5THINGS COMPANIES THINK



Similar documents
Data Encryption in the cloud A Handy Guide

Empowering Your Business in the Cloud Without Compromising Security

Fidelis XPS Power Tools. Gaining Visibility Into Your Cloud: Cloud Services Security. February 2012 PAGE 1 PAGE 1

PREVENTIA. Skyhigh Best Practices and Use cases. Table of Contents

Enabling Business Beyond the Corporate Network. Secure solutions for mobility, cloud and social media

Sarbanes-Oxley Compliance for Cloud Applications

Seven Things To Consider When Evaluating Privileged Account Security Solutions

RSA Security Analytics

Top 10 Reasons Enterprises are Moving Security to the Cloud

Identity & Access Management in the Cloud: Fewer passwords, more productivity

The Cloud App Visibility Blindspot

efolder White Paper: 3 Little-Known Risks Associated with Leading Cloud Services

The Top 7 Ways to Protect Your Data in the New World of

The Cloud App Visibility Blind Spot

CASE STUDY. Global Airline Empowers Mobile Workforce for SaaS Apps while Reducing Risk

Easily Managing User Accounts on Your Cloud Servers. How modern IT and ops teams leverage their existing LDAP/Active Directory for their IaaS

REVOLUTIONIZING ADVANCED THREAT PROTECTION

APERTURE. Safely enable your SaaS applications.

National Cyber Security Month 2015: Daily Security Awareness Tips

PCI Compliance for Cloud Applications

Mobile security and your EMR. Presented by: Shawn Tester & Allen Cornwall

THE NEW FRONTIER FOR PROTECTING CORPORATE DATA IN THE CLOUD

Implementing Transparent Security for Desktop Encryption Users

Office 365 Cloud App Security MARKO DJORDJEVIC CLOUD BUSINESS LEAD EE TREND MICRO EMEA LTD.

Preparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS

WHITE PAPER AUGUST 2014

CLOUD ACCESS SECURITY BROKERS

HIPAA and HITECH Compliance for Cloud Applications

Assessment & Monitoring

Where is your Corporate Data Going? 5 tips for selecting an enterprise-grade file sharing solution.

THE COMPLETE GUIDE TO GOOGLE APPS SECURITY. Building a comprehensive Google Apps security plan

AB 1149 Compliance: Data Security Best Practices

What are the compliance challenges of Microsoft Office 365?

Extending Threat Protection and Control to Mobile Workers with Cloud-Based Security Services > White Paper

Adopt a unified, holistic approach to a broad range of data security challenges with IBM Data Security Services.

The Netskope Active Platform

The Case For A Cloud Access Security Broker

How To Protect Your Mobile Devices From Security Threats

A HELPING HAND TO PROTECT YOUR REPUTATION

SAFELY ENABLING MICROSOFT OFFICE 365: THREE MUST-DO BEST PRACTICES

Enabling Secure, Diverse Communications for B2B and B2C Organizations

TOP REASONS WHY SIEM CAN T PROTECT YOUR DATA FROM INSIDER THREAT

Enabling and Protecting the Open Enterprise

Integrating Single Sign-on Across the Cloud By David Strom

BYOD File Sharing Go Private Cloud to Mitigate Data Risks

Enterprise Data Protection

NCSU SSO. Case Study

Repave the Cloud-Data Breach Collision Course

End-user Security Analytics Strengthens Protection with ArcSight

KEYS TO CLOUD APP SECURITY

DISCOVER, MONITOR AND PROTECT YOUR SENSITIVE INFORMATION Symantec Data Loss Prevention. symantec.com

nwstor Storage Security Solution 1. Executive Summary 2. Need for Data Security 3. Solution: nwstor isav Storage Security Appliances 4.

Google Identity Services for work

Beyond passwords: Protect the mobile enterprise with smarter security solutions

Securing and Monitoring Access to Office 365

Encryption Made Simple

WHITEPAPER. SECUREAUTH 2-FACTOR AS A SERVICE 2FaaS

White Paper. Anywhere, Any Device File Access with IT in Control. Enterprise File Serving 2.0

Encryption Made Simple

How Data-Centric Protection Increases Security in Cloud Computing and Virtualization

Classify, Protect, Audit: New Approach to SAP Data Security. Aparna Jue, SECUDE

Analyzing Security for Retailers An analysis of what retailers can do to improve their network security

The Benefits of SSL Content Inspection ABSTRACT

Faster, Smarter, More Secure: IT Services Geared for the Health Care Industry A White Paper by CMIT Solutions

Symantec DLP Overview. Jonathan Jesse ITS Partners

WHAT S NEW IN WEBSENSE TRITON RELEASE 7.8

Data Loss Prevention: A Holistic Approach. Sam D Amore, Principal Information Technology Security Office The Vanguard Group (

FIVE PRACTICAL STEPS

Incident Response. Six Best Practices for Managing Cyber Breaches. Nick Pollard, Senior Director Professional Services EMEA / APAC, Guidance Software

Safeguarding the cloud with IBM Dynamic Cloud Security

WICKSoft Mobile Documents for the BlackBerry Security white paper mobile document access for the Enterprise

SECURE FILE SHARING AND COLLABORATION: THE PATH TO INCREASED PRODUCTIVITY AND REDUCED RISK

Strengthen security with intelligent identity and access management

BYOD File Sharing - Go Private Cloud to Mitigate Data Risks. Whitepaper BYOD File Sharing Go Private Cloud to Mitigate Data Risks

Executive s Guide to Cloud Access Security Brokers

Security and Privacy Considerations for BYOD

Getting Ahead of the Mobile Revolution

A Websense Research Brief Prevent Data Loss and Comply with Payment Card Industry Data Security Standards

Database Security in Virtualization and Cloud Computing Environments

Protecting Your Data On The Network, Cloud And Virtual Servers

ITAR Compliance Best Practices Guide

SIZE DOESN T MATTER IN CYBERSECURITY

EDITION CLOUD REPORT HEALTHCARE AND LIFE SCIENCES LEAD IN FINDING AND PREVENTING SENSITIVE DATA LOSS

Database Security, Virtualization and Cloud Computing

Cloud Security Through Threat Modeling. Robert M. Zigweid Director of Services for IOActive

SOLUTION BRIEF MOBILE SECURITY. Securely Accelerate Your Mobile Business

INFORMATION PROTECTION

5 Pillars of API Management with CA Technologies

Security Architecture Whitepaper

AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE

SRG Security Services Technology Report Cloud Computing and Drop Box April 2013

Securing Office 365 with MobileIron

Google Data Loss Prevention for work

THE MOBlLE APP. REVOLUTlON. 8 STEPS TO BUlLDING MOBlLE APPS FAST ln THE CLOUD

Securing Privileges in the Cloud. A Clear View of Challenges, Solutions and Business Benefits

EXTENDING THREAT PROTECTION AND CONTROL TO MOBILE WORKERS

Stay ahead of insiderthreats with predictive,intelligent security

Transcription:

5THINGS COMPANIES THINK THEY KNOW ABOUT SALESFORCE SECURITY

Table of Contents Introduction...01 Misconception #1 Data security is the cloud service provider s problem...02 Misconception #2 We use roles and permissions in Salesforce natively to protect ourselves...03 Misconception #3 I have a paper policy, so users don t usually put sensitive data in Salesforce...04 Misconception #4 Legacy security approaches suffice for Salesforce protection...05 Misconception #5 We encrypt everything, so we re fine...06 Conclusion: The Importance of a Cloud Security Solution for Salesforce...07

Introduction The Fine Balance Between Security and User Adoption Today s cloud security requires a delicate balancing act. On the one hand, employees want to take advantage of the cloud s myriad benefits, as they do with consumer applications, in order to become more efficient and collaborative. On the other hand, security professionals know that the cloud s very nature of centralized, shared resources used across devices and geographic boundaries means that proper security solutions are a must. A recent Forrester Research study found that 73% of IT decision makers are concerned about public cloud security. So, how can companies find that sweet spot between cloud access and protection? How can they efficiently address security concerns within a large, broad-based cloud platform such as Salesforce? As the number one CRM solution, Salesforce ensures that critical data is securely protected from external threats. It has put industry-leading strategic controls in place so that malicious activity doesn t get injected into its platform or data centers. Although an organization s data is safe at the infrastructure and platform level, platform providers have no control over user-triggered data exposures. In most cases, and without proper controls, users can be an organization s weakest link, introducing exposures inadvertently. The reasons span wide and cover a range of highly-sensitive data exposures - intellectual property, trade secrets, credit card and other financial data, human resources data, and even PII. This ebook will discuss a variety of often inaccurate beliefs about Salesforce security that may keep companies from being fully secure. These five common misunderstandings and key challenges should be kept in mind by every organization seeking to balance access to Salesforce with protection of sensitive data on the platform. 01

Misconception #1 Data security is the cloud service provider s problem As mentioned above, Salesforce employs security practices that are second-to-none in the cloud. However, most data breaches and losses don t result from malicious outsiders trying to get in the back door. The biggest problem, in fact, is most likely internal, according to Forrester s Forrsights Security Survey, Q2 2013, which found that inadvertent misuse by insiders was the most common cause of data breaches in the last 12 months (36% of respondents). The fact is, most data loss from secure cloud platforms happens because a user, typically one with appropriate credentials, privileges, and permissions, accidentally externalizes or overshares sensitive information. A good analogy is a building s security system, which provides secure access through a keyfob held up to an electronic pad outside the door. The pad recognizes the fob and unlocks the door, then the employee walks in and the door locks again. The security technology works well. However, if the user gives the keyfob to an outsider, all bets are off and the outsider will have access in. It is the behavior of the user that compromised security, not the lack of a secure system. The responsibility for all internal-driven security practices does, and should rest with the organization, with the understanding of its unique internal user processes and policies and ability to ensure users are using and sharing data properly and safely within the platform. In planning and executing a security strategy for Salesforce, companies must keep employee productivity as a goal, while ensuring data remains protected. They can enable policies that spot sensitive data and notify users about proper data behavior within Salesforce CRM or other tools, including Chatter. End users can and should be educated through detailed, customizable email notifications, ensuring that they follow the protocols deemed appropriate for remediation. Inadvertent misuse by insiders Reason for data breaches 02

Misconception #2 We use roles and permissions in Salesforce natively to protect ourselves Using roles and permission sets in Salesforce is a standard way to restrict user access to certain information. Unfortunately, maintaining those roles manually to ensure sensitive data remains confidential can be challenging if not impossible in terms of tracking data sharing or extraction. For example, we dealt with a case where thousands of individuals had access to an admin role within Salesforce. With so many people enjoying all-encompassing access, roles and permissions couldn t help track individuals who misused the account unwittingly. The door was left open for employees to possibly extract data upon leaving the organization without the company realizing it. Even top executives with the highest level of access are not immune to making inadvertent mistakes with data, so setting up roles and permissions won t help to keep those errors from occurring. Roles and permissions simply aren t sufficient to protect sensitive data. Instead, companies must track, highlight and put boundaries around data extracts as they happen. They should alert the user or an administrator if something abnormal has taken place, such as downloading thousands of records, or perhaps an extraction that is generated from outside the normal geographic region or business hours. This extra layer of security ensures that customer and other sensitive information is protected without relying on manual classification. 03

Misconception #3 I have a paper policy, so users don t usually put sensitive data in Salesforce Every organization has some level of employee handbook or code of conduct, and many these days include cloud-based system usage in them, but a paper policy is just not enough. While most employees are smart, responsible adults who want to do the right thing, they may need to be reminded of such policies, not only at the time of employment, but also in real time as they use platforms like Salesforce. Users want to find the best way to get their job done By informing users through awareness and education, employees are encouraged and accountable to protect data on their own. and be productive, especially in today s app-savvy world where easily-accessed tools are available everywhere and at all times. Again, a delicate balance of supporting security and encouraging productivity is required. Chatter, for instance, is meant to increase communication and collaboration, but employees might not realize that Chatter feeds are permanent, public records. So, sometimes sensitive data can get posted inadvertently, such as if a staffer shares an event with an invoice attached, without realizing that an account or credit card number will be there for anyone to see. Employees may have good intentions but still engage in risky data behavior. The key for companies is to enforce their security policies in an empowering way that puts responsibility and accountability in the hands of end users. By informing users through awareness and education, employees are encouraged and accountable to protect data on their own. 04

Misconception #4 Legacy security approaches suffice for Salesforce protection The cloud, with its third-party apps and broad connectivity, operates very differently from a security standpoint than on-premise systems with firewall layers, gateway and appliance-based solutions. Today s users have a myriad of device and location options to get work done, rather than simply a locked-down office desktop or laptop. They access apps and tools on mobile phones and tablets and may work at a coffee shop or at home. Traditional security systems miss a great deal of this traffic, hence making the attempt to control data at the device level not effective. In addition, a cloud hub such as Salesforce provides its users with a host of third-party apps ranging from marketing to finance that live entirely in the cloud. A legacy approach to security doesn t offer the visibility and control companies need to catch it all. The functional way to secure cloud data today is in the cloud. It needs to be a cloud-centered, people-centric approach that takes a positive tack towards allowing users to operate freely while keeping them within guardrails. Stopping them with legacy barriers slows employees down, ultimately reducing usage of the platform. 05

Misconception #5 We encrypt everything, so we re fine Total encryption can be expensive and unnecessary, as you may spend money and resources securing data that doesn t require such a high level of protection. In addition, if heavy encryption and gateways slow down users, they will likely seek alternatives, avoid use of the platform, and you may be left completely blind to what they re doing. Postencryption considerations can also be important. If a user decrypts data, you want to be able to track what they are downloading. Ultimately, encryption is a compensating control that doesn t work in every situation, particularly when it comes to insider security risks. For example, by restricting and encrypting all Salesforce data, so the user can t get access without logging in through a VPN, which can create frustration and discourage use of the platform. Most likely, the user will be driven to put sensitive files in the path of least resistance - perhaps a consumer-grade application space such as Dropbox. Certainly, it is important to leverage encryption fields judiciously, but it must be risk-appropriate through a set of controls that identify and protect only sensitive data. 06

Conclusion Cloud platforms such as Salesforce have amazing advantages, including accessibility, convenience, and affordability. But while Salesforce is on the leading edge of the security industry at the infrastructure level, that is not enough. An additional layer of data intelligence is required to adequately manage the risk of internal user exfiltration or data exposure -- whether through insecure devices, third-party apps, or just risky collaboration of sensitive data. A cloud DLP solution can help proactively secure sensitive data in the cloud by creating policies that automatically track out-of-bounds user behavior while educating and informing users when data is inadvertently exposed. Get Free Trial CloudLock for Salesforce Cloudlock for Salesforce helps enterprises discover sensitive data no matter where it lives in Salesforce, including Sales Cloud, Service Cloud, Chatter, and Files. Cloudlock provides full auditing of potential exposures, the ability to communicate to end-users in real time about risks and corrective actions that they need to take, and integrates data access and report download monitoring. All of this is in the cloud and created for the cloud, without requiring invasive in-band networking blocking, revise proxy or gateway appliances.

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information