Describes the physical & data security plus redundence features Salesforce uses

1. Security
Best of Breed Data Centers

2. Fully Mirrored Cloud Computing Infrastructure
Continued Investments. Unparalleled Confidence.
 Unmatched Reliability  Maximum Uptime & Performance  Trusted Security
 Two (soon to be 3) mirrored  Carrier neutral network strategy  World-class security specs
production data centers plus a  SAS 70 Type II and SysTrust
 No single points of failure
production-class lab facility
 Carrier level scalability Certified
 Near real time replication
between facilities  Extensive use of high availability  ISO 27001 Certified
 Validated disaster recovery
server and network technologies  Secure point-to-point data
 MPLS based backbone
replication
 Secure custody of customer
data and backups
Production-Class R&D Lab
& Tape Archive (CA) Back-Up Production
Data Center (VA)
Asia Pacific Production
Datacenter (Singapore
Winter ‘08)
Main Production
Data Center (CA)

3. Security: Facilities
Maximum Facilities Security
 24 x 365 on-site security
 All doors, including cages, are secured with biometric hand
geometry readers.
 Five levels of biometric scanning including man-traps required
to reach Salesforce cages
 Fully anonymous exteriors
 Digital camera (CCTV) coverage of entire facility
 Entire perimeter bounded by concrete bollards/planters
 A silent alarm and automatic notification of appropriate law
enforcement officials protect all exterior entrances.
 CCTV integrated with access control and alarm system.
 Motion-detection for lighting and CCTV coverage.

4. World-Class Infrastructure
Delivering leading On-Demand availability
 Two mirrored data centers plus a production-scale lab facility
– 18,000 total sq. feet of cage space
– Mirroring is about more than just having a copy of your data
– Salesforce maintains a full-scale replica of the production facility as well
as your data
 Power: Diesel Generators for backup power supply
 Next generation UPS systems (N+1)
 Five- Hitec Rotary Continuous Power Supplies rated for 4,980kW (n +1)
 Rotating fly-wheel generator provides UPS and Diesel generator start-up
 Two- Detroit Diesel engine 2mW Generators for a total of 4,980kW (n +1)
 Eliminates potentially risky UPS battery maintenance
 25,000 gallon diesel fuel tanks supported by two fuel vendors
 Cooling
– Precision, N+1 HVAC
– Guaranteed by backup water supply
– On-site dedicated wells

5. Network
Industry leading performance, scalability and redundancy
 Carrier-class and carrier-neutral model: multiple transit
vendors
 AboveNet
 MCI
 Level 3
 NTT
 Equinix Exchange
 Sprint
 Multi-gigabit IP transit for external customer service
 Lightning-fast performance worldwide
 Data centers located at core Internet hubs
 Access to thousands of global Internet peering points delivering
global high performance access
 Private peering with key carriers and partners (15+)
 MPLS/VPLS based backbone
 Enables near real-time replication for availability and disaster
recovery

6. Security
 Dedicated Security Organization
 Strategy/Charter
 Mitigate risks while complying with legal, statutory, contractual, and internally
developed requirements
 Develop and enforce policies and procedures
– Design and secure information systems using
security domains, defense in-depth and least privilege principles
– Develop and integrate security architecture into business processes (CobiT,
ISO27001)
– Conduct employee security awareness training classes
– Perform regular vulnerability assessments and audits
 Addresses all layers
– Physical Security
– Logical Network Security
– Host Security
– Transmission Level Security
– Database Security

7. External Vulnerability Assessments
 MSSPs include SPI Dynamics, Solutionary, Symantec
 Network Assessments and Application Assessments
 Assessments cover the following:
• Cross-Site Scripting • Directory Enumeration
• Input validation • Authentication and Session
• Buffer Overflow Management
• SQL Injection • Web Server Assessment
• Directory Traversal • HTTP Compliance
• Parameter Overflow • SSL Support and Strength
• Path Manipulation • Certificate Analysis
• Command Execution • Content Investigation
• Path Truncation • Spam Gateway Detection
• Character Encoding • Developer Comments
• Character Stripping • Absolute Path Detection
• Site Search • Error Handling
• Application Mapping • Permissions Assessment
• Automatic Form-Filling • Brute Force Authentication attacks
• Configuration Management • Known Attacks
• Proxy Support • Session Hijacking
• Parameter Injection • Horizontal Attacks
• Insecure Storage
 Executive Summaries available upon request