Securing Salesforce requires in-depth knowledge of its complex and ever changing features, user privilege terminology and settings, third-party OAuth apps and App Exchange extensions , etc. in order to implement appropriate security measures. In many cases, security teams lack the knowledge and expertise in Salesforce, which makes it difficult to detect risks and misconfigurations such as new admins, users that login without corporate SSO, and third-party integrations. The Valence Platform enables security teams to manage and remediate Salesforce security risks by collaborating with business users through automated workflows.
Krebs on Security recently posted that numerous organizations, including banks and healthcare providers, are leaking sensitive info from public Salesforce Community websites due to misconfiguration. This allows unauthenticated users to access private records. Recent cases like the Vermont state and Washington D.C. government exposed sensitive data such as names, SSNs, and bank account info. Salesforce advises customers to use their Guest User Access Report Package and follow best practices when configuring guest user profiles.
Valence’s automated remediation workflows enables security teams to engage with Salesforce admins and business users throughout the remediation process. This gives security teams insights into business context for Salesforce adoption and usage, enables them to encourage business users to remediate risks themselves which reduces the effort required for security teams to remediate Salesforce security risks and educates them on Salesforce security best practices.
With Valence, you can detect and track identities that are not managed by your Identity Provider (IdP), overprivileged users and weak authentication that doesn’t leverage best practices such as MFA. You can then automatically remediate these risks to prevent account compromise and data loss breaches.
Salesforce is a repository for your organization’s most sensitive data–customer PII, internal sales documents and product info yet its data sharing capabilities are often overlooked. Files can be broadly shared through Salesforce sites and Chatter conversations (Salesforce’s built in Bulletin Board). Valence secures against indiscriminate sharing of data by ensuring that sharing privileges follow company policies and privilege creep is continuously identified and right-sized.
Salesforce has evolved beyond a stand-alone CRM to become a robust sales and marketing platform, encouraging business users to connect it to third-party integrations like Marketo, Salesloft and Gong via the Salesforce App Exchange or OAuth tokens. These integrations can increase the risk of supply chain attacks, account takeovers and data loss. Valence enables security teams to uncover misconfigured, inactive and over privileged integrations for continuous remediation.
Valence's collaborative SaaS security platform provides security teams with unparalleled visibility and control to identify and remediate Salesforce misconfigurations and privilege drift, as well provide security controls around third-party SaaS-to-SaaS integrations, and unmanaged SaaS users.