[Delivering Salesforce secure access to remote workforce
1. Ensure Salesforce Secure Access for
Your Remote Workforce
Salesforce COVID-19 Global Response
April 2020
SCPPE Team
2. Forward-Looking Statement
Statement under the Private Securities Litigation Reform Act of 1995:
This presentation contains forward-looking statements about the company’s financial and operating results, which may include expected GAAP and non-GAAP financial and other
operating and non-operating results, including revenue, net income, diluted earnings per share, operating cash flow growth, operating margin improvement, expected revenue
growth, expected current remaining performance obligation growth, expected tax rates, the one-time accounting non-cash charge that was incurred in connection with the
Salesforce.org combination; stock-based compensation expenses, amortization of purchased intangibles, shares outstanding, market growth and sustainability goals. The
achievement or success of the matters covered by such forward-looking statements involves risks, uncertainties and assumptions. If any such risks or uncertainties materialize or if
any of the assumptions prove incorrect, the company’s results could differ materially from the results expressed or implied by the forward-looking statements we make.
The risks and uncertainties referred to above include -- but are not limited to -- risks associated with the effect of general economic and market conditions; the impact of geopolitical
events; the impact of foreign currency exchange rate and interest rate fluctuations on our results; our business strategy and our plan to build our business, including our strategy to
be the leading provider of enterprise cloud computing applications and platforms; the pace of change and innovation in enterprise cloud computing services; the seasonal nature of
our sales cycles; the competitive nature of the market in which we participate; our international expansion strategy; the demands on our personnel and infrastructure resulting from
significant growth in our customer base and operations, including as a result of acquisitions; our service performance and security, including the resources and costs required to
avoid unanticipated downtime and prevent, detect and remediate potential security breaches; the expenses associated with new data centers and third-party infrastructure
providers; additional data center capacity; real estate and office facilities space; our operating results and cash flows; new services and product features, including any efforts to
expand our services beyond the CRM market; our strategy of acquiring or making investments in complementary businesses, joint ventures, services, technologies and intellectual
property rights; the performance and fair value of our investments in complementary businesses through our strategic investment portfolio; our ability to realize the benefits from
strategic partnerships, joint ventures and investments; the impact of future gains or losses from our strategic investment portfolio, including gains or losses from overall market
conditions that may affect the publicly traded companies within the company's strategic investment portfolio; our ability to execute our business plans; our ability to successfully
integrate acquired businesses and technologies, including delays related to the integration of Tableau due to regulatory review by the United Kingdom Competition and Markets
Authority; our ability to continue to grow unearned revenue and remaining performance obligation; our ability to protect our intellectual property rights; our ability to develop our
brands; our reliance on third-party hardware, software and platform providers; our dependency on the development and maintenance of the infrastructure of the Internet; the
effect of evolving domestic and foreign government regulations, including those related to the provision of services on the Internet, those related to accessing the Internet, and
those addressing data privacy, cross-border data transfers and import and export controls; the valuation of our deferred tax assets and the release of related valuation allowances;
the potential availability of additional tax assets in the future; the impact of new accounting pronouncements and tax laws; uncertainties affecting our ability to estimate our tax
rate; the impact of expensing stock options and other equity awards; the sufficiency of our capital resources; factors related to our outstanding debt, revolving credit facility, term
loan and loan associated with 50 Fremont; compliance with our debt covenants and lease obligations; current and potential litigation involving us; and the impact of climate change.
Further information on these and other factors that could affect the company’s financial results is included in the reports on Forms 10-K, 10-Q and 8-K and in other filings it makes
with the Securities and Exchange Commission from time to time. These documents are available on the SEC Filings section of the Investor Information section of the company’s
website at www.salesforce.com/investor.
Salesforce.com, inc. assumes no obligation and does not intend to update these forward-looking statements, except as required by law.
3. Healthcare and Life Sciences
Go-To-Market
Agenda
01 Introduction
02 Get to Know Secure Access Domains
03
04
Additional Features
Q&A and Resources
5. The COVID-19 Company Workforce Challenge
Extending Access
Points
Sharing Best Practices
Secure and monitor access
controls
Overcome current objections
We’re here to help Salesforce customers design and deploy remote workforce access.
6. Business or Salesforce Administrators
What admins find in their remote workforce assessment
Small to medium number of
Salesforce users
Users accessing
Salesforce from home
Part-time or full-timeSalesforce Administrator
Admins need to learn about
security features to control access
8. Secure Access Domains
How to ensure secure access and report on activity
1 Access
Users can access Salesforce securely from home.
2 Authentication
3 Device 4 Monitoring
Only authorised users log in.
Allows access from home (personal hardware), and is not
compromised by virus, malware, or keyloggers.
Assurance that you can report on user activity.
9. Remote Location Access Checklist
ACCESS
Login IP Ranges (Profile)
Login Hours (Profile)
Ensure Single-Sign On (SSO) is accessible outside the office, using webSSO
US Export Control
Note: No access from Cuba, Iran, North Korea, Sudan, Syria or the region of Crimea
10. 1. Specify a range of allowed IP
addresses on a user’s profile to
control access
2. Relax IP restriction and use other
controls (such as 2FA)
3. Restrict IP range for integration
4. Create clear documentation
IP Range Restriction
ACCESS
Resources:
Knowledge Article
Google search “What is my IP?”
Go to Setup, Profile, “any profile”, and select Login IP Ranges
11. 1. Specify the hours when users can
log in, based on the user profile
2. Consider relaxing work hours due to
the nature of work at this time
3. Document reasons for any changes
Login Hours Restriction
ACCESS
Resources:
Knowledge Article
12. Allowing Authorised Users
Identity Verification using a 6 digit pin vs SMS or email
Non-web logins (Outlook plugin, 3rd party app, API)
- Use a security token if outside Trusted IP Range (append to the end of the password)
2FA (Two-Factor Authentication)
- Use another device to confirm login
- Salesforce Authenticator or any standard 2FA apps
provided by Google or Microsoft
- Can be part of your login flow
Login Flow
- Prevents multiple logins
AUTHENTICATION
13. 1. Do not include remote IPs
2. Create clear documentation
Trusted IP Ranges
AUTHENTICATION
Resources:
Knowledge Article
If a user tries to
login from an IP
address, device, or
browser that
Salesforce does
not recognise, an
activation code is
required.
14. 1. Verify desktop or API login from a
non-trusted range
2. Required when outside trusted IP
3. Reset password if received unknown
token reset email
Security Token for API Login
AUTHENTICATION
Resources:
Knowledge Article
Password Best Practices:
Strong computer generated code, 24
characters
Append to the password, such as
mypasswordXXXXXXXXXX
15. 1. Require 2FA for every login
2. Use increased authentication (“high
assurance”) in Session Settings to
secure resources, such as a
connected app or reports
3. Use Login Flows to build
post-authentication requirements as
the user logs in or custom 2FA (sms)
Salesforce Authenticator mobile
app for Android and iOS
Go to Setup and select Session
Settings
Two-Factor Authentication
AUTHENTICATION
Resources:
Knowledge Article
How-to Video
Best Practices:
A “Must-Have” for all Salesforce
Administrator Accounts
16. 1. Collect and update user data
○ Emergency contact number, etc.
2. Implement Notice Board
3. Use stronger authentication
○ Prevents multiple logins
○ Detects and restricts suspicious IP addresses
○ Implements SMS, biometric, or other
authentication techniques
4. Monitoring
○ Send a notification every time a user logs in
outside working hours
Login Flows
AUTHENTICATION
Resources:
Knowledge Article
Best Practices:
Great for unique use cases
Use Declarative before code
Build post-authentication processes to match your business practices
Notice Board
17.
18. Challenges: Allowing Access for Specific Devices
HOME VS. PUBLICNETWORK
VIRUSES,
MALWARE, AND
PHISHING
DEVICES
● Viruses are the user’s responsibility,
attachments can’t spread within
Salesforce app
● Malware is the user’s responsibility
and Salesforce CSIRT can detect
● Phishing - See Access (Identity
Verification, 2FA, SSO)
● For home networks, update
Operating System (OS) browser and
AV software
● Avoid public access points (Internet
Cafe, free WiFi)
Best Practices:
Keep browser and operating systems up-to-date
Define the security contact on your help and training
19. Login history
● Org or User level
● Last six months
● Post-login, reactive
● Knowledge Article
Login flows
● Custom logic
● At login level, not applicable to specific business events
● Knowledge Article
Event monitoring with Transaction Security
(Add-on)
● Real-time detection and prevention of specific
business events, such as data export and lead
conversion
● Add-on license
● Knowledge Article
Reporting on user logins
MONITORING
Org Level
User Level
Best Practices:
● Review login history weekly
● Look for failed logins
● Evaluate event monitoring add-on
21. Single Sign-on (SSO)
● Lets users access multiple applications with one sign on
● Convenient for users and IT, but comes with the risk of having a single point of failure
● We recommend two-factor authentication (2FA) or multifactor authentication (MFA)
22. Session-based Permission Sets
● Allows only functional access during a predefined session type
● Use case:
○ A web application that accesses confidential information
○ Use a session-based permission set with a token to limit user access for a predetermined length
of time
○ When the token expires, users must reauthenticate to access the application again
Resources:
Knowledge Article
24. Secure Access Core Resources
Trailhead: Secure Your Users' Identity
Help and Training: Restrict Where and When Users Can Log In to Salesforce
Salesforce Developer Site: Salesforce Security Guide
Videos: YouTube Salesforce Channel (for instance, search for 2FA)
25. Introducing Salesforce Care Solutions
NEW Rapid Response for
Employee & Customer Support
includes: myTrailhead, Employee
Community, Customer Community,
Agent Console, and Premier Success
NEW Social Community
Engagement
Work From Home with Quip
Tableau COVID-19 Data Hub
Care Response Solution for
Healthcare Systems*
includes: Health Cloud, Salesforce
Shield, Salesforce Communities, and
myTrailhead
NEW Philanthropy Cloud
available in the US only
for rallying employees around their
communities through giving campaigns
plus virtual or skills-based volunteering
NEW Essentials free for 3
months up to 10 users,
worldwide
NEW Tableau Desktop free for
3 months up to 10 users,
worldwide
Salesforce Care Ecosystem: AppExchange Resource Center
Includes Access to Customer Success Resources
Employees & Customers Industries Small Business
*Specifically for for emergency response teams, call centers, and care management teams at health systems affected by coronavirus
26. TRAILBLAZER
INNOVATION
REGIONAL
SUCCESS
PRODUCT
SUCCESS
CUSTOMER SUCCESS
HUB
APAC (English)
EMEA (English)
Deutsch
Español
Français
Português
日本
Join our family (Ohana) of
Customer Success groups in
the Trailblazer Community!!
Official groups featuring Blaze
are the best places for
Trailblazers to connect, learn,
get inspired and stay up to
date on the latest customer
success resources – all in your
own language and region.
Start Here
success.salesforce.com > Featured Groups