Salesforce Security Assessment Guide [Salesforce Health Check Best Practices]

November 5, 2021
11 min

How often do you see news announcing that hackers successfully attacked a large company having exploited their security vulnerability?

Based on the 2021 Mid Year Data Breach QuickView Report released by Risk Based Security, there were over 1,700 publicly reported data breaches in the first six months of 2021, which resulted in 18.8 billion exposed private records like credit card details, social security information, personal emails, phone numbers, addresses, and many others.

Number of Data Breaches Reported by Q2 Each Year

Number of Data Breaches Reported by Q2 Each Year

 

What does customers’ data leakage mean to a company? On average, insecure software costs businesses millions per incident and the lack of trust of existing and potential customers. Considering the fact that we use technology on a daily basis in our personal lives and at work, especially now, when most of the activities have moved online, cybercriminals are constantly on guard.

Number of Records Lost Reported by Q2 Each Year Infographics by Ascendix

Number of Records Lost Reported by Q2 Each Year

 

It takes 20 years to build a reputation and a few minutes of cyber-incident to ruin it.

Stephane Nappo, a Vice President and Global Chief Information Security Officer at Groupe SEB

Based on the same report, the leading data breach source is still hacking accounting for 1201 cases out of 1, 767. And it means that your company should be double watchful in terms of system safety and how your users access the platform.

Number of Data Breaches by Breach Type Infographics Ascendix

Number of Data Breaches by Breach Type

Especially, as your business grows, your org and security measures should adapt to the increasing demands as well. You can ensure that your CRM still aligns with your companies initiatives by tweaking some of the settings or a complete system overhaul.

The threat landscape is more complex than ever, and it’s increasingly difficult for security teams to prevent, detect, analyze, and respond to threats in time.

Apart from hacking risks, there are other dangers that can result in stealing your company and clients’ data, caused by virus attacks and phishing. It takes only one employee opening a phishing email to set off a chain of events that may compromise your company’s data. Relying on the data given in the same report, most of the data leakage happens because of web breaches, hacking, and fraud.

Number of Data Breaches by Breach Type Reported by Q2 2021 Infographics Ascendix

Number of Data Breaches by Breach Type Reported by Q2 2021

 

And since your company evolves and has more and more complex data flowing across your departments and integrated third-party systems, the size of the data leakage catastrophe seems to be more than impressive.

Salesforce, as one of the leading and versatile CRM solutions providers, offers the ability to audit your platform to detect any security issues that might have gone unnoticed. These issues are put together in a form of a report that can be used to identify possible risks that can be further addressed case-by-case.

 

Learn about Salesforce Pros and Cons According to Customer Reviews

 

Together with Salesforce, we at Ascendix take system security particularly seriously and put organization health and security as one of our top priorities during the full cycle of development and support.

Besides ensuring the reliability of our products, we guarantee the safety of our clients’ information by employing preventive security measures company-wide.

We combine top-level security best practices offered by the most secure CRM platform on the market – Salesforce – and compliment them with our time-tested and trusted approaches collected over years on the CRM consulting and custom software development markets.

Today, I’m going to reveal some of our tips on the Salesforce security assessment and how to increase the security of your org with:

  • CRM security assessment best practices
  • Salesforce health check tools: Health Checker, Salesforce CLI Scanner Plug-in, Checkmarx Code Scanner, Apex PMD Tool
  • More CRM health check tips and links to resources for further reading and practicing

Get a Virtual Shield Protecting 24/7 Your Salesforce Org from the Cyber Attacks 

We at Ascendix are ready to share our best practices on how to make your system super-secure, your and your clients’ data super-protected, and your users super-educated on safe system operation.

Benefits of CRM Regular Audit and Security Assessment

 

It goes without saying that revising critical areas of Salesforce solution are as important as regular medical checkups to ensure data protection and data loss prevention and stable CRM performance in the future. Thanks to this, you and your company will be able to rely on Salesforce to hold sensitive information and use the solution with confidence.

Regular org check-ups enable you to stay informed about actual vulnerabilities, prioritize remediation roadmap, and adjust change strategy accordingly.

This, in turn, will help accelerate user adoption, develop an effective user training program, and understand existing processes. Besides this important factor, you will be able to manage your investments and costs associated with your current infrastructure better, exceed all industry technology development standards, reduce operation costs, and improve solution scalability. In the end, it will elevate sales management, effectiveness, and results.

How to Know If You Need Salesforce Health Check And Security Assessment

 

You can see if you need to assess your Salesforce org health by answering the following questions:

  • Does original Salesforce implementation still align with your company initiatives?
  • Do you have a lot of technical debt accumulated over the years?
  • Has the amount of data entering your CRM increased over time?
  • Do you have a lot of duplicate records that require data cleansing?
  • Do many departments use your Salesforce instance as a single source of data?
  • Do you want to know licenses purchased vs actual usage ratio?
  • Are your users noticing errors because of processes time outs or are hitting governor limits?
  • Are you not sure if all users have the right security setup?

Salesforce Security Assessment Best Practices

 

The first and foremost step toward making your Salesforce org healthier is to critically assess all the existing and hypothetical system vulnerabilities. You can do it with the help of specialized tools or manually.

To be completely sure of your org’s health, especially the one that involves lots of custom coding, you may require external assistance from professional consultants.

Salesforce consulting agencies like Ascendix will evaluate the weak points of your existing solution from a security standpoint or provide you with a comprehensive validation checklist, audit strategy, and a list of the best-of-breed tools for any budget to diagnose it yourself.

If you’ve decided to assess your platform’s health manually, there is a list of aspects that you need to consider for the accurate Salesforce security assessment:

  • Data storage options
  • License usage
  • Batch classes and scheduler per object
  • Workflows and triggers implementation
  • Custom setting /metadata configuration for controlling Triggers
  • Standard vs Custom development
  • Record ownership

Here are some of the most common signs of unhealthy Salesforce org, that need immediate action:

  • Data storage limits exceeded
  • Frequent system issues
  • Record locking & controversy
  • Pointlessly installed packages

 

If you are just planning to build your Salesforce-based solution or to modify it to fit your needs completely, you have to think about ensuring security on all the levels of the development and customization cycle.

The Open Web Application Security Project (OWASP) discloses a comprehensive list of the most common web attacks. The top three risks are:

 

  • Broken Access Control: unauthorized information disclosure, modification, or destruction of all data or performing a business function outside the user’s limits.
  • Cryptographic Failures: sensitive data exposure.
  • Injection: a query sends bad data to a system in an attempt to cause damage.

 

Note*: Use OWASP Top 10 List as a guide to developing a minimum level of security in your solution.

 

Salesforce is a great platform in terms of security and its support both of the Salesforce instance and custom apps. It provides considerable flexibility of security control to meet your individual business requirements.

Also, thanks to its multitenancy and cloud-based nature, and compliance with the certifications and attestations like HIPAA, GDPR. IRAP and others, it is safe to store your data in Salesforce.

 

 

Salesforce security features empower you and your users to do your work safely and efficiently. It constantly improves its security functionality with minor updates and major releases 3 times a year.

If you chose to maximize your organization security with standard Salesforce health check tools, we recommend using:

Salesforce Health Check Tools

 

Salesforce Health Checker

 

This is one of the top Salesforce health check tools to ensure overall system sustainability and security.

Health Check is used to display your org’s vulnerabilities info on a dashboard, which can be fixed from the same page. Thanks to this tool, you can have a quick look at your org’s overall security. The health score is calculated based on a security baseline: standard or custom.

Standard Baseline – pre-configured org’s security settings for various risk levels suggested by Salesforce.

Custom Baseline – as it’s highlighted by its name, is used for a more specific view of security for such highly regulated industries like health care or finances, where the system should comply with quite strict requirements to protect sensitive, personally identifiable information or to comply with certain regulations (for example GDPR standards) that can’t be met with the standard baseline.

Here are some of the noteworthy guidelines on how to set up the custom baseline from Chitiz Agarwal.

* Note: Before importing a custom baseline to the Salesforce Health Check tool, it’s highly recommended to discuss it with your IT or Compliance departments.

Typically, this score is calculated by measuring how closely your platform’s security settings correspond to Salesforce’s recommended settings, on a scale from 0 – 100%, where:

  • 0% – 54% – Very poor settings configuration
  • 55% – 59% – Poor
  • 60% – 79% – Ok
  • 80% – 89% – Good
  • 90%  – 100% – Excellent

This gradation helps to identify the issues that should be addressed as a top priority with quick fixes or workarounds.

You can configure your security settings as you want, but it’s better to keep this score over 85%. My suggestion is to run Health Checker every month to identify symptoms of an unhealthy Salesforce org.

 

Salesforce Health Checker

Salesforce Health Checker

 

Health Checker Pros:

 

  • A free and easy-to-use tool that gives fast results
  • Integrated into your Salesforce Org and is available out-of-the-box
  • Recommended values are shown next to the actual values for an easy configuration via the Edit link.
  • Enhances the security of the org and, as a result, how the custom code of your custom apps runs in your org.

 

Health Checker Cons:

  • Not all settings are available
  • Request preliminary testing before changing all the settings

 

If you need to assess multiple Salesforce orgs at a time, you can orchestrate it via the Salesforce Security Center, a paid tool that can give you more insights into the system usage. For example, you can track how many users log in with multi-factor authentication (MFA).

If you plan to make customization for your solution via code, there are some tools we use that might help you a lot.

 

Salesforce CLI Scanner Plug-in

 

The Salesforce CLI Scanner plug-in is a unified tool for static analysis of source code in multiple languages (including Apex). This scanner can create HTML or CVS reports that will show you possible vulnerabilities or even bad code quality.

Great news that, due to CLI, this tool can be included in your CI/CD. We recommend you do this so that each build will have reports with the issues.

 

Salesforce CLI Scanner Plug-in

Salesforce CLI Scanner Plug-in

 

Salesforce CLI Scanner Plug-in Pros:

  • Free to use
  • Instant results
  • Can be integrated into your CI/CD

 

Salesforce CLI Scanner Plug-in Cons:

  • Can show false positive errors
  • Scan your local solution instead of org

 

When you move your project to release, especially if you want to create a product that you want to sell or put into AppExchange, this solution is necessary to use.

 

Checkmarx Code Scanner

 

Checkmark Code Scanner is a tool powered by Salesforce. It runs a security scan on your Salesforce org and gives a detailed report on risks and vulnerabilities. You must fix any errors classified as Low, Medium, or High.

 

Checkmarx Code Scanner

Checkmarx Code Scanner

 

Checkmarx Code Scanner Pros:

  • Free with limitations
  • Scans all code of your Salesforce org
  • Recommended by Salesforce

 

Checkmarx Code Scanner Cons:

  • You must pay if you want to scan more than 360000 lines of code per year
  • It takes time to get a report

 

Read more about another Salesforce health check app: Salesforce Org Doctor and an app to ensure data hygiene – Duplicate Check in the post: 8 Must-Have Salesforce Apps

 

Apex PMD Tool

 

You may have already worked with the PMD (Programming Mistake Detector) tools that are a famous source code analyzer for Java and similar programming languages. Salesforce offers its own tool – Apex PMD for testing the Apex language. With the help of the Apex PMD tool, you can generate Salesforce org errors reports.

It’s aimed to find two core issues: DML operations inside a for-loop and software query within a for-loop. Also, the Apex PMD tool helps to locate programming bugs like unnecessary object creation, unused variables, and empty catch blocks and, as a result, improve quality and avoid maintenance, performance, and bug problems in your Apex code.

 

Apex PMD Tool Pros: 

  • It’s a free and open-source solution
  • You can set your own custom rules
  • It can be a part of the ANT build script to generate error reports

 

Grab a Freebie: Ascendix CRM Consulting Projects PDF

Download an overview of featured Ascendix CRM consulting projects to better understand how we can help you with your project.

Name
Email

More Salesforce Health Check Tips

 

1. Test your Organization

 

Salesforce has major updates 3 times per year and small updates during the year. These updates make improvements to the organization and provide new features. However, during this period, some of the functionality may be outdated and not supported, especially, if you have a highly customized legacy system.

To prevent seeing your clients unhappy when something goes wrong in the production process after a new major update, we recommend that you prepare your solution for an update in advance. This can be done with the simple strategy:

 

  • Read release notes and check critical updates
  • Create sandbox with new release and critical updates enabled
  • Test all your scenarios of work
  • Fix all possible issues beforehand!
  • Setup Coding Standard for code review
  • Document the Apex and Test class best practices
  • Categorize the issue based on priority and complexity

 

2. Set Up Security Configuration

 

One of the most important things in your organization is the security model. It must be very well defined for whom you must provide access and which information must be hidden.

We will not explain how it can be configured because this is very specific to your company structure, but here in Ascendix, we’ve created our own tool that helps us check and configure a security model to fit the particular needs of a project:

 

Salesforce Security Configuration

Salesforce Security Configuration

 

3. Validate Data

 

Data is an integral part of any CRM platform, and to maximize the effectiveness of your sales and marketing activities, you need to ensure that your data is healthy, accurate, and consistent. To prevent data loss and corruption, you should perform regular data backups, and ensure its hygiene – regular deduplication, and enrichment.

 

Discover 5 Free Salesforce Data Cleansing Tools in Our Guide 

 

Keep your system clean by storing your data in the right way, applying data normalization and deduplication best practices.

 

Check How to Improve Your Data Quality with Salesforce Data Management Tips & Tricks

 

Further Recommended Reading:

 

How Ascendix Can Help with Salesforce Health Check and Security Assessment 

 

We, at Ascendix, provide a broad spectrum of Salesforce assessment services like:

  • Surface-level audit of the orgs’ risks, performance, and adoption
  • Comparison of your Org’s security and system configuration with Salesforce standards
  • Evaluation of user security within the system
  • Platform limits lookup
  • Generation of reports to measure user adoption
  • Review of Apex code quality
  • Analysis of Lightning readiness and mobile compatibility check
  • Analysis of system integration and recommendations on the best solutions to install
  • Business processes review for sales, service, and marketing automation opportunities
  • Revision of data quality and consistency
  • Detailed documentation on process builder and flow development standards

 

Since Ascendix’s inception, we have led more than 200 projects of different complexity to the technology’s success. Sounds convincing? Then just request free consultancy from our Salesforce-savvy team!

Share:

Leave a comment

Your email address will not be published. Required fields are marked *

Comment
First name *
Email *

Need Expert Guidance on How to Introduce Salesforce Functionality Into your Day-to-day Activities?

You found the right place! We provide a detailed Salesforce CRM assessment for your business purposes and advise on the selected approaches to configuration & customization of your Salesforce solution!