Salesforce Government Cloud. Data Sheet Updated December 2015

Similar documents
Course Details V1.0. Selinis Technologies Pvt Ltd. 2012, All Rights Reserved

GSA Cloud Security Case Study

Seeing Though the Clouds

Learn Salesforce Basics

Overview. FedRAMP CONOPS

Project #1: Supporting Development Needs Across Multiple Salesforce Projects for a US Company


DoD Cloud Computing Security Requirements Guide (SRG) Overview

DEPARTMENT OF VETERANS AFFAIRS VA DIRECTIVE 6517 CLOUD COMPUTING SERVICES

Platform Leadership in Software as a Service: How Platforms Facilitate Innovation

Automating User Management and Single Sign-on for Salesforce.com OKTA WHITE PAPER. Okta Inc nd Street Suite 350 San Francisco CA, 94107

BEST SALESFORCE TRAINING IN CHENNAI WITH 100% PLACEMENT

elivering CRM Success in the Cloud

Developers: Build Next Generation Apps. Michael Yeganeh Solution Engineering Lead

A new way of developing applications in cloud environment using force.com (salesforce.com)

Identity Implementation Guide

Successful Platform-as-a-Service Requires a Supporting Ecosystem for HR Applications

Marko Wolf-Pany, P.Eng., PMP 1

Cloud Computing; What is it, How long has it been here, and Where is it going?

Salesforce Platform Encryption Implementation Guide

Cloud Security for Federal Agencies

Esri Managed Cloud Services and FedRAMP

Welcome to the Force.com Developer Day

Salesforce Admin Course Content: Chapter 1 CRM Introduction Introduction to CRM? Why CRM?

SOLUTION WHITE PAPER. Remedyforce Powerful Platform

The Fastest Path to the Cloud Building Your SaaS Company on Force.com

How to Use the Federal Risk and Authorization Management Program (FedRAMP) for Cloud Computing

Cloud Computing - Architecture, Applications and Advantages

December 8, Security Authorization of Information Systems in Cloud Computing Environments

Force.com: Secure Cloud Development. Varun Badhwar Force.com Security Manager

CHAPTER 8 CLOUD COMPUTING

KICK-START CLOUD VENTURES

Oracle Applications and Cloud Computing - Future Direction

How To Use Salesforce Identity Features

DISA releases updated DoD Cloud Requirements What are the impacts? James Leach January 2015

Advancement in Salesforce using CPQ (Configure Price Quote) Technological Catalyst

City of Columbia, MO Information Technologies

FedRAMP Online Training Security Assessment Plan (SAP) Overview 12/9/2015 Presented by: FedRAMP PMO

Cloud Courses Description

Thru. Secure File Sync And Share - For The Enterprise

Virginia Government Finance Officers Association Spring Conference May 28, Cloud Security 101

Indicee Analytics for Salesforce FAQs

A Study of Infrastructure Clouds

W H IT E P A P E R. Salesforce CRM Security Audit Guide

Cloud Computing. Key Considerations for Adoption. Abstract. Ramkumar Dargha

Salesforce Platform Encryption Implementation Guide

LICENSTJEK OUTSOURCING

Oracle Taleo Services Descriptions and Metrics October 1, 2015

150 billion DATA CENTER TRANSACTIONS

Outline. What is cloud computing? History Cloud service models Cloud deployment forms Advantages/disadvantages

Why Migrate to the Cloud. ABSS Solutions, Inc. 2014

Data Protection: From PKI to Virtualization & Cloud

Salesforce Winter 15 Release Notes

Architectural Implications of Cloud Computing

Risk Management Framework (RMF): The Future of DoD Cyber Security is Here

SaaS. A Cost Reduction Strategy or a Source of Strategic Advantage? Paul Selway Solution Architect

Cloud Computing Flying High (or not) Ben Roper IT Director City of College Station

Salesforce.com Winter 14 Release Notes

Case Study Two. Customer Relationship Management Head To The Cloud. Sifei Liu & Yaqing Ma

Security Considerations for Public Mobile Cloud Computing

Private vs. Public Cloud Solutions

PCI Compliance and the Cloud: What You Can and What You Can t Outsource Presented By:

Cloud Security. Peter Jopling IBM UK Ltd Software Group Hursley Labs. peterjopling IBM Corporation

Clouds on the Horizon Cloud Security in Today s DoD Environment. Bill Musson Security Analyst

Chatter Answers Implementation Guide

Deploying ArcGIS for Server Using Esri Managed Services

From Open Source to Open Platform for HCM Applications: Database.com throws down the gauntlet

Chatter Answers Implementation Guide

Information Security and Privacy Advisory Board Why Governments Invest in Salesforce.com

Top 10 Ways to Get the Most Out of Salesforce. Dan Olsen

White Paper on CLOUD COMPUTING

Federal Cloud Computing Initiative Overview

Optimizing Service Levels in Public Cloud Deployments

Salesforce ExactTarget Marketing Cloud Consultancy and Implementation Services

Certified Cloud Computing Professional Sample Material

Oracle Database Cloud

Qvidian Playbooks & Salesforce Setup Guide. Fall Release 2013

OFFICE 365 & SALESFORCE

Appendix A: Case Studies

Cloud Computing Best Practices. Creating Effective Cloud Computing Contracts for the Federal Government: Best Practices for Acquiring IT as a Service

Federal Risk and Authorization Management Program (FedRAMP)

Big Data & Its Bigger Possibilities In The Cloud

Federal Aviation Administration. efast. Cloud Computing Services. 25 October Federal Aviation Administration

Development Model for the Cloud Paradigm Shift of the Same Old Same Old? Dr. Umit Yalcinalp, Salesforce.com Developer Evangelist

Security Issues in Cloud Computing

IT Cloud / Data Security Vendor Risk Management Associated with Data Security. September 9, 2014

Logically Securing a Public Cloud Service

Cloud computing: benefits, risks and recommendations for information security

Cloud Security Through Threat Modeling. Robert M. Zigweid Director of Services for IOActive

Cloud Computing Architecture: A Survey

ITL BULLETIN FOR JUNE 2012 CLOUD COMPUTING: A REVIEW OF FEATURES, BENEFITS, AND RISKS, AND RECOMMENDATIONS FOR SECURE, EFFICIENT IMPLEMENTATIONS

Public Clouds. Krishnan Subramanian Analyst & Researcher Krishworld.com. A whitepaper sponsored by Trend Micro Inc.

Cloud Computing - Starting Points for Privacy and Transparency

Lecture 02a Cloud Computing I

When Security, Privacy and Forensics Meet in the Cloud

Cloud to Cloud Integrations with Force.com. Sandeep Bhanot Developer

Cloud Computing. What is Cloud Computing?

Using Cloud Computing to Drive Innovation: Technological Opportunities and

Cloud Computing: The Next Computing Paradigm

Transcription:

Salesforce Government Cloud Data Sheet Updated December 2015

Salesforce Government Cloud Overview Federal, state, and local government agencies trust salesforce.com s cloud-computing platform to deliver critical business applications. This is largely because of salesforce.com s commitment to security and privacy. Salesforce.com s vision is to be government s trusted Cloud Service Provider (CSP), based on the values of maintaining the confidentiality, integrity, and availability of customer data. Salesforce.com s methods to fulfill this vision are built upon an executive commitment to ensure and continuously improve the security of salesforce.com s services, and include: Defense-in-depth: whenever possible, multiple controls and technologies are applied to limit the possibility of any single point of failure. Investment: in personnel, tools, and technologies to manage, analyze, and improve security effectiveness. Transparency: trust cannot be maintained without open communications regarding service performance, reliability, and security, and to that end salesforce.com strives to be industry leaders in transparency. See trust.salesforce.com for further details. As a Software as a Service (SaaS) and Platform as a Service (PaaS) leader, data security is of utmost importance for salesforce.com. Salesforce.com serves over 100,000 customers and processes over a billion transactions a day. The organizations that use Salesforce.com include customers in heavily regulated industries such as financial services, healthcare, insurance, and public sector that require strict adherence with security and privacy requirements. Salesforce.com raises the bar of security to meet the requirements of our customers, specifically customers in heavily regulated industries such as Public Sector, by maintaining numerous security and privacy certifications. In May 2014, Salesforce.com became the first CSP to attain FedRAMP Authority to Operate for both Software as a Service (SaaS) and Platform as a Service (PaaS), consistent with the FedRAMP moderate baseline controls. The Authority to Operate was granted by Health and Human Services for the Salesforce Government Cloud (described in more detailed below). Deployment Model Salesforce.com s deployment model is a public cloud infrastructure, as defined by NIST 800-145. In the Salesforce Government Cloud, an agency dynamically provisions computing resources over the Internet on our multi-tenant infrastructure. This is a cost effective deployment model for agencies as it gives them the flexibility to procure only the computing resources they need and delivers all services with consistent availability, resiliency, security, and manageability. Salesforce 1

Salesforce.com Government Cloud The Salesforce Government Cloud is a partitioned instance of salesforce.com s multi-tenant public cloud infrastructure, specifically for use by U.S federal, state, and local government customers, U.S. government contractors, and Federally Funded Research and Development Centers (FFRDCs). The isolated Production infrastructure supporting the Salesforce Government Cloud Customer Data ensures that the physical hardware in salesforce.com s colocation data centers that process, store, and transmit unencrypted Government Customer data are separate from hardware supporting other customers. While isolated, the underlying infrastructure supporting the Salesforce Government Cloud is the same trusted architecture model that supports salesforce.com s multi-tenant public cloud offering and over a billion customer transactions a day. Subject to the Government Cloud Premier+ Success Plan section below, access to systems and permissions which could permit access to Customer Data inside of the Salesforce Government Cloud storing U.S. government, U.S. government contractors, and FFRDC Customer Data will be restricted to Qualified U.S. Citizens. Qualified US Citizens are individuals who are United States citizens, and are physically located within the United States when accessing the Salesforce Government Cloud systems; and have completed a background check as a condition of their employment with Salesforce. FedRAMP Authority to Operate (ATO) As the government s trusted cloud provider, salesforce s information security program for the Salesforce Government Cloud is aligned with the FedRAMP requirements. On May 23, 2014, salesforce achieved a FedRAMP Agency Authority to Operate (ATO) at the moderate impact level issued by Health and Human Services (HHS) for the Salesforce Government Cloud. The Salesforce Government Cloud is a portion of salesforce s multi-tenant public cloud infrastructure, specifically for use by U.S federal, state, and local government customers, U.S. government contractors, and Federally Funded Research and Development Centers (FFRDCs). The Salesforce Government Cloud information system and authorization boundary, is comprised of the Force.com Platform, Salesforce Services (Sales Cloud, Service Cloud, Chatter), Analytics Services, and the backend infrastructure (servers, network devices, databases, storage arrays) that support the operations of these products, referred to as the General Support System (GSS). A complete list of current in-scope salesforce products included in the authorization boundary for the FedRAMP ATO can be provided to customers upon request. To obtain compliance with FedRAMP, salesforce conducted security assessment and authorization activities in accordance with FedRAMP guidance, NIST 800-37 Rev. 1, and HHS guidance. As part of this process salesforce documented a System Security Plan (SSP) for the Salesforce Government Cloud service offering. The SSP is developed in accordance with NIST SP 800-18 rev.1, Guide for Developing Federal Information System Security Plans. The SSP identifies control implementations for the GSS and in-scope customer facing products (Force.com Platform, Salesforce Services, Analytics Services) according to the FedRAMP moderate baseline and HHS security control parameters. A security assessment of the information system was conducted by a third party assessment organization (3PAO) in accordance with NIST 800-53A Rev. 1 and FedRAMP requirements. The security assessment testing determined the adequacy of the management, operational, and technical security controls used to protect Salesforce 2

the confidentiality, integrity, and availability of the Salesforce service and the Customer Data it stores, transmits and processes. To maintain compliance with FedRAMP, salesforce conducts continuous monitoring. Continuous monitoring includes ongoing technical vulnerability detection and remediation, remediation of open compliance related findings, and at least annual independent assessment of a selection of security controls. Government Cloud Premier+ Success Plan The Salesforce Government Cloud requires the Government Cloud Premier + Success Plan, which provides technical support from Qualified US Citizens. Support cases submitted online will be automatically routed to a team of Qualified US Citizens. Telephone support is also available in English, 24 hours a day, seven days a week, however calls for support received via telephone will be initially responded to by individuals who may not be Qualified US Citizens and who may be located outside the United States. These individuals will then route cases to a team of Qualified US Citizens. Support cases submitted via Chat will not be responded to by Qualified US Citizens. All other personnel, including Customer Success Managers, Success Account Managers, Customer Success Technologists and any other personnel engaged in customer success roles and providing customer success services (collectively referred to as "Success Representatives") may not be Qualified US Citizens and will not have access to Customer Data unless Customer provides such personnel a User ID or otherwise enables the sharing of Customer Data with such personnel. In addition to providing personnel controls for technical support, Government Cloud Premier+ Success Plan includes success resources, online training and administration services to drive Salesforce adoption and business productivity. For more information about the Premier + Success Plan, please see http://www.salesforce.com/assets/pdf/misc/salesforce_premierplans.pdfhttp://www.salesforce.com/assets/ pdf/misc/salesforce_premierplans.pdf http://www.salesforce.com/assets/pdf/misc/salesforce_premierplans.pdf Products Available on the Salesforce Government Cloud The Enterprise Edition and Unlimited Edition of some Salesforce.com products are available for use on the Salesforce Government Cloud. From time to time, the list of available products on the Salesforce Government Cloud may change at Salesforce.com s sole discretion and without any advance notice. Prior to a Government Customer placing an order on the Salesforce Government Cloud, please contact your local Salesforce.com sales or renewal representative for the most current product availability information on the Salesforce Government Cloud. Not all of the products available on the Salesforce Government Cloud are included in the scope of salesforce.com s FedRAMP Agency Authority to Operate. Please see Attachment A for further information. Customer Responsibilities Federal government Agencies can request access to the Salesforce FedRAMP Agency ATO package by submitting a request to the FedRAMP PMO. All other customers can submit a request to salesforce.com via the customer s account representative. Each customer will need to review the documentation and assess that organization s compliance requirements. Customers may need to purchase additional Salesforce and/or third party products and services in order to meet their individual requirements. Salesforce 3

Attachment A FedRAMP Authorization Boundary for the Salesforce Government Cloud for SFDC products* as of October 31, 2015 Products and features included in FedRAMP Authorization Boundary for the Salesforce Government Cloud*: Salesforce1 Platform 3 (not including Salesforce1 Mobile app) Salesforce Applications (including Sales Cloud, Service Cloud, Analytics Cloud and Chatter) Salesforce.com application features 4 o Content o Ideas o Knowledge o Chatter Answers o Chatter Messenger o Customer facing Chatter groups o Chatter files Salesforce1 Platform Public Sites Administrative, App, and Personal Setup/My Settings APIs APEX Coding Federated SSO Delegated SSO External provider SSO Portals (Authenticated sites, Service Cloud Portal, Customer Portal, Partner Portal) Communities (including Salesforce1 Platform Sites and Site.com sites for Communities) Visualforce coding Application features including Visual Force and Live Agent Products and features excluded from FedRAMP Authorization Boundary for the Salesforce Government Cloud: Desk.com Heroku Marketing Cloud (Radian 6, Exact Target, Buddy Media) Database.com 3 Only Force.com Platform, which is bundled with this product, is included under the FedRAMP Authorization Boundary for the Salesforce Government Cloud. All other platform products are excluded. 4 Salesforce 4

Remedyforce Site.com (except Site.com sites for Communities) Work.com Data.com Customer developed applications AppExchange Desktop Integration and Connect Services (e.g., Offline, Outlook, and Office) Salesforce.com custom development (custom development for specific customers) Salesforce.com consulting Google Apps Integration Salesforce.com Mobile (independent or as included in any other product) Salesforce1 Mobile app (independent or as included in any other product) CRM Call Center / CTI adaptor any other product or feature not noted as included in the FedRAMP SSP is also excluded For a detailed description of salesforce.com s current product offerings see http://www.salesforce.com/products/. *This list is for informational purposes only and is subject to change at any time and without notice. This list may not represent the current status of the products listed. Salesforce.com makes no assurance, contractual or otherwise, as to the status of these products. Salesforce 5

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information