SlideShare a Scribd company logo
1 of 45
Download to read offline
What’s new in Summer’15 Release
Security and Compliance
​ Shesh Kondi
​ Director, Security and Compliance - Customer Success
​ 
Safe Harbor
Safe harbor statement under the Private Securities Litigation Reform Act of 1995: This presentation may contain forward-
looking statements that involve risks, uncertainties, and assumptions. If any such uncertainties materialize or if any of the
assumptions proves incorrect, the results of salesforce.com, inc. could differ materially from the results expressed or
implied by the forward-looking statements we make. All statements other than statements of historical fact could be
deemed forward-looking, including any projections of subscriber growth, earnings, revenues, or other financial items and
any statements regarding strategies or plans of management for future operations, statements of belief, any statements
concerning new, planned, or upgraded services or technology developments and customer contracts or use of our
services.
The risks and uncertainties referred to above include – but are not limited to – risks associated with developing and
delivering new functionality for our service, our new business model, our past operating losses, possible fluctuations in
our operating results and rate of growth, interruptions or delays in our Web hosting, breach of our security measures, the
immature market in which we operate, our relatively limited operating history, our ability to expand, retain, and motivate
our employees and manage our growth, new releases of our service and successful customer deployment, our limited
history reselling non-salesforce.com products, and utilization and selling to larger enterprise customers. Further
information on potential factors that could affect the financial results of salesforce.com, inc. is included in our annual
report on Form 10-K for the fiscal year ended January 31, 2009 and our other filings. These documents are available on
the SEC Filings section of the Investor Information section of our Web site.
Any unreleased services or features referenced in this or other press releases or public statements are not currently
available and may not be delivered on time or at all. Customers who purchase our services should make the purchase
decisions based upon features that are currently available. Salesforce.com, inc. assumes no obligation and does not
intend to update these forward-looking statements.
Agenda
❏  Platform Encryption
❏  Identity and Authentication
❏  Event Monitoring - Transaction Security & Data Leakage
❏  Security Best Practices
❏  Compliance
❏  SHA-256 Upgrade
❏  Q & A
Platform Encryption
​ Eric Leach
​ Sr Director, Product Management
​ 
Encrypt Sensitive Data At Rest While Preserving Business
Functionality
The Problem: Sensitive, Confidential, Private, Regulated Data
… so that I can build new kinds of
apps and deliver more value to my
customers and business users
I want to store new, more
sensitive data on Salesforce…
The fastest, easiest and robust way to apply encryption on your sensitive data
Introducing: Salesforce1 Platform Encryption
Seamlessly protect your data at rest
Encrypt standard & custom fields, files & attachments
Easy to set up
Point and click setup in minutes
Manage your encryption keys
Customer-driven encryption key lifecycle management
Preserve important platform functionality
Features, like Validation and Workflow Rules,
made ‘encryption aware’
Key GA Features
Turn encryption on custom field types,
declaratively or via the MDAPI
While data is strongly encrypted at
rest, field length is not affected
Turn encryption on standard fields,
declaratively or via the MDAPI
Files and Attachments can be encrypted
while at rest in just one-click
Manage organization encryption keys declaratively
via the Setup UI or API, including Generate/Rotate,
Export, re-Import and Destroy Keys
Authorized User vs. Non-Authorized User
Authorized users are granted with the “View Encrypted Data” user perm to read
encrypted field values in plain text.
Identity and Authentication
​ Chuck Mortimore
​ Vice President, Product Management
​ 
Automated User
Provisioning
With the Summer ‘15 release,
administrators can automate the
task of creating, updating, and
disabling user account
information across all
applications using Salesforce as
an Identity Provider.
Identity Feature Overview
My Domain Enhancements
With the Summer ‘15 release,
administrators can now test the
My Domain login page without
having to deploy My Domain to
all users.
The initial check to verify DNS
propagation has also been
reduced from 10 mins to 30
secs.
Session timeout for OAuth
connected apps
Administrators can set specific
session timeout (aka access
token timeout) for OAuth
connected apps that overrides
the session timeout set at the
profile or org level.
Key Capabilities
User Provisioning Setup Wizard
Key Capabilities
User Provisioning Accounts List of user
accounts in
Google Apps
Key Capabilities
Connected Apps Session Timeout
Continuous IP
Restriction
Enforce Login IP range on
every request (rather than
during login only)
Add Geographic Info to
Login Events
Track the approximate
geographic location of the
IP address of user login
attempts
Export Control
Block access from
embargoed countries
Create SAML Settings
from a File or URL
Create SAML SSO
settings by importing a
metadata file or URL
SAML IdP Metadata
Discovery Endpoint
Expose Salesforce and
Community Identity
Provider metadata via a
public URL
Authentication Feature Overview
Custom Logout URL
Direct users to a specific
logout destination after
they log out of Salesforce
Custom Auth Provider
Endpoints
Edit the authorization,
token, and user info
endpoints for Google and
LinkedIn auth providers
Track Auth Service ID
with Login History
Associate the
authentication service ID
with a user’s login history
Continuous IP Restriction
Org level setting that
allows admins to
enforce the IP restriction
check on every access,
not just during login.
Disabled by default.
Custom Logout URL
Direct users to a specific web page
after they log out of Salesforce.
From Setup, go to Security
Controls > Session Settings.
Add Geographic Info to Login Events
Approximate geographic location
of the IP address of a user’s login.
More fields can be shown in a
custom view, such as Postal Code
and Lat/Long.
Geolocation info is also available
in Session Management and the
new LoginGeo object.
Export Control
STOP: Important Information
In June 2015, we will turn on Export Control to block IPs from embargoed countries from accessing the Salesforce service. The
purpose is to ensure compliance with U.S. law related to embargoed territories. If you attempt to access Salesforce from one of
these restricted IP ranges, they will receive the error below and can’t log in.
For more information go to http://trust.salesforce.com/trust/blocked
A user accessing Salesforce with an
IP located in an embargoed country*
will be blocked and get this error
message with a link to
http://trust.salesforce.com/trust/blocked
[*Syria, Iran, Cuba, Sudan, North Korea or Crimea]
Create SAML Settings from a File or URL
Configure single sign-on
by importing the settings
from an XML file or public
URL containing SAML 2.0
metadata.
SAML IdP Metadata Discovery Endpoint
Share the SAML configuration metadata for your
Salesforce or Community identity provider with
service providers via public URLs.
Available on the Identity Provider page and
Manage Apps > Connected Apps detail (for
SAML)
Example of the metadata XML
content retrieved from the endpoint
Custom Auth. Provider Endpoints
You can edit the authorization, token
and user info endpoints and customize
the Oauth flows.
Admins that want to use custom
endpoints must create an external
third-party application and update
the consumer key and secret in the
Auth. Provider configuration.
Track Auth Service ID with Login History
You can use the AuthenticationServiceId in
the Login History to verify which
authentication service or configuration a user
logged in with.
Event Monitoring: Transaction
Security and Data Leakage
​ Eric Leach
​ Sr. Director, Product Management
​ Adam Torman,
​ Director, Product Management
Real time security actions
Historic data leakage detection
Monitor User Activity
Know who is accessing data from where
Optimize Performance
Troubleshoot application performance to improve
end user experience
Track Application Usage
Understand application usage to increase adoption
Gain Visibility Into User Actions with Event Monitoring
Real Time Security Actions For User Activity Monitoring
​ Customizable Apex Policies
​ Framework auto-generates policies
​ Define Real Time Actions
​ Notify, Block, Force 2FA, Session Chooser
​ Enforce Session Constraints
​ Control the number of active user sessions
PILOT
Transaction Security Policy Framework: Concurrent Sessions
Pre-generated policy to control the
number of concurrent user sessions
Control access based on profile, IP
address or other common user info
New session chooser page allows
users to select sessions to terminate
PILOT
5 Dashboards
Audit
Fix
Optimize
Adopt
Overview
Roadmap
Name denormalization
Automated ETL
Integrated dashboards
Event Monitoring Wave App Pilot
PILOT
Spring ‘15
Login Forensics - API Only
Summer ‘15
API Query Events - API Only
Session Correlation - API Only
Roadmap
Report, List View, and Click Events
Wave App Integration
Data Leakage Detection Pilot
PILOT
Security Best Practices
​ Masha Sedova
​ Sr. Director, Trust Engagement
​ 
Security	
  is	
  a	
  partnership	
  with	
  our	
  customers.	
  
Se3ng	
  and	
  reviewing	
  Security	
  Controls	
  will	
  improve	
  your	
  org’s	
  health.	
  
Users	
  are	
  on	
  the	
  front	
  line.	
  
	
  
Password security
Passwords are the first line of defense.
Security Risk
​ Loss of access control.
Compromise will be blamed on the account owner.
Teach your users about password ownership
No password/credential sharing. No exceptions.
Discourage password reuse.
Effective insider threat technique.
Address internally or report to security@salesforce.com.
Phishing
●  Educate your Salesforce users!
●  If your users get a “Salesforce” e-mail, have them reach out to you or your
security team to double check that it is legitimate
●  If you are not sure about a ”Salesforce" e-mail, ask us, by forwarding to
security@salesforce.com
●  What is phishing?
●  One of the most effective and pervasive attack techniques
●  Luring a user to click on a link that carries a malicious payload
●  Resources:
○  trust.salesforce.com
○  staysafeonline.org
Phishing: Real World Example
●  Hover over links to validate.
●  Does the e-mail context make
sense?
●  Does the e-mail sender make
sense?
●  Does Salesforce send
receipts in this manner? Are
you normally a recipient?
●  Look for typos/grammatical
errors.
●  Beware Clickbait!
Look for:
●  Legitimate @salesforce.com or
@exacttarget.com address
●  Current Salesforce logo
●  Links go to www.salesforce.com or App Stores
(hover with your mouse)
●  Call to action not overly aggressive
Legitimate Salesforce Emails
How Two Factor Authentication Works
+
Salesforce Authenticator
Protects account access
even if the user’s password
is compromised
Significantly reduces
vulnerability
Great resource:
www.twofactorauth.org
Login IP Ranges
Available to all customers
Only access Salesforce from a designated set of IP Ranges. Two levels:
Org-level Trusted IP Ranges (permissive)
Profile-level Login IP Ranges (restrictive)
Enterprise, Unlimited, Performance, Developer:
Manage Users | Profiles
Contact Mgr, Group, Professional:
Security Controls | Session Settings
Recommendation
✓  Org-wide Trusted IP Ranges → all users in your organization
✓  Profile- based login IP range restrictions → employees with
access to lots of data or sensitive materials (Admins,
Developers)
✓  Profile- based login IP range restrictions --> users connecting
from the same locations.
●  Deactivate users as soon as
possible
●  Deactivation removes login access
while preserving historical activity
and records
●  Sometimes users cannot be
deactivated: assign new user or
reassign approval responsibility first
●  Know your IT department’s
termination process
User Deactivation
Best practice:
Freeze users first!
From Setup, click Manage Users | Users.
Click Edit next to a user’s name.
Deselect the Active checkbox and then click Save.
Compliance
​ Shesh Kondi
​ Director, Security and Compliance
​ 
Update on Certifications
❏  ISO 27001
❏  Updated to 2013 Standard
❏  Certification Document available
❏  PCI-DSS v3
❏  Pre-Assessment complete
❏  Audit in progress.
❏  SOC2 Type 2 for Marketing Cloud
❏  Certification Document available
SHA-256 Upgrade
SHA-256 Upgrade
What’s Changing?
Salesforce will be moving from utilizing certificates with a SHA-1 hash algorithm to new certificates with a SHA-256 hash
algorithm. This change is to maintain alignment with the industry-wide security best practices.
Core production instances will start being updated in August 2015.
Operating Systems
(OS) & Browsers
Must meet minimum
version requirements
TEST SITE: https://sha2test.salesforce.com/s/
More Information: HTTPS Security Certificate Change from SHA -1 to SHA-256 hash algorithms
What do I need to do to be prepared?
Users
Must use OS’s and
browsers compatible
with SHA-256
Middleware /
Integrations*
Should be tested to
ensure continuous
access
*Customers who locally cache certificates in their middleware should join the Success Community group:
“Official: Certificate Changes” in order to receive the necessary updates and information required in order to
Questions?
Please email questions/feedback to:
skondi@salesforce.com
Thank you

More Related Content

What's hot

Salesforce shield by manish
Salesforce shield by manishSalesforce shield by manish
Salesforce shield by manishManish Thaduri
 
(Salesforce) Lightning Login - Dreamforce 2017
(Salesforce) Lightning Login - Dreamforce 2017(Salesforce) Lightning Login - Dreamforce 2017
(Salesforce) Lightning Login - Dreamforce 2017Michael Smith
 
Introducing salesforce shield - Paris Salesforce Developer Group - Oct 15
Introducing salesforce shield - Paris Salesforce Developer Group - Oct 15Introducing salesforce shield - Paris Salesforce Developer Group - Oct 15
Introducing salesforce shield - Paris Salesforce Developer Group - Oct 15Paris Salesforce Developer Group
 
Integrating Active Directory With Salesforce Using Identity Connect
Integrating Active Directory With Salesforce Using Identity ConnectIntegrating Active Directory With Salesforce Using Identity Connect
Integrating Active Directory With Salesforce Using Identity ConnectSalesforce Developers
 
Salesforce Security: Fully Automated
Salesforce Security: Fully AutomatedSalesforce Security: Fully Automated
Salesforce Security: Fully AutomatedSalesforce.org
 
Managing the Role Hierarchy at Enterprise Scale
Managing the Role Hierarchy at Enterprise ScaleManaging the Role Hierarchy at Enterprise Scale
Managing the Role Hierarchy at Enterprise ScaleSalesforce Developers
 
Integrating Active Directory with Salesforce
Integrating Active Directory with SalesforceIntegrating Active Directory with Salesforce
Integrating Active Directory with SalesforceSalesforce Developers
 
Salesforce Identity: Don't Treat Your Customers Like Your Employees
Salesforce Identity: Don't Treat Your Customers Like Your EmployeesSalesforce Identity: Don't Treat Your Customers Like Your Employees
Salesforce Identity: Don't Treat Your Customers Like Your EmployeesSalesforce Developers
 
OAuth with Salesforce - Demystified
OAuth with Salesforce - DemystifiedOAuth with Salesforce - Demystified
OAuth with Salesforce - DemystifiedCalvin Noronha
 
OAuth for Non Developers in Salesforce
OAuth for Non Developers in SalesforceOAuth for Non Developers in Salesforce
OAuth for Non Developers in SalesforcePeter Chittum
 
Introduction to the Salesforce Security Model
Introduction to the Salesforce Security ModelIntroduction to the Salesforce Security Model
Introduction to the Salesforce Security ModelSalesforce Developers
 
Paris Salesforce Developer Group - 16 09 2014 - Summer '14
Paris Salesforce Developer Group - 16 09 2014 - Summer '14Paris Salesforce Developer Group - 16 09 2014 - Summer '14
Paris Salesforce Developer Group - 16 09 2014 - Summer '14Paris Salesforce Developer Group
 
2. 8 things that will make your business love your developers again
2. 8 things that will make your business love your developers again2. 8 things that will make your business love your developers again
2. 8 things that will make your business love your developers againEuroCloud
 
Advanced Uses of Salesforce's Login Flows
Advanced Uses of Salesforce's Login FlowsAdvanced Uses of Salesforce's Login Flows
Advanced Uses of Salesforce's Login FlowsSalesforce Developers
 
Secure Salesforce: Code Scanning with Checkmarx
Secure Salesforce: Code Scanning with CheckmarxSecure Salesforce: Code Scanning with Checkmarx
Secure Salesforce: Code Scanning with CheckmarxSalesforce Developers
 
Setting up Security in Your Salesforce Instance
Setting up Security in Your Salesforce InstanceSetting up Security in Your Salesforce Instance
Setting up Security in Your Salesforce InstanceSalesforce Developers
 
Secure Salesforce: Secret Storage in Your Salesforce Instance
Secure Salesforce: Secret Storage in Your Salesforce InstanceSecure Salesforce: Secret Storage in Your Salesforce Instance
Secure Salesforce: Secret Storage in Your Salesforce InstanceSalesforce Developers
 
Secure Salesforce: Hardened Apps with the Mobile SDK
Secure Salesforce: Hardened Apps with the Mobile SDKSecure Salesforce: Hardened Apps with the Mobile SDK
Secure Salesforce: Hardened Apps with the Mobile SDKSalesforce Developers
 
Deep Dive into OAuth for Connected Apps
Deep Dive into OAuth for Connected AppsDeep Dive into OAuth for Connected Apps
Deep Dive into OAuth for Connected AppsSalesforce Developers
 

What's hot (20)

Salesforce shield by manish
Salesforce shield by manishSalesforce shield by manish
Salesforce shield by manish
 
(Salesforce) Lightning Login - Dreamforce 2017
(Salesforce) Lightning Login - Dreamforce 2017(Salesforce) Lightning Login - Dreamforce 2017
(Salesforce) Lightning Login - Dreamforce 2017
 
Introducing salesforce shield - Paris Salesforce Developer Group - Oct 15
Introducing salesforce shield - Paris Salesforce Developer Group - Oct 15Introducing salesforce shield - Paris Salesforce Developer Group - Oct 15
Introducing salesforce shield - Paris Salesforce Developer Group - Oct 15
 
Integrating Active Directory With Salesforce Using Identity Connect
Integrating Active Directory With Salesforce Using Identity ConnectIntegrating Active Directory With Salesforce Using Identity Connect
Integrating Active Directory With Salesforce Using Identity Connect
 
Introducing Salesforce Identity
Introducing Salesforce IdentityIntroducing Salesforce Identity
Introducing Salesforce Identity
 
Salesforce Security: Fully Automated
Salesforce Security: Fully AutomatedSalesforce Security: Fully Automated
Salesforce Security: Fully Automated
 
Managing the Role Hierarchy at Enterprise Scale
Managing the Role Hierarchy at Enterprise ScaleManaging the Role Hierarchy at Enterprise Scale
Managing the Role Hierarchy at Enterprise Scale
 
Integrating Active Directory with Salesforce
Integrating Active Directory with SalesforceIntegrating Active Directory with Salesforce
Integrating Active Directory with Salesforce
 
Salesforce Identity: Don't Treat Your Customers Like Your Employees
Salesforce Identity: Don't Treat Your Customers Like Your EmployeesSalesforce Identity: Don't Treat Your Customers Like Your Employees
Salesforce Identity: Don't Treat Your Customers Like Your Employees
 
OAuth with Salesforce - Demystified
OAuth with Salesforce - DemystifiedOAuth with Salesforce - Demystified
OAuth with Salesforce - Demystified
 
OAuth for Non Developers in Salesforce
OAuth for Non Developers in SalesforceOAuth for Non Developers in Salesforce
OAuth for Non Developers in Salesforce
 
Introduction to the Salesforce Security Model
Introduction to the Salesforce Security ModelIntroduction to the Salesforce Security Model
Introduction to the Salesforce Security Model
 
Paris Salesforce Developer Group - 16 09 2014 - Summer '14
Paris Salesforce Developer Group - 16 09 2014 - Summer '14Paris Salesforce Developer Group - 16 09 2014 - Summer '14
Paris Salesforce Developer Group - 16 09 2014 - Summer '14
 
2. 8 things that will make your business love your developers again
2. 8 things that will make your business love your developers again2. 8 things that will make your business love your developers again
2. 8 things that will make your business love your developers again
 
Advanced Uses of Salesforce's Login Flows
Advanced Uses of Salesforce's Login FlowsAdvanced Uses of Salesforce's Login Flows
Advanced Uses of Salesforce's Login Flows
 
Secure Salesforce: Code Scanning with Checkmarx
Secure Salesforce: Code Scanning with CheckmarxSecure Salesforce: Code Scanning with Checkmarx
Secure Salesforce: Code Scanning with Checkmarx
 
Setting up Security in Your Salesforce Instance
Setting up Security in Your Salesforce InstanceSetting up Security in Your Salesforce Instance
Setting up Security in Your Salesforce Instance
 
Secure Salesforce: Secret Storage in Your Salesforce Instance
Secure Salesforce: Secret Storage in Your Salesforce InstanceSecure Salesforce: Secret Storage in Your Salesforce Instance
Secure Salesforce: Secret Storage in Your Salesforce Instance
 
Secure Salesforce: Hardened Apps with the Mobile SDK
Secure Salesforce: Hardened Apps with the Mobile SDKSecure Salesforce: Hardened Apps with the Mobile SDK
Secure Salesforce: Hardened Apps with the Mobile SDK
 
Deep Dive into OAuth for Connected Apps
Deep Dive into OAuth for Connected AppsDeep Dive into OAuth for Connected Apps
Deep Dive into OAuth for Connected Apps
 

Viewers also liked

What’s new in summer’15 release - Security & Compliance
What’s new in summer’15 release - Security & ComplianceWhat’s new in summer’15 release - Security & Compliance
What’s new in summer’15 release - Security & ComplianceShesh Kondi
 
Efforts to excellence
Efforts to excellenceEfforts to excellence
Efforts to excellenceabdeali_cool
 
Organizational Profile
Organizational ProfileOrganizational Profile
Organizational Profilerzietlow
 
Smith vem vepc nov 2011
Smith vem vepc nov 2011Smith vem vepc nov 2011
Smith vem vepc nov 2011Julie Smith
 
Vad är googles verktyg Youtube, blogger och Reader
Vad är googles verktyg Youtube, blogger och ReaderVad är googles verktyg Youtube, blogger och Reader
Vad är googles verktyg Youtube, blogger och ReaderSV-eva
 
Tela Beauty Organics by Philip Pelusi Education Outreach
Tela Beauty Organics by Philip Pelusi Education OutreachTela Beauty Organics by Philip Pelusi Education Outreach
Tela Beauty Organics by Philip Pelusi Education Outreachtelabeautyorganics
 
Benzina a meta' prezzo
Benzina a meta' prezzoBenzina a meta' prezzo
Benzina a meta' prezzoSteniopol
 
隆力奇 20101 Strategy
隆力奇 20101 Strategy隆力奇 20101 Strategy
隆力奇 20101 Strategyajaxjiang
 
Invitation to MPP Sarah Campbell
Invitation to MPP Sarah CampbellInvitation to MPP Sarah Campbell
Invitation to MPP Sarah Campbelltorchoflife
 
Waste management
Waste managementWaste management
Waste managementmahendrasr1
 

Viewers also liked (10)

What’s new in summer’15 release - Security & Compliance
What’s new in summer’15 release - Security & ComplianceWhat’s new in summer’15 release - Security & Compliance
What’s new in summer’15 release - Security & Compliance
 
Efforts to excellence
Efforts to excellenceEfforts to excellence
Efforts to excellence
 
Organizational Profile
Organizational ProfileOrganizational Profile
Organizational Profile
 
Smith vem vepc nov 2011
Smith vem vepc nov 2011Smith vem vepc nov 2011
Smith vem vepc nov 2011
 
Vad är googles verktyg Youtube, blogger och Reader
Vad är googles verktyg Youtube, blogger och ReaderVad är googles verktyg Youtube, blogger och Reader
Vad är googles verktyg Youtube, blogger och Reader
 
Tela Beauty Organics by Philip Pelusi Education Outreach
Tela Beauty Organics by Philip Pelusi Education OutreachTela Beauty Organics by Philip Pelusi Education Outreach
Tela Beauty Organics by Philip Pelusi Education Outreach
 
Benzina a meta' prezzo
Benzina a meta' prezzoBenzina a meta' prezzo
Benzina a meta' prezzo
 
隆力奇 20101 Strategy
隆力奇 20101 Strategy隆力奇 20101 Strategy
隆力奇 20101 Strategy
 
Invitation to MPP Sarah Campbell
Invitation to MPP Sarah CampbellInvitation to MPP Sarah Campbell
Invitation to MPP Sarah Campbell
 
Waste management
Waste managementWaste management
Waste management
 

Similar to What’s new in summer’15 release - Security & Compliance

[Delivering Salesforce secure access to remote workforce
[Delivering Salesforce secure access to remote workforce[Delivering Salesforce secure access to remote workforce
[Delivering Salesforce secure access to remote workforceAnna Loughnan Colquhoun
 
Event Monitoring: Use Powerful Insights to Improve Performance and Security
Event Monitoring: Use Powerful Insights to Improve Performance and SecurityEvent Monitoring: Use Powerful Insights to Improve Performance and Security
Event Monitoring: Use Powerful Insights to Improve Performance and SecurityDreamforce
 
Take Security to the Next Level w/ Lightning Login
Take Security to the Next Level w/ Lightning Login Take Security to the Next Level w/ Lightning Login
Take Security to the Next Level w/ Lightning Login Salesforce Admins
 
Introduction to lightning out df16
Introduction to lightning out   df16Introduction to lightning out   df16
Introduction to lightning out df16Mohith Shrivastava
 
How to Become a Security-Minded Admin
How to Become a Security-Minded AdminHow to Become a Security-Minded Admin
How to Become a Security-Minded AdminSalesforce Admins
 
Salesforce Identity Management
Salesforce Identity ManagementSalesforce Identity Management
Salesforce Identity ManagementJayant Jindal
 
Authentication with OAuth and Connected Apps
Authentication with OAuth and Connected AppsAuthentication with OAuth and Connected Apps
Authentication with OAuth and Connected AppsSalesforce Developers
 
Two-Factor Authentication: Easy Setup, Major Impact by Marco Erzingher
Two-Factor Authentication: Easy Setup, Major Impact by Marco ErzingherTwo-Factor Authentication: Easy Setup, Major Impact by Marco Erzingher
Two-Factor Authentication: Easy Setup, Major Impact by Marco ErzingherSalesforce Admins
 
Admin Best Practices: Remove Security Risk From Your Org with a User Audit
Admin Best Practices: Remove Security Risk From Your Org with a User AuditAdmin Best Practices: Remove Security Risk From Your Org with a User Audit
Admin Best Practices: Remove Security Risk From Your Org with a User AuditSalesforce Admins
 
Salesforce Release in a box - Winter 19
Salesforce Release in a box - Winter 19Salesforce Release in a box - Winter 19
Salesforce Release in a box - Winter 19Antonina Romanova
 
Essential Habits for Salesforce Admins: Security
Essential Habits for Salesforce Admins: SecurityEssential Habits for Salesforce Admins: Security
Essential Habits for Salesforce Admins: SecuritySalesforce Admins
 
Secure Salesforce: External App Integrations
Secure Salesforce: External App IntegrationsSecure Salesforce: External App Integrations
Secure Salesforce: External App IntegrationsSalesforce Developers
 
Real Time Integration with Salesforce Platform Events
Real Time Integration with Salesforce Platform EventsReal Time Integration with Salesforce Platform Events
Real Time Integration with Salesforce Platform EventsSalesforce Developers
 
10 Easy Steps to Mastering Org Security
10 Easy Steps to Mastering Org Security10 Easy Steps to Mastering Org Security
10 Easy Steps to Mastering Org SecuritySalesforce Admins
 
Build and Package Lightning Components for Lightning Exchange
Build and Package Lightning Components for Lightning ExchangeBuild and Package Lightning Components for Lightning Exchange
Build and Package Lightning Components for Lightning ExchangeSalesforce Developers
 
OpenID Connect and Single Sign-On for Beginners
OpenID Connect and Single Sign-On for BeginnersOpenID Connect and Single Sign-On for Beginners
OpenID Connect and Single Sign-On for BeginnersSalesforce Developers
 
CCT London 2013 Theatre Intro to Apex
CCT London 2013 Theatre Intro to ApexCCT London 2013 Theatre Intro to Apex
CCT London 2013 Theatre Intro to ApexPeter Chittum
 
Platform Encryption World Tour Admin Zone
Platform Encryption World Tour Admin ZonePlatform Encryption World Tour Admin Zone
Platform Encryption World Tour Admin ZonePeter Chittum
 
Singapore dg salesforce einstein + spring 17 release by manish
Singapore dg   salesforce einstein + spring 17 release by manishSingapore dg   salesforce einstein + spring 17 release by manish
Singapore dg salesforce einstein + spring 17 release by manishManish Thaduri
 
#DF17Recap series: Integrate apps easier with the Salesforce platform
#DF17Recap series: Integrate apps easier with the Salesforce platform#DF17Recap series: Integrate apps easier with the Salesforce platform
#DF17Recap series: Integrate apps easier with the Salesforce platformSalesforce Developers
 

Similar to What’s new in summer’15 release - Security & Compliance (20)

[Delivering Salesforce secure access to remote workforce
[Delivering Salesforce secure access to remote workforce[Delivering Salesforce secure access to remote workforce
[Delivering Salesforce secure access to remote workforce
 
Event Monitoring: Use Powerful Insights to Improve Performance and Security
Event Monitoring: Use Powerful Insights to Improve Performance and SecurityEvent Monitoring: Use Powerful Insights to Improve Performance and Security
Event Monitoring: Use Powerful Insights to Improve Performance and Security
 
Take Security to the Next Level w/ Lightning Login
Take Security to the Next Level w/ Lightning Login Take Security to the Next Level w/ Lightning Login
Take Security to the Next Level w/ Lightning Login
 
Introduction to lightning out df16
Introduction to lightning out   df16Introduction to lightning out   df16
Introduction to lightning out df16
 
How to Become a Security-Minded Admin
How to Become a Security-Minded AdminHow to Become a Security-Minded Admin
How to Become a Security-Minded Admin
 
Salesforce Identity Management
Salesforce Identity ManagementSalesforce Identity Management
Salesforce Identity Management
 
Authentication with OAuth and Connected Apps
Authentication with OAuth and Connected AppsAuthentication with OAuth and Connected Apps
Authentication with OAuth and Connected Apps
 
Two-Factor Authentication: Easy Setup, Major Impact by Marco Erzingher
Two-Factor Authentication: Easy Setup, Major Impact by Marco ErzingherTwo-Factor Authentication: Easy Setup, Major Impact by Marco Erzingher
Two-Factor Authentication: Easy Setup, Major Impact by Marco Erzingher
 
Admin Best Practices: Remove Security Risk From Your Org with a User Audit
Admin Best Practices: Remove Security Risk From Your Org with a User AuditAdmin Best Practices: Remove Security Risk From Your Org with a User Audit
Admin Best Practices: Remove Security Risk From Your Org with a User Audit
 
Salesforce Release in a box - Winter 19
Salesforce Release in a box - Winter 19Salesforce Release in a box - Winter 19
Salesforce Release in a box - Winter 19
 
Essential Habits for Salesforce Admins: Security
Essential Habits for Salesforce Admins: SecurityEssential Habits for Salesforce Admins: Security
Essential Habits for Salesforce Admins: Security
 
Secure Salesforce: External App Integrations
Secure Salesforce: External App IntegrationsSecure Salesforce: External App Integrations
Secure Salesforce: External App Integrations
 
Real Time Integration with Salesforce Platform Events
Real Time Integration with Salesforce Platform EventsReal Time Integration with Salesforce Platform Events
Real Time Integration with Salesforce Platform Events
 
10 Easy Steps to Mastering Org Security
10 Easy Steps to Mastering Org Security10 Easy Steps to Mastering Org Security
10 Easy Steps to Mastering Org Security
 
Build and Package Lightning Components for Lightning Exchange
Build and Package Lightning Components for Lightning ExchangeBuild and Package Lightning Components for Lightning Exchange
Build and Package Lightning Components for Lightning Exchange
 
OpenID Connect and Single Sign-On for Beginners
OpenID Connect and Single Sign-On for BeginnersOpenID Connect and Single Sign-On for Beginners
OpenID Connect and Single Sign-On for Beginners
 
CCT London 2013 Theatre Intro to Apex
CCT London 2013 Theatre Intro to ApexCCT London 2013 Theatre Intro to Apex
CCT London 2013 Theatre Intro to Apex
 
Platform Encryption World Tour Admin Zone
Platform Encryption World Tour Admin ZonePlatform Encryption World Tour Admin Zone
Platform Encryption World Tour Admin Zone
 
Singapore dg salesforce einstein + spring 17 release by manish
Singapore dg   salesforce einstein + spring 17 release by manishSingapore dg   salesforce einstein + spring 17 release by manish
Singapore dg salesforce einstein + spring 17 release by manish
 
#DF17Recap series: Integrate apps easier with the Salesforce platform
#DF17Recap series: Integrate apps easier with the Salesforce platform#DF17Recap series: Integrate apps easier with the Salesforce platform
#DF17Recap series: Integrate apps easier with the Salesforce platform
 

Recently uploaded

OpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureOpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureEric D. Schabell
 
Introduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxIntroduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxMatsuo Lab
 
Computer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsComputer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsSeth Reyes
 
UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7DianaGray10
 
Bird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemBird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemAsko Soukka
 
Machine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfMachine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfAijun Zhang
 
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostKubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostMatt Ray
 
Comparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioComparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioChristian Posta
 
Spring24-Release Overview - Wellingtion User Group-1.pdf
Spring24-Release Overview - Wellingtion User Group-1.pdfSpring24-Release Overview - Wellingtion User Group-1.pdf
Spring24-Release Overview - Wellingtion User Group-1.pdfAnna Loughnan Colquhoun
 
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...UbiTrack UK
 
Things you didn't know you can use in your Salesforce
Things you didn't know you can use in your SalesforceThings you didn't know you can use in your Salesforce
Things you didn't know you can use in your SalesforceMartin Humpolec
 
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online CollaborationCOMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online Collaborationbruanjhuli
 
Linked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesLinked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesDavid Newbury
 
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...DianaGray10
 
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IES VE
 
Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.YounusS2
 
Babel Compiler - Transforming JavaScript for All Browsers.pptx
Babel Compiler - Transforming JavaScript for All Browsers.pptxBabel Compiler - Transforming JavaScript for All Browsers.pptx
Babel Compiler - Transforming JavaScript for All Browsers.pptxYounusS2
 
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesAI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesMd Hossain Ali
 
Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024D Cloud Solutions
 
RAG Patterns and Vector Search in Generative AI
RAG Patterns and Vector Search in Generative AIRAG Patterns and Vector Search in Generative AI
RAG Patterns and Vector Search in Generative AIUdaiappa Ramachandran
 

Recently uploaded (20)

OpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureOpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability Adventure
 
Introduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxIntroduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptx
 
Computer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsComputer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and Hazards
 
UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7
 
Bird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemBird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystem
 
Machine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfMachine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdf
 
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostKubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
 
Comparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioComparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and Istio
 
Spring24-Release Overview - Wellingtion User Group-1.pdf
Spring24-Release Overview - Wellingtion User Group-1.pdfSpring24-Release Overview - Wellingtion User Group-1.pdf
Spring24-Release Overview - Wellingtion User Group-1.pdf
 
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
 
Things you didn't know you can use in your Salesforce
Things you didn't know you can use in your SalesforceThings you didn't know you can use in your Salesforce
Things you didn't know you can use in your Salesforce
 
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online CollaborationCOMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
 
Linked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesLinked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond Ontologies
 
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
 
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
 
Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.
 
Babel Compiler - Transforming JavaScript for All Browsers.pptx
Babel Compiler - Transforming JavaScript for All Browsers.pptxBabel Compiler - Transforming JavaScript for All Browsers.pptx
Babel Compiler - Transforming JavaScript for All Browsers.pptx
 
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesAI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
 
Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024
 
RAG Patterns and Vector Search in Generative AI
RAG Patterns and Vector Search in Generative AIRAG Patterns and Vector Search in Generative AI
RAG Patterns and Vector Search in Generative AI
 

What’s new in summer’15 release - Security & Compliance

  • 1. What’s new in Summer’15 Release Security and Compliance ​ Shesh Kondi ​ Director, Security and Compliance - Customer Success ​ 
  • 2. Safe Harbor Safe harbor statement under the Private Securities Litigation Reform Act of 1995: This presentation may contain forward- looking statements that involve risks, uncertainties, and assumptions. If any such uncertainties materialize or if any of the assumptions proves incorrect, the results of salesforce.com, inc. could differ materially from the results expressed or implied by the forward-looking statements we make. All statements other than statements of historical fact could be deemed forward-looking, including any projections of subscriber growth, earnings, revenues, or other financial items and any statements regarding strategies or plans of management for future operations, statements of belief, any statements concerning new, planned, or upgraded services or technology developments and customer contracts or use of our services. The risks and uncertainties referred to above include – but are not limited to – risks associated with developing and delivering new functionality for our service, our new business model, our past operating losses, possible fluctuations in our operating results and rate of growth, interruptions or delays in our Web hosting, breach of our security measures, the immature market in which we operate, our relatively limited operating history, our ability to expand, retain, and motivate our employees and manage our growth, new releases of our service and successful customer deployment, our limited history reselling non-salesforce.com products, and utilization and selling to larger enterprise customers. Further information on potential factors that could affect the financial results of salesforce.com, inc. is included in our annual report on Form 10-K for the fiscal year ended January 31, 2009 and our other filings. These documents are available on the SEC Filings section of the Investor Information section of our Web site. Any unreleased services or features referenced in this or other press releases or public statements are not currently available and may not be delivered on time or at all. Customers who purchase our services should make the purchase decisions based upon features that are currently available. Salesforce.com, inc. assumes no obligation and does not intend to update these forward-looking statements.
  • 3. Agenda ❏  Platform Encryption ❏  Identity and Authentication ❏  Event Monitoring - Transaction Security & Data Leakage ❏  Security Best Practices ❏  Compliance ❏  SHA-256 Upgrade ❏  Q & A
  • 4. Platform Encryption ​ Eric Leach ​ Sr Director, Product Management ​  Encrypt Sensitive Data At Rest While Preserving Business Functionality
  • 5. The Problem: Sensitive, Confidential, Private, Regulated Data … so that I can build new kinds of apps and deliver more value to my customers and business users I want to store new, more sensitive data on Salesforce…
  • 6. The fastest, easiest and robust way to apply encryption on your sensitive data Introducing: Salesforce1 Platform Encryption Seamlessly protect your data at rest Encrypt standard & custom fields, files & attachments Easy to set up Point and click setup in minutes Manage your encryption keys Customer-driven encryption key lifecycle management Preserve important platform functionality Features, like Validation and Workflow Rules, made ‘encryption aware’
  • 7. Key GA Features Turn encryption on custom field types, declaratively or via the MDAPI While data is strongly encrypted at rest, field length is not affected Turn encryption on standard fields, declaratively or via the MDAPI Files and Attachments can be encrypted while at rest in just one-click Manage organization encryption keys declaratively via the Setup UI or API, including Generate/Rotate, Export, re-Import and Destroy Keys
  • 8. Authorized User vs. Non-Authorized User Authorized users are granted with the “View Encrypted Data” user perm to read encrypted field values in plain text.
  • 9. Identity and Authentication ​ Chuck Mortimore ​ Vice President, Product Management ​ 
  • 10. Automated User Provisioning With the Summer ‘15 release, administrators can automate the task of creating, updating, and disabling user account information across all applications using Salesforce as an Identity Provider. Identity Feature Overview My Domain Enhancements With the Summer ‘15 release, administrators can now test the My Domain login page without having to deploy My Domain to all users. The initial check to verify DNS propagation has also been reduced from 10 mins to 30 secs. Session timeout for OAuth connected apps Administrators can set specific session timeout (aka access token timeout) for OAuth connected apps that overrides the session timeout set at the profile or org level.
  • 12. Key Capabilities User Provisioning Accounts List of user accounts in Google Apps
  • 14. Continuous IP Restriction Enforce Login IP range on every request (rather than during login only) Add Geographic Info to Login Events Track the approximate geographic location of the IP address of user login attempts Export Control Block access from embargoed countries Create SAML Settings from a File or URL Create SAML SSO settings by importing a metadata file or URL SAML IdP Metadata Discovery Endpoint Expose Salesforce and Community Identity Provider metadata via a public URL Authentication Feature Overview Custom Logout URL Direct users to a specific logout destination after they log out of Salesforce Custom Auth Provider Endpoints Edit the authorization, token, and user info endpoints for Google and LinkedIn auth providers Track Auth Service ID with Login History Associate the authentication service ID with a user’s login history
  • 15. Continuous IP Restriction Org level setting that allows admins to enforce the IP restriction check on every access, not just during login. Disabled by default.
  • 16. Custom Logout URL Direct users to a specific web page after they log out of Salesforce. From Setup, go to Security Controls > Session Settings.
  • 17. Add Geographic Info to Login Events Approximate geographic location of the IP address of a user’s login. More fields can be shown in a custom view, such as Postal Code and Lat/Long. Geolocation info is also available in Session Management and the new LoginGeo object.
  • 18. Export Control STOP: Important Information In June 2015, we will turn on Export Control to block IPs from embargoed countries from accessing the Salesforce service. The purpose is to ensure compliance with U.S. law related to embargoed territories. If you attempt to access Salesforce from one of these restricted IP ranges, they will receive the error below and can’t log in. For more information go to http://trust.salesforce.com/trust/blocked A user accessing Salesforce with an IP located in an embargoed country* will be blocked and get this error message with a link to http://trust.salesforce.com/trust/blocked [*Syria, Iran, Cuba, Sudan, North Korea or Crimea]
  • 19. Create SAML Settings from a File or URL Configure single sign-on by importing the settings from an XML file or public URL containing SAML 2.0 metadata.
  • 20. SAML IdP Metadata Discovery Endpoint Share the SAML configuration metadata for your Salesforce or Community identity provider with service providers via public URLs. Available on the Identity Provider page and Manage Apps > Connected Apps detail (for SAML) Example of the metadata XML content retrieved from the endpoint
  • 21. Custom Auth. Provider Endpoints You can edit the authorization, token and user info endpoints and customize the Oauth flows. Admins that want to use custom endpoints must create an external third-party application and update the consumer key and secret in the Auth. Provider configuration.
  • 22. Track Auth Service ID with Login History You can use the AuthenticationServiceId in the Login History to verify which authentication service or configuration a user logged in with.
  • 23. Event Monitoring: Transaction Security and Data Leakage ​ Eric Leach ​ Sr. Director, Product Management ​ Adam Torman, ​ Director, Product Management Real time security actions Historic data leakage detection
  • 24. Monitor User Activity Know who is accessing data from where Optimize Performance Troubleshoot application performance to improve end user experience Track Application Usage Understand application usage to increase adoption Gain Visibility Into User Actions with Event Monitoring
  • 25. Real Time Security Actions For User Activity Monitoring ​ Customizable Apex Policies ​ Framework auto-generates policies ​ Define Real Time Actions ​ Notify, Block, Force 2FA, Session Chooser ​ Enforce Session Constraints ​ Control the number of active user sessions PILOT
  • 26. Transaction Security Policy Framework: Concurrent Sessions Pre-generated policy to control the number of concurrent user sessions Control access based on profile, IP address or other common user info New session chooser page allows users to select sessions to terminate PILOT
  • 27. 5 Dashboards Audit Fix Optimize Adopt Overview Roadmap Name denormalization Automated ETL Integrated dashboards Event Monitoring Wave App Pilot PILOT
  • 28. Spring ‘15 Login Forensics - API Only Summer ‘15 API Query Events - API Only Session Correlation - API Only Roadmap Report, List View, and Click Events Wave App Integration Data Leakage Detection Pilot PILOT
  • 29. Security Best Practices ​ Masha Sedova ​ Sr. Director, Trust Engagement ​ 
  • 30. Security  is  a  partnership  with  our  customers.   Se3ng  and  reviewing  Security  Controls  will  improve  your  org’s  health.   Users  are  on  the  front  line.    
  • 31. Password security Passwords are the first line of defense. Security Risk ​ Loss of access control. Compromise will be blamed on the account owner. Teach your users about password ownership No password/credential sharing. No exceptions. Discourage password reuse. Effective insider threat technique. Address internally or report to security@salesforce.com.
  • 32. Phishing ●  Educate your Salesforce users! ●  If your users get a “Salesforce” e-mail, have them reach out to you or your security team to double check that it is legitimate ●  If you are not sure about a ”Salesforce" e-mail, ask us, by forwarding to security@salesforce.com ●  What is phishing? ●  One of the most effective and pervasive attack techniques ●  Luring a user to click on a link that carries a malicious payload ●  Resources: ○  trust.salesforce.com ○  staysafeonline.org
  • 33. Phishing: Real World Example ●  Hover over links to validate. ●  Does the e-mail context make sense? ●  Does the e-mail sender make sense? ●  Does Salesforce send receipts in this manner? Are you normally a recipient? ●  Look for typos/grammatical errors. ●  Beware Clickbait!
  • 34. Look for: ●  Legitimate @salesforce.com or @exacttarget.com address ●  Current Salesforce logo ●  Links go to www.salesforce.com or App Stores (hover with your mouse) ●  Call to action not overly aggressive Legitimate Salesforce Emails
  • 35. How Two Factor Authentication Works +
  • 36. Salesforce Authenticator Protects account access even if the user’s password is compromised Significantly reduces vulnerability Great resource: www.twofactorauth.org
  • 37. Login IP Ranges Available to all customers Only access Salesforce from a designated set of IP Ranges. Two levels: Org-level Trusted IP Ranges (permissive) Profile-level Login IP Ranges (restrictive) Enterprise, Unlimited, Performance, Developer: Manage Users | Profiles Contact Mgr, Group, Professional: Security Controls | Session Settings
  • 38. Recommendation ✓  Org-wide Trusted IP Ranges → all users in your organization ✓  Profile- based login IP range restrictions → employees with access to lots of data or sensitive materials (Admins, Developers) ✓  Profile- based login IP range restrictions --> users connecting from the same locations.
  • 39. ●  Deactivate users as soon as possible ●  Deactivation removes login access while preserving historical activity and records ●  Sometimes users cannot be deactivated: assign new user or reassign approval responsibility first ●  Know your IT department’s termination process User Deactivation Best practice: Freeze users first! From Setup, click Manage Users | Users. Click Edit next to a user’s name. Deselect the Active checkbox and then click Save.
  • 41. Update on Certifications ❏  ISO 27001 ❏  Updated to 2013 Standard ❏  Certification Document available ❏  PCI-DSS v3 ❏  Pre-Assessment complete ❏  Audit in progress. ❏  SOC2 Type 2 for Marketing Cloud ❏  Certification Document available
  • 43. SHA-256 Upgrade What’s Changing? Salesforce will be moving from utilizing certificates with a SHA-1 hash algorithm to new certificates with a SHA-256 hash algorithm. This change is to maintain alignment with the industry-wide security best practices. Core production instances will start being updated in August 2015. Operating Systems (OS) & Browsers Must meet minimum version requirements TEST SITE: https://sha2test.salesforce.com/s/ More Information: HTTPS Security Certificate Change from SHA -1 to SHA-256 hash algorithms What do I need to do to be prepared? Users Must use OS’s and browsers compatible with SHA-256 Middleware / Integrations* Should be tested to ensure continuous access *Customers who locally cache certificates in their middleware should join the Success Community group: “Official: Certificate Changes” in order to receive the necessary updates and information required in order to
  • 44. Questions? Please email questions/feedback to: skondi@salesforce.com