Nerd @ Work

When Salesforce is life!

Author: Gilad David Maayan Page 1 of 2

Working with SSO in Salesforce

By

On February 28, 2024

In Post

This contributed articole if written by Gilad David Maayan is a technology writer who has worked with over 150 technology companies including SAP, Imperva, Samsung NEXT, NetApp and Check Point, producing technical and thought leadership content that elucidates technical solutions for developers and IT leadership. Today he heads Agile SEO, the leading marketing agency in the technology industry.

What Is Single Sign-On (SSO) and Why Is It Important? 

Single Sign-On (SSO) is a user authentication process that allows a user to access multiple applications or systems with one set of credentials. This means that after logging in once, the user can access all associated systems without needing to log in again for each one. SSO is crucial for enhancing user experience by reducing password fatigue—the need to remember and enter different passwords for various services. Additionally, it improves security by minimizing the chances of password theft, as users are less likely to reuse or write down passwords.

From an administrative perspective, SSO authentication simplifies management of user accounts and permissions. It allows IT departments to manage access to all services through a single interface, making it easier to revoke access when an employee leaves the company or changes roles. Furthermore, SSO can help organizations meet compliance requirements by providing centralized audit trails of user access and activities across multiple systems. Implementing SSO can lead to increased productivity, as users spend less time logging in and more time focusing on their work tasks.

Options for SSO in Salesforce 

There are three main options for setting up SSO in Salesforce:

1. Salesforce as the Service Provider or Relying Party

In this setup, Salesforce acts as the service provider, meaning that it relies on an external identity provider (IdP) to authenticate users. For instance, if your organization uses Google Workspace, you could set up Google as the IdP, and Salesforce would trust the authentication from Google. This means that users can sign in to Google and then access Salesforce without having to log in again.

2. Salesforce as the Identity Provider or OpenID Connect Provider

Conversely, Salesforce can also act as the IdP itself. In this scenario, Salesforce authenticates the user and provides identity services to other applications. This means that a user could log in to Salesforce and then access other applications (that trust Salesforce as the IdP) without having to log in again. It’s a powerful feature that can make Salesforce the hub of your organization’s digital workspace.

3. Salesforce as Both Service and Identity Provider

In some cases, Salesforce can take on both roles – acting as both the service provider and the IdP. This is particularly useful in scenarios where an organization uses multiple Salesforce instances. One instance can act as the IdP, and the others as service providers, creating a seamless user experience across all instances.

4. Salesforce and Delegated Authentication

Finally, Salesforce also supports delegated authentication, where Salesforce can delegate the authentication process to your organization’s authentication system. This means that Salesforce calls a web service hosted by your organization each time a user tries to log in, and the web service determines whether the user is allowed access.

Example: Configure SSO from Salesforce to Amazon Web Services 

Here is an example of how to set up single sign-on across Salesforce and AWS.

Get a SAML IdP Certificate

The first step in this process is to get a SAML Identity Provider (IdP) certificate. The SAML IdP certificate is used to establish trust between Salesforce and AWS. It’s similar to an SSL certificate, proving the identity of the server and encrypting communication between the server and the client.

You can generate a self-signed SAML IdP certificate or receive one from a certificate authority. The certificate should be saved on a local machine.

Download the Metadata Document

The metadata document is an XML file that contains the information AWS needs to trust Salesforce as an IdP. It includes details such as the Entity ID, which is a unique identifier for the IdP, and the location of the SSO service.

To download the metadata document, navigate to the Identity Provider setup page in Salesforce and click on the Download Metadata button. This will generate an XML file that you need to save on your local machine. You will upload this file to AWS in the next step.

Create a SAML Provider on AWS

Now, in AWS Console, you need to create a new SAML provider and upload the Metadata Document you downloaded from Salesforce.

In the AWS Management Console, navigate to the IAM dashboard and click on Identity Providers. Follow the instructions for creating a SAML provider. These include uploading the metadata document, creating roles with user policies, including a role for identity provider access, and granting WebSSO access to the SAML provider. 

AWS will generate an ARN (Amazon resource number). Save this ARN for future reference.

Create and Configure a Connected Application on Salesforce

A connected app is a framework that allows external applications to integrate with Salesforce using APIs and standard protocols.

If using Salesforce Classic, go to Setup and search for the Apps page, then click on New under Connected Apps

If using Salesforce Lightning Experience, navigate to the App Manager and click on New Connected App. Here, you need to provide the necessary details for your app. Make sure to enable SAML in the Web App Settings and configure it using the details from the AWS SAML provider you created earlier.

On successful configuration, Salesforce will provide an SSO URL that you can use to log in to AWS through Salesforce.

Conclusion

In conclusion, Salesforce Single Sign-On (SSO) offers a robust and flexible solution for managing user access across a wide range of applications and services. By allowing users to authenticate once and gain access to multiple systems, Salesforce SSO enhances both user experience and security. Organizations can leverage Salesforce as a Service Provider, an Identity Provider, or even both, depending on their specific needs. Additionally, the option for delegated authentication further extends the versatility of Salesforce SSO, enabling seamless integration with external authentication systems.

Through the example of configuring SSO from Salesforce to AWS, we’ve seen the practical steps involved in establishing a trust relationship between Salesforce and external services. Consult Salesforce’s documentation to learn how to integrate Salesforce SSO with a wide range of services beyond AWS, to use Salesforce as a centralized hub for digital identity management.

Continuous Delivery in Salesforce Development

By

On February 15, 2024

In Post

This contributed articole if written by Gilad David Maayan is a technology writer who has worked with over 150 technology companies including SAP, Imperva, Samsung NEXT, NetApp and Check Point, producing technical and thought leadership content that elucidates technical solutions for developers and IT leadership. Today he heads Agile SEO, the leading marketing agency in the technology industry.

What Is Continuous Delivery? 

Continuous delivery is a software development practice where code changes are built, tested, and prepared for release to production in a rapid, consistent manner. It aims to make deployments—whether of a large-scale distributed system, a complex production environment, an embedded system, or an app—predictable and routine affairs that can be performed at any time on demand.

In the context of Salesforce development, continuous delivery ensures that the code and configuration changes made in Salesforce are always in a releasable state. This means that whenever a change is made, it is immediately tested and prepared for deployment. The continuous delivery approach reduces the lead time for changes, minimizes the risk of deployment failures, and provides quick feedback to the development team.

Continuous delivery in Salesforce development is all about automation. Every stage of the development process—from code creation to testing to deployment—is automated. This eliminates manual errors, accelerates the development process, and ensures that every change is immediately ready for production. It’s about making sure that any version of the software, from any point in its lifecycle, can be reliably and rapidly released.

Benefits of Salesforce Continuous Delivery 

Here are a few of the reasons forward-looking organizations developing code for Salesforce are transitioning to continuous delivery:

Faster Time to Market

CI/CD ensures that every change is immediately ready for deployment, which drastically reduces the lead time for changes. This means that new features and improvements can be delivered to customers more quickly, which can provide a competitive advantage.

Moreover, continuous delivery facilitates a culture of experimentation. Because it’s easy and safe to release changes, you can experiment with new features and improvements more frequently. This can lead to innovative solutions that meet customer needs more effectively and quickly.

Lower Development Costs

By automating the development process, you eliminate the need for manual testing and deployment, which can be time-consuming and expensive. Automation also reduces the risk of human error in deployments, which can lead to costly mistakes and rework.

Furthermore, continuous delivery promotes a “fail fast” mentality. Because changes are released quickly, problems are identified and addressed sooner, which can save significant time and resources in the long run.

Low Risk Releases

When practicing continuous delivery in Salesforce development, every change is immediately tested and prepared for deployment, so the risk of deployment failures is minimized. This means you can release changes with confidence, knowing that they have been thoroughly tested and are ready for production.

Moreover, continuous delivery allows for more frequent releases, which means smaller, more manageable changes. This reduces the risk associated with large, infrequent releases, which can be challenging to manage and troubleshoot.

Setting up the Salesforce Development Environment for Continuous Delivery 

Set Up Version Control

The first step in setting up the Salesforce Development Environment for continuous delivery is setting up version control. Version control systems are essential tools for any software development project, and Salesforce development is no exception. They allow developers to keep track of changes made to the source code, making it easier to collaborate and manage changes. A common choice is Git, a distributed version control system that is widely used in the software development industry.

Setting up version control in Salesforce can be done using Salesforce CLI. After installing Salesforce CLI, you can create a new Git repository in your Salesforce project directory. Then, you can commit and push changes to the repository using Git commands. This process allows you to keep a historical record of your project’s development and facilitates collaboration among team members.

Leverage Salesforce DX

Salesforce DX (Salesforce Developer Experience), is a suite of tools and features that allow developers to build and manage Salesforce apps throughout the entire software development lifecycle.

Salesforce DX provides a modern and integrated development environment, supports team collaboration, and simplifies the process of building and deploying apps. Moreover, Salesforce DX is built around the concept of “source-driven development”, which aligns with the idea of continuous delivery.

To leverage Salesforce DX, you need to install it on your machine and set up a Salesforce DX project. The project will serve as your main workspace, where you can develop, test, and deploy your Salesforce apps. Salesforce DX also integrates with version control systems like Git, making it even more convenient for continuous delivery.

Automate Builds and Testing

Automation is a key component of continuous delivery, as it eliminates the need for manual intervention in the software delivery process.

In Salesforce, you can automate builds using scripts and Salesforce CLI commands. These scripts can be run automatically whenever a change is pushed to the version control system, ensuring that the latest version of the software is always available for testing.

Automating testing is also essential. Salesforce provides several tools for automated testing, including Apex testing and Lightning testing. These tools allow you to write test cases for your Salesforce apps and run them automatically. By automating testing, you can ensure that all changes to the software are thoroughly tested before they are delivered.

Utilize Salesforce’s Package Management Capabilities

Salesforce packages are containers for something as small as an individual component or as large as a set of related apps. After the package is created, it’s easy to distribute to other orgs and even list on the AppExchange.

Packages are particularly useful in managing customizations and extending Salesforce. By grouping related items into packages, you can track and manage them as a unit, making it easier to deploy changes and roll them back if necessary. This feature ties in well with continuous delivery, where changes are continuously integrated and deployed.

Salesforce provides two types of packages: unmanaged and managed. Unmanaged packages are typically used for distributing open-source projects or templates, while managed packages are used for full-scale app distribution. For continuous delivery it is recommended to use managed packages as they offer more features and control over the package lifecycle.

Scan Code for Security Vulnerabilities

Finally, it’s crucial to consider security. One of the tools you can use for this purpose is Salesforce’s Security Source Scanner. This tool automatically scans code for security vulnerabilities, helping ensure that the software is secure before it’s delivered.

The Security Source Scanner checks your Salesforce code against a set of security rules. If it finds any violations, it reports them so you can fix them before delivery. This tool is especially useful in a continuous delivery setup, where changes are delivered frequently and there’s a high risk of introducing security vulnerabilities.

In conclusion, setting up a Salesforce development environment for continuous delivery involves several steps, each of which plays a crucial role in ensuring a smooth and efficient software delivery process. By following these steps, you can streamline your Salesforce development process, improve collaboration among your team, and deliver high-quality Salesforce developments consistently and efficiently.

Integrating SalesForce with AWS

By

On December 20, 2023

In Post

This guest post is presented by Gilad David Maayan is a technology writer who has worked with over 150 technology companies including SAP, Imperva, Samsung NEXT, NetApp and Check Point, producing technical and thought leadership content that elucidates technical solutions for developers and IT leadership. Today he heads Agile SEO, the leading marketing agency in the technology industry.

In today’s data-driven business environment, the integration of Salesforce with AWS allows organizations to improve customer relationship management and operational efficiency. This article explores benefits and capabilities that businesses can harness by integrating their Salesforce instance with AWS’s native services, such as Redshift, Lambda, and Amazon Connect, as well as third party services hosted on AWS, such as Tableau and MuleSoft.

How AWS Native Services Can Benefit SalesForce Users 

Here are the key capabilities SalesForce users can derive from integrating their SalesForce instance with AWS.

Enhanced Data Storage and Querying

AWS offers a range of powerful data storage and querying services, including AWS database services like Amazon RDS, NoSQL options like Amazon DynamoDB, and Amazon Redshift.

When integrated with Salesforce, these services allow for efficient storage and querying of customer data. This can greatly improve the speed and accuracy of customer insights, enabling businesses to make more informed decisions and improve their customer relationships.

Furthermore, AWS’s advanced analytics services, such as Amazon QuickSight, can provide deep insights into customer behavior and trends. These insights can be used to drive strategic business decisions and improve overall business performance.

Amazon Redshift and Einstein Analytics

Amazon Redshift and Einstein Analytics are two powerful tools that can be leveraged when integrating Salesforce with AWS. Amazon Redshift is a fast, scalable data warehouse that makes it simple and cost-effective to analyze all your data using standard SQL and your existing Business Intelligence (BI) tools.

On the other hand, Einstein Analytics is Salesforce’s native analytics tool, providing AI-powered business intelligence. When used in conjunction with Amazon Redshift, businesses can leverage the high-speed analysis and data visualization capabilities of Einstein Analytics on the comprehensive data stored in Amazon Redshift.

Serverless Function Execution with AWS Lambda

AWS offers scalable, serverless function execution for complex operations, a feature that is particularly beneficial when integrated with Salesforce. With AWS Lambda, you can run your code without provisioning or managing servers.

When integrated with Salesforce, this serverless architecture allows for the execution of complex operations without the need to manage or scale servers. This can greatly simplify the management of complex operations, increase operational efficiency, and reduce costs.

Amazon Connect and Salesforce Service Cloud Voice

Amazon Connect is an easy-to-use omnichannel cloud contact center that helps businesses provide superior customer service at a lower cost. When integrated with Salesforce Service Cloud Voice, it brings together voice, digital channels, and CRM data in real-time.

This integration allows for a unified agent and manager experience within Salesforce, enabling businesses to deliver more personalized and effective customer service. It also provides valuable insights into customer interactions, which can be used to improve service quality and drive customer satisfaction.

Integrating SalesForce with Third-Party Services on AWS

Tableau on AWS

Another powerful AWS service that can be integrated with Salesforce is Tableau. Tableau is a powerful data visualization tool that can transform raw data into understandable and actionable insights. When hosted on AWS, Tableau can leverage the scalability, reliability, and security of the AWS cloud.

By integrating Tableau with Salesforce, businesses can visualize their Salesforce data in real-time, enabling them to make faster, data-driven decisions. This integration can also streamline data analysis and reporting processes, saving time, and improving overall business efficiency.

MuleSoft on AWS

MuleSoft, an integration platform for SOA, SaaS, and APIs, is a Salesforce company that provides a seamless way to connect applications, data, and devices. With MuleSoft on AWS, you have the power to unlock your data, integrate your systems, and innovate faster.

With MuleSoft, you can create a connected experience by integrating Salesforce with any system, application, or data source, whether on-premises or in the cloud. You can also expose data as APIs, making it readily accessible for your developers and partners. Moreover, MuleSoft’s Anypoint Platform simplifies the design, deployment, and management of APIs, delivering speed and agility to your business.

Slack on AWS

Slack, a business communication platform, is another Salesforce service that runs on AWS. It offers a myriad of features, such as channels, direct messaging, voice and video calls, file sharing, and integrations with other software. With Slack on AWS, organizations can improve team collaboration, streamline workflows, and ultimately enhance productivity.

By integrating Slack with Salesforce, you can automate routine tasks, get real-time updates on your Salesforce records, and even converse with Salesforce’s intelligent assistant, Einstein, directly in Slack. This integration not only helps in keeping your team informed but also saves valuable time, enabling your team to focus on what matters the most – serving your customers better.

Example Integration Flow: How to Setup Application Integration for Salesforce with Amazon Connect 

Amazon Connect is a cloud-based contact center service offered by AWS, which can be integrated with Salesforce to deliver improved customer experience. Here’s a quick guide on how to set up application integration for Salesforce with Amazon Connect.

Set Up an Amazon Create Instance

The first step in integrating Salesforce with Amazon Connect is to create an Amazon Connect instance. Log into your AWS Management Console and navigate to the Amazon Connect service. Click on ‘Create an instance’ and follow the prompts.

You’ll need to provide a name for your instance and choose settings for data storage, telephony, and data streaming. You can also select optional settings such as contact flow logs, contact lens for Amazon Connect, and hours of operation. Once you’ve configured the settings, click on ‘Create’ to get your instance up and running.

Install the Amazon Connect CTI Adapter

The next step is to install the Amazon Connect CTI (Computer Telephony Integration) Adapter in your Salesforce organization. This adapter enables your Salesforce users to handle Amazon Connect voice and chat contacts directly in Salesforce.

To install the adapter, log into your Salesforce org and navigate to the AppExchange. Search for ‘Amazon Connect CTI Adapter’ and click on ‘Get It Now’. Follow the installation prompts and choose the users who should have access to the adapter. After the installation is complete, the Amazon Connect CTI Adapter will be available in your Salesforce org.

Configure your Salesforce Call Centre

The final step is to configure your Salesforce Call Centre to use the Amazon Connect CTI Adapter. In your Salesforce org, go to ‘App Manager’ and click on ‘New Connected App’. Provide a name for your app, enable OAuth settings, and add the necessary scopes.

Next, navigate to ‘Call Centers’ in Salesforce and click on ‘Import’. Choose the Amazon Connect CTI Adapter file and click on ‘Import’. You can then add users to your call center and assign them the necessary permissions. With this, your Salesforce Call Centre is all set to handle Amazon Connect contacts.

Conclusion

Tools such as Amazon Redshift, AWS Lambda, and Amazon Connect, when combined with Salesforce, empower businesses to operate more effectively and make data-driven decisions swiftly. Additionally, the integration with third-party services like Tableau, MuleSoft, and Slack on AWS further extends the functionality and efficiency of Salesforce. The process of setting up these integrations, as illustrated with the example of Amazon Connect, is straightforward, enabling businesses to quickly reap the benefits of the integration.

5 Tips for Managing Salesforce Cloud Costs

By

On December 16, 2023

In Post

This guest post is presented by Gilad David Maayan is a technology writer who has worked with over 150 technology companies including SAP, Imperva, Samsung NEXT, NetApp and Check Point, producing technical and thought leadership content that elucidates technical solutions for developers and IT leadership. Today he heads Agile SEO, the leading marketing agency in the technology industry.

Understanding and effectively managing Salesforce cloud costs can significantly impact a company’s bottom line. Salesforce, as a leading CRM platform, offers diverse functionality that cater to diverse business needs. However, the more of this functionality a business uses, the higher the ongoing cost of the platform. 

Image Source

From user licenses to API calls, from data storage to custom developments, each element plays a role in the overall expense structure. To make the most of Salesforce without overspending, businesses must be proactive in their approach to cost management, as part of a holistic cloud cost management strategy. This article delves into the details of Salesforce cloud costs and provides actionable strategies to keep these costs under control.

Factors Affecting Salesforce Cloud Costs 

User Licenses

When it comes to Salesforce cloud costs, user licenses are one of the significant contributors. Salesforce offers different types of licenses, each with its own pricing. The more licenses you purchase, the higher your costs will be.

Note that some licenses offer more features and functionalities but come with a higher price tag. Pricing ranges from $25 / user / month for the Starter tier, all the way up to $500 / user / month for the Unlimited tier. Hence, you need to strike a balance between the number and type of licenses to manage your Salesforce costs effectively.

API Calls

Another factor affecting Salesforce cloud costs is API calls. Salesforce provides APIs to integrate with other systems and applications. However, each API call comes at a cost. The more API calls your business makes, the higher your costs will be.

By managing your API calls, you can control your Salesforce costs. You can identify and eliminate unnecessary API calls, optimize the usage of APIs, and align your API strategy with your business objectives.

Data Storage

Data storage is another factor that influences Salesforce cloud costs. Salesforce provides data storage for your records, files, and other data. However, the more data you store, the higher your costs will be.

By managing your data storage, you can reduce your Salesforce costs. You can identify and delete redundant or obsolete data, optimize your data management practices, and ensure that your data storage costs are in line with your business needs and budget.

Custom Development

The last factor affecting Salesforce cloud costs is custom development. Salesforce offers a highly customizable platform. You can develop custom apps, features, or integrations to meet your specific business needs. However, custom development comes with its costs.

By managing your custom development costs, you can control your Salesforce expenses. You can prioritize your development projects, leverage reusable components, and ensure that your custom development efforts are cost-effective and aligned with your business goals.

5 Tips for Managing Salesforce Cloud Costs 

Let’s dive into five actionable tips that can help you manage your Salesforce cloud costs effectively.

Regularly Review User Licenses

Your Salesforce subscription is primarily based on the number of user licenses. It’s essential to regularly review and adjust these licenses to ensure you’re not paying for more than you need.

Each user license equates to a seat in your Salesforce organization. You pay for these seats whether they are occupied or not. If you have unused licenses, you’re essentially wasting money. Regularly reviewing your user licenses and deactivating unused or unnecessary ones is a simple yet effective way to manage your Salesforce costs.

Also evaluate the types of licenses used by your users. Make sure you’re using the right type of license for each user. Don’t pay for high-end licenses for users who only need basic features.

Optimize Data Storage

Data storage is another significant factor in Salesforce cost. Salesforce provides a certain amount of data storage per user license, and once you exceed this, you need to pay extra. Therefore, optimizing your data storage can help manage your Salesforce costs:

  • Ensure you’re only storing necessary data: Regularly review your data and delete or archive anything that’s not needed.
  • Use efficient data structures: Salesforce has various types of data storage, each with its own storage limit. By using the right type of storage for each piece of data, you can optimize your storage usage.
  • External storage solutions: If you have large amounts of data that don’t need to be on Salesforce, moving them to an external storage solution can significantly reduce your Salesforce data storage costs.

Monitor API Calls

Salesforce limits the number of API calls you can make in a 24-hour period, based on your user licenses. Exceeding these limits can lead to additional costs. Therefore, monitoring your API calls is an important part of cost management.

  • Understand your API usage: Identify which processes generate the most API calls and determine if they are necessary. You may find that some processes can be optimized or eliminated to reduce API calls.
  • Consider using batch processes: Batch processes allow multiple records to be processed in a single API call, reducing the total number of API calls.

Utilize Native Features Before Third-Party Integrations

Salesforce offers a wide range of native features that can meet most business needs. Before resorting to third-party integrations, which can add to your costs, consider if you can achieve your goals using Salesforce’s native features.

Using native features can also improve your overall Salesforce experience. Native features are designed to work seamlessly with Salesforce, ensuring optimal performance and user experience.

Implement Governance Policies

Lastly, consider implementing governance policies to manage your Salesforce costs. Governance policies can help ensure your Salesforce usage aligns with your business goals and budget.

A good governance policy should cover usage guidelines, user licenses management, data storage optimization, API usage, and third-party integrations. It should also include regular reviews and audits to ensure compliance.

Implementing a governance policy may seem like a daunting task, but it’s an investment that can yield significant returns in terms of cost management.

Salesforce is a powerful platform that can drive your business success. However, without prudent cost management, it can become a costly endeavor. By regularly reviewing your user licenses, optimizing your data storage, monitoring your API calls, utilizing native features, and implementing governance policies, you can unlock the power of cost management using Salesforce.

Insider Threats in SalesForce: Understanding the Risk

By

On October 18, 2023

In Post

This guest post is written by Gilad David Maayan, a technology writer who has worked with over 150 technology companies including SAP, Imperva, Samsung NEXT, NetApp and Check Point, producing technical and thought leadership content that elucidates technical solutions for developers and IT leadership. Today he heads Agile SEO, the leading marketing agency in the technology industry.

What Are Insider Threats? 

Insider threats are malicious activities that occur within an organization and are carried out by individuals who have inside information about the organization’s security practices, data, and computer systems. These individuals could be current or former employees, contractors, or business associates who have access to the network, system, or data.

The first significant thing to note about insider threats is that they’re not always intentional. Sometimes, well-meaning employees inadvertently become insider threats due to lack of proper training, ignorance, or negligence. On the other hand, there are scenarios where disgruntled employees or malicious insiders intentionally compromise the security of the organization, causing significant harm. Read this in-depth blog post for more background on insider threats.

Why Salesforce is Vulnerable to Insider Threats 

Salesforce, with its extensive user access, sensitive data storage, and complex permission structures, is particularly susceptible to insider threats.

Extensive User Access

Salesforce instances tend to provide broad access, allowing employees across an organization to collaborate and share information seamlessly. However, this strength can also be a vulnerability. When a large number of users have access to Salesforce, there’s an increased risk of insider threats. This risk escalates when users have more access privileges than they need to perform their job functions.

Sensitive Business Data

Salesforce serves as a repository for vast amounts of sensitive data, including customer information, financial data, and strategic business information. This makes Salesforce a lucrative target for insider threats, as the data can be used maliciously for personal gain or to cause harm to the organization.

Complex Permission Structures

The permission structures in Salesforce can be quite complex, which can lead to users unintentionally having more access than they require. This complexity also makes it difficult for administrators to monitor user activities effectively, creating potential opportunities for insider threats.

Common Insider Threat Scenarios in Salesforce 

Let’s look at some common scenarios where insider threats can manifest in Salesforce.

Data Exfiltration

Data exfiltration refers to the unauthorized transfer of data from a computer or network. In Salesforce, this could occur when an employee exports large amounts of data to a personal device or sends it to an external email address. Such activities can lead to data breaches and significant financial and reputational damage for organizations.

Permission Elevation

Permission elevation, also known as privilege escalation, refers to the act of exploiting a bug, design flaw, or configuration oversight in an operating system or software application to gain elevated access to resources that are normally protected from an application or user. In the context of Salesforce, this could involve a user gaining access to functionalities or data that they are not supposed to have access to.

Business Espionage

Business espionage involves the use of covert methods to gather trade secrets or sensitive information from competitors. In the context of Salesforce, this could involve an insider leaking sensitive information to a competitor or using the platform to gather intelligence on competitors.

Mitigation Strategies for Insider Threats 

As a business owner or manager, it is crucial to stay proactive in protecting your organization from insider threats in Salesforce. This requires a combination of effective strategies that focus on technology, processes, and people.

Implement a Least Privilege Access Model

The principle of least privilege (PoLP) is a computer security concept in which a user is given the minimum levels of access necessary to complete his or her job functions. This approach can significantly reduce the risk of insider threats in Salesforce.

In practice, applying PoLP means carefully managing and regularly reviewing user permissions. Not every employee needs access to all data and functions within Salesforce. By limiting access rights, you can reduce the potential for damage if an account is compromised or misused.

This approach also includes segregating duties where necessary. For instance, an employee responsible for inputting data should not have the same access rights as someone who approves those inputs. This segregation of duties can prevent one individual from having too much control or access.

Conduct Regular Audits and Reviews

Regular audits and reviews are equally important in mitigating insider threats in Salesforce. This process involves regularly reviewing user activity and access rights within your Salesforce environment.

Audits can help detect any unusual or suspicious activity that might indicate an insider threat. This might include excessive data downloads, multiple login attempts, or changes to security settings.

Reviews, on the other hand, should focus on ensuring that the access rights of each user remain appropriate for their role. If an employee changes roles or leaves the company, their access rights should be updated or revoked accordingly. This can prevent any potential misuse of access rights.

Employ Monitoring and Alerting Tools

Monitoring and alerting tools form another essential layer of protection against insider threats in Salesforce. These tools can provide real-time visibility into user activity, helping you detect any signs of insider threats early.

Salesforce itself provides several built-in monitoring tools that can be effectively used for this purpose. For instance, Salesforce Shield offers event monitoring that can provide a detailed view of user activity data.

Alerting tools, on the other hand, can notify you in real-time if any suspicious activity is detected. This allows you to act swiftly and prevent any potential damage.

Data Loss Prevention (DLP)

Data Loss Prevention (DLP) is another crucial strategy in the fight against insider threats in Salesforce. DLP focuses on preventing the unauthorized access, use, or transfer of sensitive data.

DLP solutions work by identifying, monitoring, and protecting data in use (endpoint actions), data in motion (network traffic), and data at rest (data storage). In the context of Salesforce, this involves monitoring and controlling the data that users can access and share.

Implementing DLP can help prevent any sensitive data from falling into the wrong hands, whether due to malicious intent or accidental leakage.

Legal and Administrative Measures

While the above strategies focus mainly on technological and process-based measures, it’s equally important to consider legal and administrative measures to mitigate insider threats in Salesforce.

These can include policies and procedures that define acceptable use of Salesforce, non-disclosure agreements (NDAs), and other contractual measures. These measures provide a clear framework for what is considered acceptable behavior and the consequences of any violation.

Furthermore, disciplinary procedures should be in place and communicated to all users. Knowing that there are consequences for inappropriate actions can act as a deterrent for potential insider threats.

Employee Training and Awareness

Employee training and awareness play a crucial role in mitigating insider threats in Salesforce. After all, your employees can be your first line of defense against these threats.

Regular training can help employees understand the risks of insider threats and their role in preventing them. This can include training on good password practices, recognizing phishing attempts, and the importance of reporting suspicious activity.

Awareness campaigns can also help keep the issue of insider threats top of mind for employees. Regular reminders of the importance of data security can reinforce the training and help create a culture of security within your organization.

Conclusion

In conclusion, while insider threats in Salesforce can pose a significant risk to businesses, they can be effectively managed through a combination of technological, process-based, and people-focused strategies. By implementing these strategies, you can protect your valuable Salesforce data and ensure the ongoing security of your business.

Feature image designed by vectorjuice / Freepik

Quick Guide to Salesforce Firewall Configuration

By

On January 9, 2023

In Post

Today’s guest post is delivered by Gilad David Maayan, a technology writer who has worked with over 150 technology companies including SAP, Samsung NEXT, NetApp and Imperva, producing technical and thought leadership content that elucidates technical solutions for developers and IT leadership.

What is eCDN Web Application Firewall?

Salesforce Commerce Cloud provides a built-in content delivery network called eCDN, designed to accelerate site access and content delivery. It provides a safer and more reliable online shopping experience.

The eCDN also includes a web application firewall (WAF). Unlike a network firewall that inspects network traffic and blocks attacks at the network level, a WAF can protect application-layer traffic from web security threats and common web application vulnerabilities. For example, WAFs can protect against SQL injection, cross-site scripting (XSS), and cross-site request forgery (CSRF). The WAF is automatically updated with new rules and attack patterns to stay ahead of evolving threats.

How Does eCDN WAF Work?

eCDN WAF looks at all interactions with merchant websites—legitimate shopper behavior, bot traffic, and potentially malicious requests. All requests to the storefront are made over HTTP/S or AJAX. The WAF scrutinizes all requests, identifying common patterns of legitimate web traffic and possible attack patterns, and filtering out malicious traffic. The WAF can identify unusual or malicious traffic and block it to prevent security threats from reaching the eCommerce server. eCDN WAF also inspects website addresses and URLs to detect anomalies like malicious redirects.

When a suspicious request is made to a merchant’s site, the eCDN WAF evaluates the request and applies the action configured by the merchant:

  • If the selected action is “challenge”—the suspicious user is presented with a CAPTCHA and must submit it successfully to proceed to the next page. If the user does not successfully complete the CAPTCHA, the WAF blocks the request before it reaches the Commerce Cloud.
  • If the selected action is “block”—the suspicious user is immediately blocked.

Merchants can manage eCDN WAF in the Business Manager interface. They can configure WAF and access logs, and define how tightly their security settings should be enforced by setting the WAF to low, medium, or high security. WAF configuration is individual to each merchant site and depends on the type of traffic a website receives, and the level risk tolerance for the merchant’s business operations

A lower setting might be appropriate if a brand uses bots, or accepts the use of certain types of bots, which might trigger the WAF too frequently.

eCDN WAF Modes of Operation

When responding to potential web application threats, eCDN WAF inspects each incoming request, assigns a threat score, and responds appropriately. The WAF uses OWASP definitions to detect common web application attacks. Each incoming request that triggers an OWASP rule increases the overall threat score.

WAF uses three modes of operation to respond to detected OWASP threats:

  • Simulate—logs events without blocking or requiring web requests. This option allows administrators to see the impact of the WAF in challenge or block mode and decide which mode of operation is best for their online store.
  • Challenge—when challenge mode is enabled, suspected malicious users must fill in a CAPTCHA before accessing the store. Challenge mode is useful when there is a risk the WAF might accidentally target legitimate shoppers. Challenge mode allows a legitimate user to enter CAPTCHA information and continue their shopping experience.
  • Block—if an incoming web request is suspicious, a blocked page is displayed and the web request is prevented from reaching the server. The block option is the most effective against threat actors. However, this option is also the most restrictive. If the WAF incorrectly identifies a real shopper as malicious, the shopper is blocked and cannot enter the store.

Working with Simulation Mode

If you are new to WAF, SalesForce recommends running WAF in simulation mode for at least one week. Simulation mode captures and records information about site traffic.

You can review the generated logs to make data-driven decisions about firewall requirements and decide how to best configure the WAF. When reviewing logs, consider the following:

  • Which rules are triggered and how often are they executed?
  • Which region triggered the rule, and do you sell to or ship to this country?
  • Which IP addresses are associated with suspicious requests identified by WAF rules? Doing an IP lookup of a suspected malicious IP address can reveal more information.

After rtunning the WAF in simulation mode, you can decide whether to increase the sensitivity level of the WAF (if you see real threat actors are identified as malicious). Alternatively, you can reduce the sensitivity of the WAF (if you see there are real shoppers wrongly identified as malicious).

Modify eCDN WAF Settings

To change eCDN WAF settings:

  1. Choose Administration > Sites > Embedded CDN Settings.
  2. Choose a zone.
  3. On the WAF tab, select Enabled to turn on the WAF for the zone, or deselect it to disable WAF for this zone.
  4. From the Action dropdown list, select the action to take when an anomalous request is discovered—Simulate, Challenge, or Block.
  5. From the Sensitivity drop down, select a sensitivity level—high, medium, or low.

To obtain log data for analysis:

Select one or more dates and times and click Request Log. An email with a link is sent to your Business Manager email account when the log file is available for download. Download the logs to analyze your traffic and adjust WAF sensitivity accordingly.

Conclusion

In conclusion, configuring the Salesforce firewall is an important step in ensuring the security and integrity of your Salesforce account. By following the steps outlined in this quick guide, you can effectively set up and manage your firewall to protect your account from external threats and unauthorized access. It is also important to regularly review and update your firewall configuration to ensure it remains effective in protecting your account and data. By taking the time to properly set up and maintain your Salesforce firewall, you can ensure the security and success of your business.

Is SalesForce Quip Secure? What You Need to Know

By

On September 25, 2022

In Post

Today’s guest post is delivered by Gilad David Maayan, a technology writer who has worked with over 150 technology companies including SAP, Samsung NEXT, NetApp and Imperva, producing technical and thought leadership content that elucidates technical solutions for developers and IT leadership.

What Is SalesForce Quip? 

Quip is a solution that facilitates team collaboration. It combines spreadsheet and document creation and editing capabilities with comment and chat functions, allowing teams to communicate directly about projects and tasks as they work.

Quip allows you to collaboratively create and edit spreadsheets, documents, and lists in real time using a smart inbox interface. The inbox can filter and flag documents for faster searches. It saves all document revisions to let users track changes and annotate documents and spreadsheets. You can mark completed tasks on a checklist to notify all team members when a task is finished. 

Users can chat directly within the document instead of sending and receiving emails. You can message and comment on any content using the built-in one-to-one feature. You can also use @mentions to guide team members to specific spreadsheet cells or insert items into documents, including images or code. The team can leverage user-managed notifications to keep up-to-date with mentions and messages.

Quip can work on native Android and iOS applications across mobile and desktop devices. Its offline capabilities allow users to work on documents when an Internet connection is unavailable, updating the changes whenever a connection appears.

SalesForce acquired Quip in July 2016 for a total price of approximately $750 million.

Benefits of SalesForce Quip Integration

The main advantage of integrating SalesForce Quip is exporting real-time data from SalesForce to Quip. You can open SalesForce reports in a Quip spreadsheet with a single click. The data is always live, and Quip immediately reflects all changes. 

You can also quickly export a Quip document to an Excel, Word, CSV, or PDF format. Users can invite each other by sending a link to the document—they can continue editing the document after sharing using the browser or a dedicated app.

Quip improves interaction and collaboration between team members, helping them make well-informed decisions. It lets you better understand your data and receive real-time, actionable information. The regularly updated data helps you make the right decisions for your business.

Another benefit of this tool is the tracking feature for historical data—it allows you to view changes made over a specific period. If necessary, you can undo changes to keep the app’s functionality.

Is SalesForce Quip Secure?

Quip is SalesForce’s cloud document platform, obligating it to maintain a high degree of security. Security of document management tools like Quip is critical to ensure endpoint security for your employee’s corporate and personal devices. Below are some of the security capabilities Quip offers your organization.

Audits, Certifications and Compliance 

Quip has the following auditing and regulatory certifications: 

  • SOC 2 (Type 2 Certification)
  • EU-US Privacy Shield Framework
  • Swiss-US Privacy Shield Framework

All customer data stored in Quip falls under the annual certification to the EU-US and Swiss-US privacy shield frameworks awarded to SalesForce. The US DoC administered these frameworks, requiring independent SOC 2 audits of the SalesForce IT security environment, which extends to Quip. 

The SalesForce executive for your organization’s account can provide the latest Service Organization Control 2 report. Quip is also GDPR-compliant, with its systems undergoing annual security audits by a leading, independent auditor.

Penetration Testing and Bug Bounties

Achieving robust application security requires testing by security professionals. Quip contracts with an external organization to conduct annual penetration tests on Quip services. The management team reviews the results and tracks the findings to resolution. Penetration tests are performed in a controlled environment without exposing customer data.

Apart from penetration testing, Quip offers a bug bounty to encourage developers to discover and disclose vulnerabilities to the company. It continuously triages submissions and tracks them to find resolutions.

Access Authentication

Quip restricts access to your production infrastructure based on the job function of authorized persons. Only a limited number of system admins and managers have privileged access to the system. 

Quip authenticates users to production according to modern security best practices that use Secure Shell (SSH) keys and require two-factor authentication (2FA). It restricts access to the public cloud management console to authorized users who need access to perform their job duties, also using 2FA.

Encryption

Quip encrypts all customer data stored in its services at rest and in transit. It uses Transport Layer Security (TLS) to encrypt data and protect its integrity and security during transmission between Quip services and the user’s browser. It securely stores and manages encryption keys in a cloud-based infrastructure. 

Identity and Access Management (IAM) roles can control access and support audits. Quip never stores encryption keys in the source code, and it rotates the keys according to industry standards. You can use the Enterprise Key Management feature for additional visibility and control—it lets you create and manage encryption keys for your Quip data in the AWS cloud. 

Incident Management

The management team provides documentation of all incident management procedures and policies to ensure the following:

  • Contributors identify potential security incidents and report them to the relevant team members for resolution.
  • Employees adhere to the defined protocols to resolve security incidents.
  • Quip documents all procedures for making changes and notifying external and internal users.
  • Quip triages and tracks incidents to enable their resolution on time.

Service Monitoring

The Quip infrastructure monitors the performance and availability of its services and notifies the engineering team if a service diverges from performance, reliability, or availability thresholds. On-call engineers can quickly address these issues. 

Quip’s service monitoring also covers security issues and uses the production access logs to identify anomalous activity. When Quip identifies anomalous behavior, it tracks the issue until it finds a solution. It logs all logins to each production system for monthly reviews—security staff investigates, records, and remediates suspicious and unexpected login attempts. 

Quip’s intrusion detection system (IDS) helps detect and record unusual behavior. Quip continuously monitors the system’s capacity for strategic, long-term planning.

Conclusion

In this article, I explained the basics of SalesForce Quip and covered the security measures put in place by SalesForce to protect your data:

  • Certifications and compliance – Quip complies with SOC 2 (Type 2), EU-US Privacy Shield Framework, and Swiss-US Privacy Shield Framework.
  • Access authentication – Quip supports SSH and 2-factor authentication.
  • Penetration testing – Quip performs annual penetration testing and has a bug bounty program to discover security weaknesses.
  • Encryption – Quip encrypts all data at rest and in transit and uses TLS for all communications.
  • Incident management – Quip has well documented incident management procedures, as required by compliance standards.
  • Service monitoring – Quip infrastructure is continuously monitored and anomalous events are immediately investigated.

I hope this will help you make an informed decision when adopting Quip for a security-conscious enterprise.

Salesforce Data Management 101: Know Your Storage

By

On May 15, 2020

In Post

Today’s guest post is delivered by Gilad David Maayan, a technology writer who has worked with over 150 technology companies including SAP, Samsung NEXT, NetApp and Imperva, producing technical and thought leadership content that elucidates technical solutions for developers and IT leadership.

When developing an app, you need to know how data is stored, structured, and organized. This information is crucial when building, maintaining, and updating your software. It can also help you understand what are the capabilities of this build, how far you can take it, and when it will need to be scaled up. 

In Salesforce, you can use two types of storage for data and for files, but there are five methods designed for specific use cases — files, CRM, documents, attachments, and knowledge. In this article, you will learn how storage works in Salesforce, including tips to help you avoid hitting your storage limits.

How Data is Stored in Salesforce

When working with Salesforce, there are several reliable and efficient ways to store your data. This includes media files, customer profiles, documents, and presentations. This storage is broken down into two types — data and file. 

Data storage includes many fields, such as accounts, cases, custom objects, events, opportunities, and notes. This data is automatically stored within the Salesforce database and you do not have individual control over where specific items go. 

File storage includes attachment files, customer content, media, Chatter files, documents, and custom files in Knowledge articles. This content you can individually control depending on how it is created and attached. Below are the five methods you can use for file storage.

Files

Salesforce Files is a storage location you can use to store any type of file. Salesforce has positioned it to replace most of the following methods as it offers more features and functionality. Files enables you to follow specific files, generate links, share files with users or groups, and collaborate on files. In Files, each file can be up to 2GB. 

Customer relationship management (CRM) content

Salesforce CRM content is where you can store files that you want to publish and share with coworkers and customers. For example, presentations or content packs. This can include marketing files, document templates, media, or support files. This storage type supports files up to 2GB although this drops to 10MB depending on how you upload data. 

Documents

Documents storage enables you to store a variety of web resources, including logos, email templates, and Visualforce materials. When files are stored here, you do not have to attach data to specific records. In Documents, files can be up to 5MB.

One thing to keep in mind — if you are using an older version of Salesforce Documents storage is still available. However, if you are using Lightning Experience, this functionality has been replaced by Files. When you update your Salesforce, you need to convert your Documents to Files before you can access your data. 

Attachments

Attachments is a storage area you can use for files that you want to attach to specific records. For example, marketing campaigns, cases, or contact information. The downside of Attachments is that you can’t share files with links and do not have access to version control. In Attachments, files can be up to 25MB and feeds can be up to 2GB.

Knowledge

Knowledge is a storage area you can use to create and store knowledge base articles. These files can be searched by internal users and shared with customers through your portals or Lightning Platform Sites. In Knowledge, each article can be up to 5MB.

How to Avoid Hitting Your Storage Limits in Salesforce

Regardless of how you store and manage your files in Salesforce, you need to be aware of what your storage limits are and how to make the most of those limits. You should also be aware of what alternative options you have to expand your storage. 

Storing data outside of Salesforce

Sometimes, the most practical option is to store some of your data outside of Salesforce. One reason for this is your storage limits. In Salesforce you are allowed:

  • Data storage—10GB of base storage plus 20MB of storage per user. If you are using Performance or Unlimited versions, user storage is 120MB per. However, the Developer, Personal, or Essentials versions follow different rules with no user data and 5MB, 20MB, and 10GB respectively.
  • FIle storage—for most plans you get 10GB per organization and from 612MB to 2GB per user. For the Developer and Personal plan you get 20MB, and for Essentials you get 1GB. No user data is provided for these plans.

Even if your data is still within storage limits, keeping redundant or unnecessary data in Salesforce can cause issues, including:

  • Degraded performance
  • Inaccurate reporting
  • Inefficient searches

To avoid these issues and ensure that your limits are not exceeded, you might consider adopting a cloud storage service. These services can provide scalable, cheap storage that you can connect with API or third-party extensions to your Salesforce system. 

For example, Azure File Storage by NetApp can provide a standard file system format that you can use from anywhere, including hybrid systems. Or, AWS S3 services can be connected for unstructured storage and any type of data. 

Cleaning up unwanted data

Maybe you do not want to store data outside of Salesforce or you have already moved data but still want to improve storage efficiency. In these cases, you can focus on cleaning your data. You can do this either manually or automatically depending on the type of data you’re trying to eliminate. 

For manual clean-up, Salesforce provides a native deletion wizard. You can use this wizard to eliminate old accounts, contacts, activities, leads, or cases. To identify data that is safe to remove you can run a report to see when data was last used and eliminate things before a certain date. Or, you can individually delete data as users inform you it’s no longer accurate.

Another option is to use extract, transform, load (ETL) tools to pull your data, process it (removing unnecessary data), and load the remaining data back in. This option enables you to script clean-up based on whatever parameters you’d like. However, it can be a lengthy process and requires the help of external tools, such as Salesforce Data Loader or Informatica.

Archiving data

During your data downsizing, you will probably find data that you no longer need in your system but that you don’t want to delete. For example old client files that you need to keep for compliance, historical customer reports, or knowledge base articles for legacy products or services. 

If you have data like this that you want ‘just in case’, archiving is your best option. Archiving enables you to export data from your system, compress it for efficiency, and store it wherever you prefer. 

Often, the previously mentioned cloud services are a good option for this. Many services have cold storage tiers available that are much cheaper than on-premise storage. These services enable you to store large volumes of data that you rarely need to access and can eliminate worries about data corruption or loss due to hardware failure

Conclusion

Salesforce comes with a specific data management build that you need to comply with. The two basic data types are data and files, and these are sorted further into five organizational types — files, CRM, documents, attachments, and knowledge. However, you do not have to use all of these. Recent Salesforce change enables you to store most of these elements as files. 

Whichever structure you choose, be sure to continually monitor and optimize your storage. Adding monitoring on a regular basis can help you optimize both performance and billing. To avoid hitting your storage limit, you can store data outside of Salesforce, clean up unwanted data, and archive cold data. 

How to Secure Salesforce Workloads: Tips and Best Practices

By

On March 28, 2020

In Post

Today’s guest post is delivered by Gilad David Maayan, a technology writer who has worked with over 150 technology companies including SAP, Samsung NEXT, NetApp and Imperva, producing technical and thought leadership content that elucidates technical solutions for developers and IT leadership.

Salesforce provides security controls for your data, categorized according to organization, object, field, and record level. To properly secure your Salesforce workloads, you must first understand the Salesforce data security model, as explained in this article. You will also learn tips and best practices for data sharing, auditing, session configuration, and encryption.

Salesforce Data Security Model

Within Salesforce, you have full control over what information users can access. This extends to articles, records, and individual fields. Each security concern is categorized into a level, which enables you to control certain aspects of security.

Organization Level Security

Organization level security settings enable you to determine who has access to your Salesforce system, including from where and when.

At the organizational level, you can define:

  • IP restrictions—determines what IP addresses users can access data from.
  • Login access—determines timeframes when users can access data.
  • Password policies—determines the life cycle of passwords, required complexity levels, and reusability. 

Object Level Security

Object level security settings enable you to guide how objects are handled, including creation, access, and modification.

At the object level, you can define:

  • Profiles—determines who is allowed to do what with objects. This is based on individual users with individual create, read, edit, delete (CRED) settings. 
  • Permission sets—enables you to extend permissions granted to user profiles in a standardized way.

Field Level Security

Field level security settings enable you to restrict specific fields according to user profile. For example, you can determine who can see an employee’s compensation information. For those without permission, this information is hidden from view or access.

Record Level Security

Record level security settings enable you to determine how and by whom records are accessed or shared. 

At the record level, you can define:

  • Organization-wide sharing defaults—determines how freely records can be accessed if profile permissions are not defined. 
  • Role hierarchy—enables you to grant tiered permissions. This grants higher level users, such as supervisors, access to all data of the users below them. 
  • Sharing rules—determine how you can share information and who with. You can use these rules to define lateral sharing or to allow access outside your organization.
  • Manual sharing—enables you to grant record limited sharing permissions. For example, if only one specific user needs access to a record. 

Salesforce Security Best Practices

When configuring or auditing your data security settings, there are several best practices you should apply. These practices can help you increase the overall security of your data and ensure that customer and employee privacy is protected.

Data Sharing

Data sharing policies often aren’t used exclusively for security purposes but these policies can significantly impact security.

For example, you should carefully choose between hierarchical sharing and use of Public Groups. Keep in mind that hierarchical sharing provides a higher tier user access to all data of those below them. In contrast, Public Groups enable you to define sharing rules regardless of where users fall in a larger hierarchy. 

You should also take care with how you allow owner sharing. When records are shared manually by owners you have limited ability to track who has access. You can use the Developer Console to manually identify which records are shared but this is not practical on a larger scale. Additionally, when records swap owners, this information is lost. The lack of visibility this creates can be a liability if owners are sharing sensitive information without approval. 

Audit Regularly and Watch for Vulnerabilities

As with any system, you should make sure to regularly audit your configurations and settings. Audits can help you identify configurations that have been changed manually or automatically due to updates. It helps you identify users or roles that are no longer valid and that should be removed. Auditing can also help you identify inefficiencies in your current roles and groups and point to how these aspects can be streamlined or refined. 

It is also a good idea to regularly check for Salesforce security vulnerabilities in a vulnerability database, and take action if necessary. There is also a standard SalesForce procedure that allows you to perform a full security assessment and penetration test of the SalesForce platform to ensure it meets your security requirements.

Session Settings

Session settings provide you control over individual user sessions, including verification and timeout settings. Verification settings enable you to specify whether or not multi-factor authentication is needed. This is activated via the “Raise session to high assurance” setting. This feature is available for a variety of data and services, including reports, dashboards, and connected applications. 

Timeout settings enable you to define for how long a session is authenticated and for how long inactive sessions should persist. When setting this, you need to find a balance between convenience and security. You don’t want your users to have to log-in every thirty minutes but you also don’t want sessions active for hours after a user is done with the system for the day. 

Shield Platform Encryption

Shield Platform Encryption is a natively integrated service that enables you to encrypt your data in-transit or at-rest. You can use it to extend the built-in encryption that comes with Salesforce by default. 

With Shield Platform you can encrypt a range of data, including:

  • Fields—includes a range of standard and custom fields
  • Files—includes attachments, notes, PDFs, and images
  • Data elements—includes analytics, search indexes, Chatter feeds, and Change Data Capture information

Shield Platform Encryption works via keys managed either by you or Salesforce. If you use Salesforce managed keys, you can create keys based on a master secret and organization-defined key material. If you wish to manage your own keys, you can use the Cache-Only Key Service to fetch the key as needed. 

Apply the Principle of Least Privilege

When creating permissions, access controls, and roles, be sure to enforce the principle of least privilege. This principle specifies that only the minimum functional amount of access is provided. These limitations help reduce the damage that users can accidentally or purposely create. It also limits any access provided by compromised credentials. 

Conclusion

Salesforce provides you with the majority of the features and tooling needed for basic security. The organization level enables you to configure access control, object level is for profiles and permissions, field level restricts access to fields, and record level enables you to create a record access hierarchy. 

Once you configure your security settings, you should set up sharing procedures, audit regularly, configure and monitor session restrictions, encrypt data, and apply the principle of least privileges. 

Salesforce Commerce Cloud: Latest Features and Updates

By

On January 20, 2020

In Post

Today’s guest post is delivered by Gilad David Maayan, a technology writer who has worked with over 150 technology companies including SAP, Samsung NEXT, NetApp and Imperva, producing technical and thought leadership content that elucidates technical solutions for developers and IT leadership.

The consumers of 2020 want to access and purchase products and services anytime and anywhere. They are always connected and engage with e-commerce brands through chatbots, social media, and marketing emails. 

Consumers often expect to instantly find and buy the product they are looking for. This is why e-retailers want to create a smart, and easy shopping experience in every media channel. You can achieve these goals through the use of Salesforce Commerce Cloud.

Salesforce recently announced some new features in its Commerce Cloud platform. New features include artificial intelligence, inventory availability and more. Read on to explore some of these new features. 

What Is Salesforce Commerce Cloud?

Salesforce Commerce Cloud (SFCC) is a cloud-based e-commerce platform that lets you manage products, promotions, content, and pricing. From the operational point of view, the platform offers different functionalities over multiple channels like mobile, web, social, and store. SFCC integrates with your order fulfillment channel and with your back-office tools. 

Salesforce Commerce Cloud key features include:

  • Omni-Channel platform—SFCC integrates your physical store with your online store to improve customer experience and grow your business.
  • SaaS solution—SFCC is a SaaS solution that enables real-time access to information about your online and offline operations. 
  • Flexibility—SFCC enables customers to return products anywhere they want. In addition, shoppers can save time by paying online and picking up the product from the store.
  • E-commerce website management—SFCC provides a Content Management System (CMS), and Operations Management System (OMS). The e-commerce store does not require programming experts to work on the backend. SFCC provides a wide audience reach with compatibility to all popular operating systems like Windows, Android, and iOS.
  • Personalization—SFCC offers a personalized shopping experience by analyzing customer behavior. As a result, store owners can promote unique content that is appealing to specific users.
  • Seamless upgrades—Salesforce constantly rolls out many new features and updates. Updates are available in the administration panel and the installation does not require any technical intervention.
  • Internationalization—SFCC enables users to manage multiple stores from a single back-end. As a result, store owners can integrate things like multi-language and multi-currency. 

Newest Salesforce Commerce Cloud Features

Top-shelf shopping experiences are critical in the competitive e-commerce landscape. One way of doing so is through Artificial Intelligence (AI). That is why Salesforce recently integrated AI-powered features into the Salesforce Commerce Cloud. Below is a quick review of the newest Salesforce Commerce Cloud features and how they can transform e-commerce brands.

1) Einstein AI-Based Visual Search

The term visual search refers to a product search, which is run with a photo instead of text and keywords. Recent reports reveal that 62% of millennials prefer visual search over any other search technology. In addition, brands that offer voice and visual search will increase their revenue by 30% in 2021. The visual search market is estimated to reach $28.4 billion by 2027.

To address increasing customer expectations, Salesforce announced the Einstein Visual Search. Einstein is an AI-based feature that enables users to search, shop, and discover promotions through photos. Shoppers upload an image from their mobile device and the Einstein Visual Search automatically finds a visually similar product. 

An AI algorithm improves the search capability of Einstein when various users upload different images. SFCC enables image optimization and uploads from smartphones through services like Cloudinary. Retailers can extend the feature to include uploads from laptops or desktops.

2) Einstein Recommendation Engine

Recommendation engines enable retailers to offer the right product to the right customer at the right time. The result is an increased conversion rate and Customer Lifetime Value (CLV). Experts indicate that up to 31% of e-commerce store revenue comes from product offer personalization. Another report indicates that 35% of Amazon’s revenue comes from its recommendation engine. 

Formerly, the Einstein recommendation engine was only available in the SFCC storefront. The new update enables retailers to integrate Einstein recommendations beyond their e-commerce site through an API. Merchants can now personalize user experience on mobile apps and across customer service and marketing channels.

3) Inventory Availability Service

This new feature enables e-commerce sores to activate a fulfillment center and in-store inventory across multiple digital channels in real-time. As a result, retailers can use programs like buy online, browse by store or, pick-up in store.  The new feature also supports spike periods with high-volume requests like holidays.

4) Developer Sandboxes

Developer sandboxes isolate development work from your production environment until you are ready to deploy changes. Sandboxes provide a training environment for developers and enable them to test changes against users and versions of production data. You can set up a sandbox in minutes and deliver innovation to the e-commerce website faster. 

5) Commerce API Explorer

The new Commerce API Explorer allows developers to search across an API library and test different functions and calls. This new one-stop-shop for all Commerce APIs in a single portal and easy-to-use user interface allows developers to design and test new experiences more efficiently.

6) Salesforce Commerce Cloud Pricing Model

SFCC has recently changed its pricing model to a range that enables smaller merchants to use the platform. The new pricing is based on a Gross Merchandise Volume (GMV) model and offers three core options—Starter, Growth and Unlimited. GVM is the total gross revenue of an e-commerce store in a given period.

The Starter option is for single store retailers and stores with up to two price books. The pricing starts at 1% of GMV. The Growth option is for retailers with up to five stores and up to 10 price books. The pricing is set to 2% of GMV. The Unlimited option is for merchants with larger demands. 

The new pricing is more appealing because there are no significant ‘upfront’ license costs. However, this approach may not appeal to a niche business model or non-standard audiences. SFCC features are mainly focused on what the majority of B2C retailers find compelling.

Conclusion

Digital commerce is no longer just a shopping cart. In fact, 21.8% of the world’s population shops online, which makes online shopping responsible for 11.9% of all retail revenue worldwide. For this reason, retailers can leverage Salesforce Commerce Cloud to deliver enhanced shopping experience through AI-powered commerce services, APIs and a robust partner ecosystem. Some of the most well-known brands use Commerce Cloud, including Under Armour, Fila, GoPro and more.

For more info about the Commerce Cloud product click here.


Page 1 of 2

Next

Powered by WordPress & Theme by Anders Norén