The Results are in! And we’re ready to share them with you.
Security is one of our top priorities at CloudKettle. For ourselves, and for all of our clients.
With that in mind, we wanted to find out the answer to the question “How’s everyone else doing with Salesforce security these days?”
So we came up with a long list of questions (then we edited the list a bit, because no one has time to answer a 100-question survey), and we solicited responses from Salesforce Admins and Users all across North America.
We heard back from Admins and Users from multiple industries, a variety of company sizes, and a wide selection of Salesforce products. After reviewing the data closely, these were our main takeaways:
1. Regular Backup: While most respondents back up their Salesforce data, there are still organizations who are skipping this critical step. Regular backup of Salesforce data is crucial to secure valuable data.
2. Use of Restriction Rules: While most organizations use sharing rules, only 19% use restriction rules. These rules can provide flexibility and increase security by limiting access.
3. Regular Review of Access and Permissions: Over half of the respondents updated access and permissions based on changes in job roles or responsibilities either monthly or quarterly. This practice should be adopted by all organizations to ensure that only authorized personnel have access.
4. IP Restrictions: 35% of organizations did not have any IP restrictions to control access to Salesforce. Implementing IP restrictions can prevent unauthorized access and protect the data.
5. Regular Review of Sharing Settings and Use of Encrypted Fields: Most organizations reviewed sharing settings per object monthly or quarterly and used encrypted fields to protect sensitive data. This practice needs to be adopted by all organizations to ensure data privacy and protection.
6. Regular Review and Analysis of Audit Logs: Two-thirds of organizations regularly reviewed and analyzed audit logs to look for unusual patterns or unauthorized access attempts. This practice can help detect and prevent potential security incidents.
7. Phishing Simulation Exercises: 63% of organizations conducted phishing simulation exercises. This practice can help to assess and improve the susceptibility of Salesforce users to social engineering attacks.
8. Communication and Responsibility: Clear communication and defined responsibility are important. Most organizations communicated security updates through email notifications and internal communications. Moreover, it is crucial to regularly conduct reviews and assessments to ensure adherence to security governance guidelines within Salesforce.
Want the full report? Grab your copy over here.
Want to talk to us about your own Salesforce org security? Get in touch.