Is my data private and secure with Salesforce

Posted On by Selvina Poric

Polls and industry analysts consistently cite security and privacy concerns as the most significant barriers to the mainstream adoption of cloud computing, especially among enterprise customers. In this blog, we highlight security features provided by Salesforce to ensure that your data is safe, secure, and available only to registered users within your organisation.

Salesforce utilises some of the most advanced technology for Internet security available today. When you access our site using a supported web browser, Secure Socket Layer (SSL) technology protects your information using both server authentication and data encryption. When you log in, you will see a small lock icon at the bottom of your browser display, indicating that a secure connection has been established to our server.

Salesforce provides each user in your organisation with a unique username and password that must be entered each time a user logs in. Salesforce issues a session “cookie” only to record encrypted authentication information for the duration of a specific session. The session “cookie” does not include either the username or password of the user. Salesforce does not use “cookies” to store other confidential user and session information, but instead implements more advanced security methods based on dynamic data and encoded session IDs.

In addition, Salesforce is hosted in a secure server environment that uses a firewall and other advanced technology to prevent interference or access from outside intruders. All customer data is backed up on tape on a nightly basis, up to the last committed transaction. Salesforce further enhances your reliability measures by storing all customer data on mirrored disks that are mirrored across different storage cabinets and controllers. If you are still interested in having a backup copy in your own hands, we can send you zip files of all your data. This would be in a .csv formatted file.

What can I do to detect potential abuse?


To verify that your system is actually secure, you should perform audits to monitor for unexpected changes or usage trends.

★ Record Modification Fields: All objects include fields to store the name of the user who created the record and who last modified the record. This provides some basic auditing information.

★ Login History: You can review a list of successful and failed login attempts to your organisation for the past six months.

★ Field History Tracking: You can also enable auditing for individual fields, which will automatically track any changes in the values of selected fields. Although auditing is available for all custom objects, only some standard objects allow field-level auditing.

★ Setup Audit Trail: Administrators can also view a Setup Audit Trail, which logs when modifications are made to your organisation’s configuration.

Security Health Checks

As an admin, you can use Health Check to identify and fix security vulnerabilities in your security settings, all from a single page. A summary score shows how your org measures against the Salesforce-recommended baseline.

From Setup, enter Health Check in the Quick Find box, then select Health Check.

The Salesforce Baseline standard (1) consists of recommended values for settings in the Certificate and Key Management, Online Pharmacy, Login Access Policies, Network Access, Password Policies, Remote Site Settings, Online Pharmacy, and Session Settings groups (2). If you change settings to be less restrictive than what’s in the Salesforce Baseline standard, your health check score can decrease.

Your high- and medium-risk settings are shown with information about how they compare against the standard value (3). To remediate a risk, edit the setting (4) or use Fix Risks (5) to quickly change settings to the Salesforce-recommended values without leaving the Health Check page. Your settings that meet the standard are listed at the bottom.

Salesforce Security Health Check