Diese Präsentation wurde erfolgreich gemeldet.
Die SlideShare-Präsentation wird heruntergeladen. ×

Essential Habits for Salesforce Admins: Security

Anzeige
Anzeige
Anzeige
Anzeige
Anzeige
Anzeige
Anzeige
Anzeige
Anzeige
Anzeige
Anzeige
Anzeige
Wird geladen in …3
×

Hier ansehen

1 von 42 Anzeige

Essential Habits for Salesforce Admins: Security

Herunterladen, um offline zu lesen

As a Salesforce Admin, you have four core responsibilities that you need to master to succeed and grow your career. In this session, we'll dive into the core responsibility of Security and the habits you need to build to successfully master it: review roles, profiles, and permissions sets; run Health Check; align with IT, and review login history. You'll learn how to develop each habit, with expert advice and key actionable takeaways for you to implement right away.

Learn about the Essential Habits for Salesforce Admins series here: https://admin.salesforce.com/blog/2020/essential-habits-for-salesforce-admins-just-got-bigger-and-better

As a Salesforce Admin, you have four core responsibilities that you need to master to succeed and grow your career. In this session, we'll dive into the core responsibility of Security and the habits you need to build to successfully master it: review roles, profiles, and permissions sets; run Health Check; align with IT, and review login history. You'll learn how to develop each habit, with expert advice and key actionable takeaways for you to implement right away.

Learn about the Essential Habits for Salesforce Admins series here: https://admin.salesforce.com/blog/2020/essential-habits-for-salesforce-admins-just-got-bigger-and-better

Anzeige
Anzeige

Weitere Verwandte Inhalte

Diashows für Sie (20)

Ähnlich wie Essential Habits for Salesforce Admins: Security (20)

Anzeige

Aktuellste (20)

Anzeige

Essential Habits for Salesforce Admins: Security

  1. 1. Essential Habits for Salesforce Admins: Security Marc Baizman, Sr. Admin Evangelist mbaizman@salesforce.com @mbaizman
  2. 2. Forward-Looking Statement Statement under the Private Securities Litigation Reform Act of 1995: This presentation contains forward-looking statements about the company’s financial and operating results, which may include expected GAAP and non-GAAP financial and other operating and non-operating results, including revenue, net income, diluted earnings per share, operating cash flow growth, operating margin improvement, expected revenue growth, expected current remaining performance obligation growth, expected tax rates, the one-time accounting non-cash charge that was incurred in connection with the Salesforce.org combination; stock-based compensation expenses, amortization of purchased intangibles, shares outstanding, market growth and sustainability goals. The achievement or success of the matters covered by such forward-looking statements involves risks, uncertainties and assumptions. If any such risks or uncertainties materialize or if any of the assumptions prove incorrect, the company’s results could differ materially from the results expressed or implied by the forward-looking statements we make. The risks and uncertainties referred to above include -- but are not limited to -- risks associated with the effect of general economic and market conditions; the impact of geopolitical events; the impact of foreign currency exchange rate and interest rate fluctuations on our results; our business strategy and our plan to build our business, including our strategy to be the leading provider of enterprise cloud computing applications and platforms; the pace of change and innovation in enterprise cloud computing services; the seasonal nature of our sales cycles; the competitive nature of the market in which we participate; our international expansion strategy; the demands on our personnel and infrastructure resulting from significant growth in our customer base and operations, including as a result of acquisitions; our service performance and security, including the resources and costs required to avoid unanticipated downtime and prevent, detect and remediate potential security breaches; the expenses associated with new data centers and third-party infrastructure providers; additional data center capacity; real estate and office facilities space; our operating results and cash flows; new services and product features, including any efforts to expand our services beyond the CRM market; our strategy of acquiring or making investments in complementary businesses, joint ventures, services, technologies and intellectual property rights; the performance and fair value of our investments in complementary businesses through our strategic investment portfolio; our ability to realize the benefits from strategic partnerships, joint ventures and investments; the impact of future gains or losses from our strategic investment portfolio, including gains or losses from overall market conditions that may affect the publicly traded companies within the company's strategic investment portfolio; our ability to execute our business plans; our ability to successfully integrate acquired businesses and technologies, including delays related to the integration of Tableau due to regulatory review by the United Kingdom Competition and Markets Authority; our ability to continue to grow unearned revenue and remaining performance obligation; our ability to protect our intellectual property rights; our ability to develop our brands; our reliance on third-party hardware, software and platform providers; our dependency on the development and maintenance of the infrastructure of the Internet; the effect of evolving domestic and foreign government regulations, including those related to the provision of services on the Internet, those related to accessing the Internet, and those addressing data privacy, cross-border data transfers and import and export controls; the valuation of our deferred tax assets and the release of related valuation allowances; the potential availability of additional tax assets in the future; the impact of new accounting pronouncements and tax laws; uncertainties affecting our ability to estimate our tax rate; the impact of expensing stock options and other equity awards; the sufficiency of our capital resources; factors related to our outstanding debt, revolving credit facility, term loan and loan associated with 50 Fremont; compliance with our debt covenants and lease obligations; current and potential litigation involving us; and the impact of climate change. Further information on these and other factors that could affect the company’s financial results is included in the reports on Forms 10-K, 10-Q and 8-K and in other filings it makes with the Securities and Exchange Commission from time to time. These documents are available on the SEC Filings section of the Investor Information section of the company’s website at www.salesforce.com/investor. Salesforce.com, inc. assumes no obligation and does not intend to update these forward-looking statements, except as required by law.
  3. 3. Connect With Us! @SalesforceAdmns #AwesomeAdmin We’re also on and admin.salesforce.com
  4. 4. Join the Admin Trailhead Live Group for Q&A sforce.co/AdminLiveSessionGroup
  5. 5. The Importance of Habits “Habits are not a finish line to be crossed. They are a lifestyle to be lived.” ― James Clear
  6. 6. User Management Data Management Security Actionable Analytics Master Core Admin Responsibilities PERSONAL SUCCESS
  7. 7. User Management Actionable Analytics Data Management PERSONAL SUCCESS Master Core Admin Responsibilities Security
  8. 8. Data Management Security Actionable Analytics Master Core Admin ResponsibilitiesThe Importance of Security Ensure users have the proper level of access to the system and to the data to perform their job functions using industry best practices. Security
  9. 9. Protecting Data is a Partnership Salesforce Customer Salesforce Prepare customers for an evolving threat landscape Provide solutions that enable the customer to keep their data secure Educate customers on the need and options for enhanced security Customer Adopt the latest security controls and features available Continually monitor user behaviors and event logs Protect sensitive customer data in alignment with compliance standards
  10. 10. Record Persona Organization Can I log in? For how long? How many failed password attempts? Do we use Single Sign-On? Can I wipe a users mobile if it’s lost? Can a Salesforce Administrator see my files in the clear? What key is used for encryption? Field Can I see a field? Can I edit it? Can a Salesforce Administrator see the value in the clear? I can see the table but can I see a particular record? Can I edit it? Can I see a table? Can I insert? Can I update? Can I delete? Can I run reports? Do I have API access? Where can I log in from? What hours can I log in between? Do I need to use 2FA? Can I delete encryption keys? Can I do deployments? Key customer controlled security measures Protecting Your Data
  11. 11. Key customer controlled security measures Protecting Your Data Record Persona Organization Field Password Policies Single Sign-On Certificate & Key Management Multi-factor Authentication Permission SetsProfile Permission Set Groups IP Restrictions & Login Hours Manual & Programmatic Sharing Sharing Rules, Sets & Groups OrgWide Defaults Teams Territories Role Hierarchy Field Level Security
  12. 12. Principle of Least Privilege Users should have the least number of permissions necessary to do their job and nothing more.
  13. 13. Align with IT Analyze Logins Stay Informed Review Roles, Sharing, and Field Level Security Run Health Check Security Habits
  14. 14. Security Habits Run Health Check Align with IT Analyze Logins Stay Informed Review Roles, Sharing, and Field Level Security
  15. 15. Review Roles, Sharing, and Field-Level Security Assess your org-wide defaults on new objects Review sharing rule criteria and update if needed Double-check custom roles still match your business processes Test your field-level security by logging in as different users
  16. 16. Review Permission Sets and Permission Set Groups Group permission sets based on user roles for easier assignment Assign a permission set group to users Manage permission set groups like a user profile Sales Staff Permission Set Group
  17. 17. Define user’s access to fields on a given object Blueprint for FLS Review Field-Level Security Restrict access at the Profile level Modify settings on the Profile and Permission Sets
  18. 18. Sunday Monday Tuesday Wednesday Thursday Friday Saturday 29 30 31 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 1 2 Monthly Quarterly Annually Make It a Habit! 2021 Review Roles, Sharing, and FLS Confirm access levels. Weekly
  19. 19. Review Roles, Sharing, and Field Level Security Run Health Check Align with IT Analyze Logins Stay Informed Security Habits
  20. 20. Run Health Check Measure your Org’s security against Salesforce’s standard baseline Easily identify at-risk security settings Fix with one click for immediate results Customize based on your company’s compliance needs
  21. 21. Sunday Monday Tuesday Wednesday Thursday Friday Saturday 29 30 31 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 1 2 Monthly Quarterly Annually Make It a Habit! 2021 Run Health Check Benchmark to best practices. Review Roles, Sharing, and FLS Confirm access levels. Weekly
  22. 22. Review Roles, Sharing, and Field Level Security Run Health Check Align with IT Analyze Logins Stay Informed Security Habits
  23. 23. Align With IT Understand your company IT Security policies Coordinate employee onboarding and offboarding Require complex passwords, and define change intervals Configure Single Sign-On (SSO) if your company has it
  24. 24. Talk to IT About Multi-Factor Authentication Something you know Login Credentials Something you have Salesforce Authenticator TOTP Authenticator App Security Key MFA
  25. 25. Field Usage Current status of the field Classify Your Data for Compliance Data Owner Look-up to user or group Data Sensitivity Level Level of sensitivity of the data typically housed in the field Compliance Categorization Policy that this field is governed by (GDPR, etc.)
  26. 26. Sunday Monday Tuesday Wednesday Thursday Friday Saturday 29 30 31 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 1 2 Monthly Quarterly Annually Make It a Habit! 2021 Align with IT Ensure policy compliance. Run Health Check Benchmark to best practices. Review Roles, Sharing, and FLS Confirm access levels. Weekly
  27. 27. Laura Pelkey Sr. Manager, Security Customer Engagement Salesforce Expert Corner
  28. 28. Review Roles, Sharing, and Field Level Security Run Health Check Align with IT Analyze Logins Stay Informed Security Habits
  29. 29. Analyze Logins Review Login History and Identity Verification History Look for unusual locations or times of day Investigate repeated failed login attempts Hunt for clues!
  30. 30. Sunday Monday Tuesday Wednesday Thursday Friday Saturday 29 30 31 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 1 2 Monthly Quarterly Annually Make It a Habit! 2021 Analyze Logins Look for unusual patterns. Align with IT Ensure policy compliance. Run Health Check Benchmark to best practices. Review Roles, Sharing, and FLS Confirm access levels. Weekly
  31. 31. Demo Health Check Login Access Policies Multi-Factor Authentication Data Classification
  32. 32. Review Roles, Sharing, and Field Level Security Run Health Check Align with IT Analyze Logins Stay Informed Security Habits
  33. 33. Stay Informed Visit Salesforce security websites: - trust.salesforce.com/en/security - admin.salesforce.com/security Subscribe to the Admin Digest Read latest release notes security section Activate security-focused release updates in Setup
  34. 34. How to provide extra security for your apps with Single Sign-On Topics to stay informed on Start By Learning More About MFA and SSO How to enable Multi-Factor Authentication sforce.co/MFAAdminGuide sforce.co/UAModule
  35. 35. Sunday Monday Tuesday Wednesday Thursday Friday Saturday 29 30 31 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 1 2 Monthly Quarterly Annually Make It a Habit! 2021 Analyze Logins Look for unusual patterns. Align with IT Ensure policy compliance. Run Health Check Benchmark to best practices. Review Roles, Sharing, and FLS Confirm access levels. Weekly Stay Informed Learn about the latest in security.
  36. 36. Align with IT Analyze Logins Stay Informed Review Roles, Sharing, and Field Level Security Run Health Check Security Habits
  37. 37. Sunday Monday Tuesday Wednesday Thursday Friday Saturday 29 30 31 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 1 2 Monthly Quarterly Annually Your Security Habits 2021 Analyze Logins Look for unusual patterns. Align with IT Ensure policy compliance. Run Health Check Benchmark to best practices. Review Roles, Sharing, and FLS Confirm access levels. Weekly Stay Informed Learn about the latest in security.
  38. 38. Dive in and continue learningStart here User Management Data Management Security Actionable Analytics You Are Here! Join Us For The Whole Series! 12/11/20 Watch on-demand Watch on-demand
  39. 39. Connect With Us and Keep Learning! @SalesforceAdmns #AwesomeAdmin Salesforce Admins bit.ly/essentialhabitstrailmix
  40. 40. Q&A sforce.co/ AdminLiveSessionGroup Resources bit.ly/essentialhabitstrailmix Survey bit.ly/EHSecurity Wrapping Up
  41. 41. blog posts | podcasts | videos admin.salesforce.com

×