Today’s guest post is delivered by Gilad David Maayan, a technology writer who has worked with over 150 technology companies including SAP, Samsung NEXT, NetApp and Imperva, producing technical and thought leadership content that elucidates technical solutions for developers and IT leadership.
What Is SalesForce Quip?
Quip is a solution that facilitates team collaboration. It combines spreadsheet and document creation and editing capabilities with comment and chat functions, allowing teams to communicate directly about projects and tasks as they work.
Quip allows you to collaboratively create and edit spreadsheets, documents, and lists in real time using a smart inbox interface. The inbox can filter and flag documents for faster searches. It saves all document revisions to let users track changes and annotate documents and spreadsheets. You can mark completed tasks on a checklist to notify all team members when a task is finished.
Users can chat directly within the document instead of sending and receiving emails. You can message and comment on any content using the built-in one-to-one feature. You can also use @mentions to guide team members to specific spreadsheet cells or insert items into documents, including images or code. The team can leverage user-managed notifications to keep up-to-date with mentions and messages.
Quip can work on native Android and iOS applications across mobile and desktop devices. Its offline capabilities allow users to work on documents when an Internet connection is unavailable, updating the changes whenever a connection appears.
SalesForce acquired Quip in July 2016 for a total price of approximately $750 million.
Benefits of SalesForce Quip Integration
The main advantage of integrating SalesForce Quip is exporting real-time data from SalesForce to Quip. You can open SalesForce reports in a Quip spreadsheet with a single click. The data is always live, and Quip immediately reflects all changes.
You can also quickly export a Quip document to an Excel, Word, CSV, or PDF format. Users can invite each other by sending a link to the document—they can continue editing the document after sharing using the browser or a dedicated app.
Quip improves interaction and collaboration between team members, helping them make well-informed decisions. It lets you better understand your data and receive real-time, actionable information. The regularly updated data helps you make the right decisions for your business.
Another benefit of this tool is the tracking feature for historical data—it allows you to view changes made over a specific period. If necessary, you can undo changes to keep the app’s functionality.
Is SalesForce Quip Secure?
Quip is SalesForce’s cloud document platform, obligating it to maintain a high degree of security. Security of document management tools like Quip is critical to ensure endpoint security for your employee’s corporate and personal devices. Below are some of the security capabilities Quip offers your organization.
Audits, Certifications and Compliance
Quip has the following auditing and regulatory certifications:
- SOC 2 (Type 2 Certification)
- EU-US Privacy Shield Framework
- Swiss-US Privacy Shield Framework
All customer data stored in Quip falls under the annual certification to the EU-US and Swiss-US privacy shield frameworks awarded to SalesForce. The US DoC administered these frameworks, requiring independent SOC 2 audits of the SalesForce IT security environment, which extends to Quip.
The SalesForce executive for your organization’s account can provide the latest Service Organization Control 2 report. Quip is also GDPR-compliant, with its systems undergoing annual security audits by a leading, independent auditor.
Penetration Testing and Bug Bounties
Achieving robust application security requires testing by security professionals. Quip contracts with an external organization to conduct annual penetration tests on Quip services. The management team reviews the results and tracks the findings to resolution. Penetration tests are performed in a controlled environment without exposing customer data.
Apart from penetration testing, Quip offers a bug bounty to encourage developers to discover and disclose vulnerabilities to the company. It continuously triages submissions and tracks them to find resolutions.
Access Authentication
Quip restricts access to your production infrastructure based on the job function of authorized persons. Only a limited number of system admins and managers have privileged access to the system.
Quip authenticates users to production according to modern security best practices that use Secure Shell (SSH) keys and require two-factor authentication (2FA). It restricts access to the public cloud management console to authorized users who need access to perform their job duties, also using 2FA.
Encryption
Quip encrypts all customer data stored in its services at rest and in transit. It uses Transport Layer Security (TLS) to encrypt data and protect its integrity and security during transmission between Quip services and the user’s browser. It securely stores and manages encryption keys in a cloud-based infrastructure.
Identity and Access Management (IAM) roles can control access and support audits. Quip never stores encryption keys in the source code, and it rotates the keys according to industry standards. You can use the Enterprise Key Management feature for additional visibility and control—it lets you create and manage encryption keys for your Quip data in the AWS cloud.
Incident Management
The management team provides documentation of all incident management procedures and policies to ensure the following:
- Contributors identify potential security incidents and report them to the relevant team members for resolution.
- Employees adhere to the defined protocols to resolve security incidents.
- Quip documents all procedures for making changes and notifying external and internal users.
- Quip triages and tracks incidents to enable their resolution on time.
Service Monitoring
The Quip infrastructure monitors the performance and availability of its services and notifies the engineering team if a service diverges from performance, reliability, or availability thresholds. On-call engineers can quickly address these issues.
Quip’s service monitoring also covers security issues and uses the production access logs to identify anomalous activity. When Quip identifies anomalous behavior, it tracks the issue until it finds a solution. It logs all logins to each production system for monthly reviews—security staff investigates, records, and remediates suspicious and unexpected login attempts.
Quip’s intrusion detection system (IDS) helps detect and record unusual behavior. Quip continuously monitors the system’s capacity for strategic, long-term planning.
Conclusion
In this article, I explained the basics of SalesForce Quip and covered the security measures put in place by SalesForce to protect your data:
- Certifications and compliance – Quip complies with SOC 2 (Type 2), EU-US Privacy Shield Framework, and Swiss-US Privacy Shield Framework.
- Access authentication – Quip supports SSH and 2-factor authentication.
- Penetration testing – Quip performs annual penetration testing and has a bug bounty program to discover security weaknesses.
- Encryption – Quip encrypts all data at rest and in transit and uses TLS for all communications.
- Incident management – Quip has well documented incident management procedures, as required by compliance standards.
- Service monitoring – Quip infrastructure is continuously monitored and anomalous events are immediately investigated.
I hope this will help you make an informed decision when adopting Quip for a security-conscious enterprise.
