Protect Your Salesforce Organization

Salesforce is built from the ground up to protect your data and applications. You can also implement your own security scheme to reflect the structure and needs of your organization. Protecting your data is a joint responsibility between you and Salesforce. The Salesforce security features enable you to empower your users to do their jobs safely and efficiently.

• Salesforce Security Basics
  The Salesforce security features help you empower your users to do their jobs safely and efficiently. Salesforce limits exposure of data to the users that act on it. Implement security controls that you think are appropriate for the sensitivity of your data. We'll work together to protect your data from unauthorized access from outside your company and from inappropriate usage by your users.
• Take Charge of Your Security Goals with Security Center
  The Security Center app offers a single view of your security, privacy, and governance posture across all of your Salesforce orgs and tenants. Use the app to review up-to-date health check scores, access settings, and user and login metrics in one easy-to-read interface. When you know how your orgs and tenants are performing, you can shorten security review processes and limit risks. You can also get clear insights into how you're meeting your security goals and respond proactively when suspicious conditions arise. And during periods of growth or change, Security Center can help you monitor changes that touch sensitive customer data.
• Security Center Extension
  The Security Center Extension helps enhance data security and compliance. After installing the Security Center Extension managed package, use it to find sensitive data and classify it with a data-sensitivity category. You can then decide how best to secure that data by using other Salesforce settings and features.
• Salesforce Shield
  Salesforce Shield is a suite of security products that builds extra levels of security, compliance, and governance into your business-critical apps. You can access them through Setup or the Shield app.
• Security Health Review Tool
  The Security Health Review Tool identifies security gaps in an org’s configuration and provides recommendations to strengthen your Salesforce security posture.
• Data Detect
  Data Detect is a crucial tool designed to help organizations identify sensitive data within their Salesforce orgs, enabling them to protect it effectively. By using native Salesforce technology, Data Detect ensures that your data remains secure within the platform, eliminating the need for third-party services or data transfers outside Salesforce. This capability significantly streamlines data classification, also by linking data sensitivity levels and categories to actual field data, ultimately empowering users to take necessary protective actions.
• Strengthen Your Data’s Security with Shield Platform Encryption
  Shield Platform Encryption gives your data a whole new layer of security while preserving critical platform functionality. You can encrypt sensitive data at rest, not just when transmitted over a network, so your company can confidently comply with privacy policies, regulatory requirements, and contractual obligations for handling private data.
• Platform Encryption Analyzer in Shield Extension
  By encrypting sensitive data, you build extra layers of data protection and work toward meeting compliance and regulatory requirements. The Shield Extension managed package includes the Platform Encryption Analyzer, a tool for identifying and assessing fields that are suitable for field-level encryption. It simplifies the encryption process and helps you implement your encryption policies faster.
• Limit Interactions with External URLs and Origins
  In our connected world, interaction with external websites and origins is a necessity. To protect your network and data, configure allowlists and enable settings that limit how Salesforce and external origins interact. And limit redirections that originate in Salesforce to URLs that you trust.
• Configure Clickjack Protection
  Clickjacking is a type of attack that tricks users into clicking something, such as a button or link. The click sends an HTTP request that performs malicious actions that can lead to data intrusion, unauthorized emails, changed credentials, or similar results. To help protect against this kind of attack, most Salesforce pages can only be served in an inline frame by a page on the same domain. Learn which types of pages can be framed and how to configure the related clickjack settings.
• Session Security
  After logging in, a user establishes a session with the platform. Use session security to limit exposure to your network when a user leaves the computer unattended while still logged in. Session security also limits the risk of internal attacks, such as when one employee tries to use another employee’s session. Choose from several session settings to control session behavior.
• Secure Cross-Cloud Integrations with Private Connect
  When you integrate your Salesforce org with applications hosted on third-party cloud services, it’s essential to be able to send and receive HTTP/s traffic securely. With Private Connect, increase security on your Amazon Web Services (AWS) integrations by setting up a fully managed network connection between your Salesforce org and your AWS Virtual Private Cloud (VPC). Then, route your cross-cloud traffic through the connection instead of over the public internet to reduce exposure to outsider security threats.
• Activations
  Activation tracks information about devices from which users have verified their identity. Salesforce prompts users to verify their identity when they access Salesforce from an unrecognized browser or application. Identity verification adds an extra layer of security on top of username and password authentication. The Activations page lists the login IP addresses and client browsers used.
• Event Monitoring
  Event Monitoring gives you access to detailed performance, security, and usage data on all your Salesforce apps. See who is accessing critical business data when, and from where. Understand user adoption across your apps. Troubleshoot and optimize performance to improve the end-user experience. Event Monitoring data is tracked via the API and surfaces many event logs in the Event Log Browser. You can directly query event log objects, visualize event data in dashboards, or import logs into data visualization or application monitoring tools like CRM Analytics, Splunk, or New Relic. To get started, check out our Event Monitoring training course.
• Configure Remote Site Settings
  Configure settings for a remote site.
• Named Credentials
  Intended to secure and simplify authenticated API callouts to external systems, a named credential specifies the URL of a callout endpoint and its required authentication parameters in one definition. To streamline your Apex code and simplify the setup of authenticated callouts, specify a named credential as the callout endpoint.
• Certificates and Keys
  Salesforce certificates and key pairs are used for signatures that verify a request is coming from your organization. They are used for authenticated SSL communications with an external website, or when using your organization as an Identity Provider. You only need to generate a Salesforce certificate and key pair if you're working with an external website that wants verification that a request is coming from a Salesforce organization.