Jessica Lawrence, Ryan Durham, Ish Cheema, Scott Young, and Alexander Vandenberg-Rodes
Security teams are often blind to the scale of public sharing that occurs at their organization, mostly across SaaS applications like Google Workspace. Now, add Salesforce to the mix.
A risky outcome from a misconfigured Salesforce setting can expose sensitive files via a shareable link. A majority of organizations have this setting misconfigured in Salesforce despite this risk being highlighted in 2024.
Abuse of this setting by Salesforce users, combined with a lack of visibility or expertise into the security and posture of the application, creates gaps in coverage. Without the right tools or knowledge, discovering—and remediating—every SaaS misconfiguration is near impossible.
Let’s dive deeper into this Salesforce security finding.
The ability for SaaS owners and users to quickly deploy, integrate, and share data across applications—commonly without proper security settings and controls in place—creates opportunities for files to be accessible to anyone outside the organization. In the case of Salesforce, users have the option to create public links that may unintentionally expose confidential data online, often without admins or security teams realizing it.
It is clear that there are legitimate business cases where sharing data via public links is not only helpful, but necessary. However, doing so securely and purposefully is just as important.
Let’s look at how you can better secure your Salesforce instances to protect your organization against sensitive data leaking out via publicly shareable links.
Here are immediate steps you can take to minimize any potential current, or future, exposure of your data.
Before making any changes, we strongly recommend carefully reviewing with your Salesforce team as changes might have implications on your business processes and functions.
Obsidian recommends you revisit your current content sharing policies and practices within your Salesforce environments to ensure that:
In order to remediate current files that are publicly shared that should not have that setting enabled:
Please refer to the following Salesforce Help Articles that detail how ‘Content Deliveries and Public Links’ feature is configured as well as how users can add Passwords and Link Expiration at the time of sharing content externally:
Earlier this year, Obsidian notified affected customers about this potential risk and deployed a new product update to streamline remediation. This associated Posture rule detects at-risk files and provides corresponding context to quickly control file sharing via Salesforce. With this guidance, one enterprise customer reduced their number of shareable files from nearly 18,000 to less than 20. This impact was shared by dozens of other Obsidian customers similarly able to reduce the amount of publicly available files by more than 90%.
To get started, navigate to the Obsidian Admin portal > Posture > Rules and Settings > Filter on Salesforce. The exact rule name is the following:
Beneath the violation table for this control, you’ll find helpful ‘Supporting evidence’ summaries:
You can also clone/edit this rule to apply additional filtering criteria that might help you in navigating large data sets (e.g. you might want to edit the rule to only show files that have a last view date).
For help reviewing these findings for your organization, or if you have any questions about our platform and how we can streamline SaaS security for Salesforce and other applications, please request a demo to get in touch.
Start in minutes and secure your critical SaaS applications with continuous monitoring and data-driven insights.