforce.com/developer-centers/security
• Code Scanner from Salesforce blog post:
https://www.linkedin.com/feed/update/urn:li:activity:6986508274858696704/
NIST Framework
• https://www.nist.gov/cyberframework
Platinum7 Salesforce Security Assessments
• https://www.platinum7.com.au/assessments : NFP get 10% discount
15. Companies to investigate
Backup
• OwnData (fka OwnBackup) and Odaseva are the top tier
• Salesforce has re-released their backup tool
Event Monitoring tools
• Imprivata’s FairWarning – prebuilt alerts and dashboards for Salesforce
• Platinum7 Event Storage – keep your logs “forever”
• Platinum7 Transaction Security Policies – complex and capable policies to block
data exfiltration
Let me know if you would like an introduction