As a functionally diverse platform used by internal teams, enterprise partners, and external customers, Salesforce is entrusted with a wealth of sensitive business data. Although protecting this data is critically important, understanding and implementing Salesforce security best practices can be incredibly difficult. With various users accessing the platform, complex and granular permission models, an extensive list of security configurations, and a wealth of third-party integration options, the Salesforce attack surface is overwhelmingly expansive and opaque.

To help security teams better understand and tailor their approach to Salesforce security, we’ve identified some key considerations and challenges specific to the platform in our checklist. Learn about the questions you should be asking across several key areas:

  • Sensitive permissions: Who is entrusted with privilege in your Salesforce environment, and how are they using these permissions?
  • Risky integrations: What other applications connect to Salesforce, and what are they doing?
  • Data visibility: What Salesforce data can specific users see and export?
  • Threat mitigation: Can you promptly identify and mitigate unusual malicious activity by an attacker or insider?
  • Guest users: What Salesforce data is publicly exposed to unauthenticated guest users?