In our Cloud-based Platforms and Salesforce.com blog we demystified Cloud functionality and highlighted a few cloud-based innovation leaders, including our technology integration partner Salesforce.com. While easier integration, “best practices” user interfaces, and reduced cost of ownership, were among the many reasons that ClaimVantage chose to use Saleforce’s Force.com ‘cloud’ development platform, security and data protection certainly topped the list.
Regardless of where a company stores their private computer information, security risks need to be addressed. Salesforce protects ClaimVantage’s claims technology with diligence using independent audits, the latest firewall protection, intrusion detection systems and SSL encryption. Protection is applied at the application, facility and network level to provide the highest level of data protection.
At ClaimVantage we advocate company-wide implementation of Salesforce.com best practices to further safeguard information. By following these five important security steps companies can improve their data protection procedures.
1. Password Policies
Companies can strengthen password policies internally to make sure that passwords are not guessable and are more resilient to brute force attacks. To set your policies click Setup > Security Controls > Password Policies. Complex alphanumeric passwords are recommended. Password expirations and implementing lockouts can better secure passwords and insure that no one can run a brute force attack on your organization.
2. Implement IP Restrictions
Salesforce.com allows administrators to implement IP restrictions within a certain range of approved IP addresses. This will limit users’ access to salesforce.com from only the corporate network or other specified IP addresses for employees who work remotely. To setup IP restrictions click Setup > Security Controls > Network Access.
3. Limit Access
Salesforce has multiple options for limiting access for users. This can be done at the object level, field level, record type level or at a row level using sharing rules. See these videos to see what is possible.
4. Monitoring User Logins
User access can be monitored to make certain that only designated users are accessing the system. Salesforce records time, source IP, login type, status and browser of each login.This provides administrators with an overall view of user activity over a six-month period, as well as showing failed login attempts. To see user logins click Setup > Manage Users > View Setup Audit Trail.
5. Session Settings
Session settings can be accessed by clicking Setup > Security Controls > Sessions Settings. Most of these settings will never need to be changed but there is one important setting to take note of, the Timeout Value. This value is the number of minutes of inactivity before a user is logged out of the system. Activity on the system in most cases is button clicks and navigation. If a user were writing a note for a long period of time this would not be classed as activity. The session timeout is important when users leave the desktop or laptop unattended, as their session will keep them logged in. Encourage users to lock their machine before leaving their desk and also set a Screen Saver on their machine that prompts them to login afterwards. The screen saver will start when there is no activity on their machine, ie no mouse or keyboard clicks. The screen saver can be set to a lower time such as 5 minutes.
Staying alert and informed in regard to security and data protection is always a good idea. If you feel that your SalesForce organization has been compromised use the Expire All Passwords option. If you would like to learn more about the best practices we highlighted, watch the Salesforce.com webinar.