When did you last check your Salesforce security settings? Data security is a top priority for many organisations, and this has only been exacerbated since the announcement of GDPR. Just like ourselves, without regular checkups, your Org might not be as healthy as you thought.
By using Salesforce, there are a lot of things that you don’t need to worry about, as they have you covered. However, they do leave you with the responsibility to set security levels on many things such as password security.
Time for a Health Check
Security in Salesforce can seem a bit confusing if you don’t know what you are looking for. There are a lot of settings in many areas of the system.
Luckily, Salesforce provides a security health check that helps you identify and fix potential vulnerabilities all in a single place.
Although the settings and score are generally static, Salesforce occasionally changes the benchmark or introduces new settings. These settings can cause your score to drop. I recommend that you are inline or improve on the Salesforce baseline standards.
As well as the Salesforce baseline, you can create your own benchmark. In your baseline, you can set your company security standards and measure against these instead. This makes it easier to detect if Salesforce has added in any new settings as your score will drop below 100%.
What does the report look at?
Four risk profiles help you to guide your priority order; High-Risk, Medium-Risk, Low-Risk and Informational. Without these, you may not be aware of how critical some settings are.
Within each risk profile, you will see a line for each setting with a status of Critical, Warning or Compliant.
You will also see your current value and the Salesforce benchmark recommended value.
Each setting is then grouped with other similar settings; these include:
- Password Policies – How complex passwords need to be, how often they must be changed and when/how long user should be locked out for.
- Session Settings – How long a user can be inactive for, additional security protections and two-factor-authentication.
- Certificate and Key Management – Managing certificates for single sign-on or API’s and set encryption Keys.
Why should I run a health check?
I recommended that you take advantage of native functionality and align as closely as possible to Salesforce’s standards. This will enhance system performance and reduce the risk of Salesforce releases causing an impact to your customisations.
As a minimum, I recommend that you run a health check before each major Salesforce release, as this is when critical updates & new settings are introduced.