Pillar 2 of Security: System Access

Salesforce Security Pillar 2: System Access

It’s time for Part 2 of our Pillars of Salesforce Security series.

If you’re not caught up, take a quick look back at our Intro Blog and Part 1: User Access.

This post is all about System Access, and here is the key takeaway:

Don’t Give Systems Access They Don’t Need.

There are a few key topics that you should keep in mind here.

Third Party Apps

Third party apps can be extremely useful and provide you with a level of convenience across a variety of areas. However, you should ensure that the third party apps that you use do not have the ability to:

    • Delete records
    • Update Salesforce user information
    • Update transactional records
    • Access PII 

    It is crucial to ensure high-level safety measures while using third party apps. While these apps may provide you with less of a need to purchase additional costly software packages, they are not worth putting your Salesforce org at risk of security breaches.


    Healthy Access Practices

    It can be difficult to manage the access that different systems within your org have. Many companies have overlapping software within their orgs, so it can be easy for preferences to become tangled and hard to keep track of. This is why we have developed a checklist to help ensure that you have healthy access practices:

    1. Enable App AllowListing (More details on App AllowListing can be found over here on this blog.)
    2. Remove unused integrations and limit data access
    3. Uninstall expired managed packages
    4. Create a dedicated integration user profile 
    5. Utilize API Only User

    Following each practice in this checklist will provide your Salesforce org with more security to ensure your users’ information and your org’s data is safe.


    Removing Integrations and Limiting Access 

    As part of our business, we regularly conduct Audits of large Salesforce orgs.  In our experience, we often see that 30-50% of integrations that exist within the org are not active or not vetted by Salesforce. Not removing inactive users from your systems can lead to security inconsistencies (and risks) that can be easily avoided.

    You can further the security of your systems by removing inactive integrations and limiting access of active users. Essentially, the main goal you should pursue is to prevent unauthorized users from installing packages and downloading Salesforce data. This can be achieved in several ways, however, we have found that the following practices yield the best results:

    • Specify which apps users have access to
    • Ensure that authorization of users can be managed at an org-wide level or for specific users
    • Implement a scalable solution that applies the same limitation to new users while also creating a centralized location to manage existing user authorization



    In short, your systems contain extremely valuable information that can be viewed and downloaded by unnecessary (or unwanted!) users if you don’t implement strong security practices. Use the resources and checklists we provided to maintain a healthy and safe approach to system authorization.

    Stay tuned for the next instalment where we will cover the impact that Records and Data can have on your overall org security!

You may be interested in

User access and Salesforce Security

Salesforce Security Pillar 1: User Access

If you’ve been following along with our blog, you may have already seen our original post, The 3 Pillars of Salesforce Security. In this post, we’re going to do a deep dive into the first pillar – User Access. And here’s the key message: Don’t Give People Access They Don’t Need. User Access is an […]

Read More

The 3 Pillars of Salesforce Security. Pillar 3: Records & Data

Salesforce Security Pillar 3: Records & Data

Now we’ve made it to the final instalment of our Pillars to Salesforce Security. If you are not caught up, we highly recommend you read through Part 1: User Access & Part 2: System Access. With that being said, here we’ll be taking a deep dive into Records and Data with the key theme: Don’t […]

Read More

Sign up for the latest tips & news from CloudKettle

Thank you for subscribing.