Salesforce Security Archives - gettectonic.com
Data Governance for the AI Enterprise
27Sep

Data Governance for the AI Enterprise

Salesforce Introduces Data Governance for the AI Enterprise Salesforce this month unveiled Data Governance for the AI Enterprise, a comprehensive suite of tools designed to help IT teams navigate the growing regulatory landscape surrounding generative AI. Why it matters: As governments worldwide work to implement stricter rules governing the use of AI, like the EU’s AI Act, data governance has become a top priority for businesses. According to Salesforce research, ensuring robust data security and governance is now the leading concern for Chief Data Officers. Cloud Data Security & Privacy SolutionsExplore the new suite: How Salesforce’s Data Governance for the AI Enterprise Can Help: Salesforce’s latest solution is designed to help companies proactively address both current and future regulations. Built on the Salesforce platform and integrated with Data Cloud, the suite offers advanced data management, enhanced security, and privacy features: Salesforce’s perspective:“Data governance is a top priority for every organization deploying AI, especially given the complexity of the regulatory landscape,” said Alice Steinglass, EVP and GM for Salesforce Platform. “Our Data Governance for the AI Enterprise suite equips businesses to tackle these challenges.” Customer success story:“Data encryption is essential to our data governance strategy,” said James Ferguson, Principal Security Architect at AWS. “With Salesforce’s flexible encryption solutions, we can maintain top-tier security while delivering innovative customer experiences.” Availability: For Data Cloud users: Like Related Posts Salesforce OEM AppExchange Expanding its reach beyond CRM, Salesforce.com has launched a new service called AppExchange OEM Edition, aimed at non-CRM service providers. Read more The Salesforce Story In Marc Benioff’s own words How did salesforce.com grow from a start up in a rented apartment into the world’s Read more Salesforce Jigsaw Salesforce.com, a prominent figure in cloud computing, has finalized a deal to acquire Jigsaw, a wiki-style business contact database, for Read more Health Cloud Brings Healthcare Transformation Following swiftly after last week’s successful launch of Financial Services Cloud, Salesforce has announced the second installment in its series Read more

Read More
September 27, 2024in Data, Enterprise, Generative AI, Hyperforce, Salesforce, Salesforce Shield
Salesforce Einstein Copilot Security
27Sep

Salesforce Einstein Copilot Security

Salesforce Einstein Copilot Security: How It Works and Key Risks to Mitigate for a Safe Rollout With the official rollout of Salesforce Einstein Copilot, this conversational AI assistant is set to transform how sales, marketing, and customer service teams interact with both customers and internal documentation. Einstein Copilot understands natural language queries, streamlining daily tasks such as answering questions, generating insights, and performing actions across Salesforce to boost productivity. Salesforce Einstein Copilot Security However, alongside the productivity gains, it’s essential to address potential risks and ensure a secure implementation. This Tectonic insight covers: Einstein Copilot Use Cases Einstein Copilot enables users to: All of these actions can be performed with simple, natural language prompts, improving efficiency and outcomes. How Einstein Copilot Works Here’s a simplified breakdown of how Einstein Copilot processes prompts: The Einstein Trust Layer Salesforce has built the Einstein Trust Layer to ensure customer data is secure. Customer data processed by Einstein Copilot is encrypted, and no data is retained on the backend. Sensitive data, such as PII (Personally Identifiable Information), PCI (Payment Card Information), and PHI (Protected Health Information), is masked to ensure privacy. Additionally, the Trust Layer reduces biased, toxic, and unethical outputs by leveraging toxic language detection. Importantly, Salesforce guarantees that customer data will not be used to train the AI models behind Einstein Copilot or be shared with third parties. The Shared Responsibility Model Salesforce’s security approach is based on a shared responsibility model: This collaborative model ensures a higher level of security and trust between Salesforce and its customers. Best Practices for Securing Einstein Copilot Rollout Prepare Your Salesforce Org for Einstein Copilot To ensure a smooth rollout, it’s critical to assess your Salesforce security posture and ready your data. Tools like Salesforce Shield can help organizations by: By following these steps, you can utilize the power of Einstein Copilot while ensuring the security and integrity of your data. Like1 Related Posts Salesforce OEM AppExchange Expanding its reach beyond CRM, Salesforce.com has launched a new service called AppExchange OEM Edition, aimed at non-CRM service providers. Read more The Salesforce Story In Marc Benioff’s own words How did salesforce.com grow from a start up in a rented apartment into the world’s Read more Salesforce Jigsaw Salesforce.com, a prominent figure in cloud computing, has finalized a deal to acquire Jigsaw, a wiki-style business contact database, for Read more Health Cloud Brings Healthcare Transformation Following swiftly after last week’s successful launch of Financial Services Cloud, Salesforce has announced the second installment in its series Read more

Read More
September 27, 2024in Data, Enterprise, Salesforce, Salesforce Data Cloud, Salesforce Einstein
Adopting Salesforce Security Policies
07Sep

Adopting Salesforce Security Policies

Data breaches reached an all-time high in 2023, affecting more than 234 million individuals, and there’s no sign of the trend slowing down. At the center of this challenge is how organizations allocate resources to safeguard customer data. One of the most critical systems for managing this data is CRM platforms like Salesforce, used by over 150,000 U.S. businesses. However, security blind spots within Salesforce continue to pose significant risks. To address these concerns, the National Institute of Standards and Technology (NIST) offers a strategic framework for Salesforce security teams. In February 2024, NIST released Version 2.0 of its Cybersecurity Framework (CSF), marking the first major update in a decade. Key improvements include the introduction of a new “Govern” function, streamlining of categories to simplify usability, and updates to the “Respond” function to enhance incident management. This framework now applies across all industries, not just critical infrastructure. For Salesforce security leaders, these changes will significantly affect how they manage security, from aligning Salesforce practices with enterprise risk strategies to strengthening oversight of third-party apps. Here’s how these updates will influence Salesforce security going forward. What is the NIST Cybersecurity Framework 2.0? The NIST Cybersecurity Framework, first launched in 2014, was developed after an executive order by President Obama, aiming to provide a standardized set of guidelines to improve cybersecurity across critical infrastructure. The framework’s objectives include: The newly updated NIST CSF 2.0, released in 2024, expands on the original framework, providing organizations with structured, yet flexible, guidance for managing cybersecurity risks. It revolves around three core components: the CSF Core, CSF Profiles, and CSF Tiers. Key Components of NIST Cybersecurity Framework 2.0 These components help organizations understand, assess, and improve their cybersecurity posture, forming the basis for risk-informed strategies that align with organizational needs and the evolving threat landscape. Key Updates in the NIST Cybersecurity Framework 2.0 and Their Impact on Salesforce Security The 2024 updates to NIST CSF offer insights that Salesforce security leaders can use to align their strategies with evolving cybersecurity risks. Implementation Strategies for Salesforce Security Leaders To incorporate CSF 2.0 into Salesforce security operations, leaders should: Conclusion: Embracing NIST CSF 2.0 to Strengthen Salesforce Security The 2024 NIST Cybersecurity Framework updates offer crucial insights for Salesforce security leaders. By adopting these practices, organizations can enhance data protection, strengthen incident response capabilities, and ensure business continuity—critical for those relying on Salesforce for managing sensitive customer data. Like Related Posts Salesforce OEM AppExchange Expanding its reach beyond CRM, Salesforce.com has launched a new service called AppExchange OEM Edition, aimed at non-CRM service providers. Read more The Salesforce Story In Marc Benioff’s own words How did salesforce.com grow from a start up in a rented apartment into the world’s Read more Salesforce Jigsaw Salesforce.com, a prominent figure in cloud computing, has finalized a deal to acquire Jigsaw, a wiki-style business contact database, for Read more Health Cloud Brings Healthcare Transformation Following swiftly after last week’s successful launch of Financial Services Cloud, Salesforce has announced the second installment in its series Read more

Read More
September 7, 2024in Data, Enterprise, Salesforce, Salesforce Shield, Technology
Legacy Salesforce URL Redirection Retires
31Mar

Legacy Salesforce URL Redirection Retires

Legacy Salesforce URL Redirection Retires – Salesforce Announcement Security Notification At Salesforce, we understand that the confidentiality, integrity, and availability of your data is vital to your business, and we take the protection of your data very seriously. We’re writing to remind you that redirections for some of your Salesforce orgs’ URLs stop in the Winter ’25 release, starting in August 2024 for sandboxes and in September 2024 for production orgs. We highly encourage you to test for this change and update all references to your previous URLs before those redirections stop. Security Notification Why the Change? To comply with the latest browser and security standards, Salesforce recently required that customers deploy enhanced domains. This feature updated the hostname formats for the domains that serve Salesforce orgs. To reduce the impact of this change, your previous hostnames are redirected by default. However, to meet Salesforce security standards, some of the previous domains will be retired in 2024. The corresponding redirections stop in the Winter ’25 release. Why the Change? Actions Required Review the affected hostnames and how you can disable the redirections for testing. For details, see Prepare for the End of Redirections for Non-Enhanced Domains in Salesforce Help. Additional Resources Salesforce Enhanced Domains FAQSalesforce Help: Prepare for the End of Redirections for Non-Enhanced DomainsSalesforce Help: Log My Domain Hostname RedirectionsSalesforce Help: Enhanced Domains TimelineTo ask questions about enhanced domains, visit our monitored My Domain and Enhanced Domains group in the Trailblazer Community.We appreciate your trust in us as we continue to make your success and security our top priorities. Additional Resources Legacy Salesforce URL Redirection Retires Prepare for the End of Redirections for Non-Enhanced Domains After enhanced domains are deployed, your previous non-enhanced hostnames are redirected. Those redirections stop in Winter ’25, starting in August 2024 for sandboxes.. Review the affected hostnames and how you can disable the redirections to test before Salesforce disables them. REQUIRED EDITIONS Available in: both Salesforce Classic (not available in all orgs) and Lightning Experience Available in: Group, Essentials, Professional, Enterprise, Performance, Unlimited, and Developer Editions After enhanced domains are deployed, Salesforce redirects two categories of non-enhanced hostnames. To see if redirections are in place for a previous My Domain, check the Redirections section of the My Domain Setup page. NOTE My Domain URL redirections help prevent disruption, but they’re not intended as a permanent solution. Not all services work well with redirections, and a redirection adds a step to the process of loading the final web page. When you deploy enhanced domains, we highly recommend that you disable redirections during testing and update all references to your old URLs. Track the Source of Redirections You can search the metadata for your org to determine where the impacted URLs are used in Salesforce, but discovering all the other places that your URLs are used can be more complex. For example, site URLs and content URLs can be used on your website, social media pages, marketing materials, and templates such as email signatures and automated responses. To help you identify these locations outside of Salesforce, the Hostname Redirects log includes the referrer and origin sent with each request that Salesforce redirects. For more information, see Log My Domain Hostname Redirections. Notify Users During Redirections To help your users update outdated links and bookmarks, display a brief message during the redirection that provides the current URL. See Manage My Domain Redirections. Previous *.force.com Site Hostnames When you enable and deploy enhanced domains, the hostname formats change for your Experience Cloud sites and Salesforce Sites. To minimize potential disruption, the *.force.com hostnames that Salesforce hosted for your sites are redirected to your current site hostnames. Those redirections remain in place until Winter ’25 or until you disable these redirections. To disable these redirections for testing purposes, use an option in the Redirections section of the My Domain page and test. For more information, see Disable Redirections for Your Previous Force.com Site URLs. For the replacement format for each of these hostnames, see My Domain URL Format Changes When You Enable Enhanced Domains. To better understand the purpose of each hostname type and whether it applies to you, see My Domain Hostnames. Here are the *.force.com site hostnames for a production org that are temporarily redirected after you enable and deploy enhanced domains. Here are the .*force.com site hostnames for a sandbox that are temporarily redirected after you enable and deploy enhanced domains. Other Non-Enhanced My Domain Hostnames When you enable and deploy enhanced domains, your other previous non-enhanced My Domain hostnames are redirected. Those redirections remain in place until Winter ’25 or until you disable these redirections. For the type and the replacement format for each of these hostnames, see My Domain URL Format Changes When You Enable Enhanced Domains. To better understand the purpose of each hostname type and whether it applies to you, see My Domain Hostnames. NOTE If you deploy another My Domain change after you enable and deploy enhanced domains, these hostnames are no longer redirected. For more information, see Understand Redirections for Previous My Domain Hostnames. To disable the redirections of these non-enhanced My Domain hostnames for testing purposes, you can temporarily disable your previous My Domain. For more information, see Disable or Remove Your Previous My Domain. Here are the non-enhanced hostnames for a production org that are temporarily redirected after you enable and deploy enhanced domains. Here are the non-enhanced hostnames for a sandbox that are temporarily redirected after you enable and deploy enhanced domains. 1 If your installed package is unmanaged, the package name is c. Instanced URLs Without My Domain If your org was created before October 2020, you didn’t get a My Domain by default. In that case, your users accessed Salesforce with these hostnames that contained your instance name but not your My Domain name. These hostnames are redirected if the Instanced URL setting in the Redirections section on the My Domain Setup page is set to Redirect to the same page within the domain

Read More
March 31, 2024in Hyperforce, Salesforce, Salesforce Experience Cloud
Salesforce Security and Privacy
02Nov

Salesforce Security and Privacy

Tailor Salesforce security and privacy add-on solutions to fit your specific company needs, covering essential aspects such as monitoring and masking sensitive data, implementing backups to prevent accidental or malicious data loss, and ensuring compliance with evolving privacy, encryption, and data residency regulations. Maintaining data privacy and compliance is made easier with user-friendly tools that streamline processes in Salesforce. Reduce compliance costs and enhance customer data protection by automating data subject requests, managing consent efficiently, and consolidating identities into a single profile. Simplify privacy management while safeguarding customer data effectively. Protecting data in production involves various strategies to meet legal obligations and minimize risk. Utilize methods such as randomization for unique data, hardcoding for static values, and deletion when data is unnecessary. Additionally, minimize storage in your production org by automatically deleting old records and files, removing audit data, and implementing hard deletion when appropriate. Automate data subject requests to save time and ensure efficient processing. Create policies to fulfill Right To Be Forgotten and Data Subject Access Requests automatically, monitor request progress, and utilize Privacy Hold to prevent data anonymization or deletion. Streamline customer consent management with Preference Manager, capturing customer preferences to maintain compliance and trust. Use customizable templates for consent forms, enable customers to update preferences easily, and integrate responses into the Salesforce Consent Data Model for consistency. Secure access management and unify customer identities across diverse sources. Administer customer profiles seamlessly within Salesforce, tailor customer journeys across various channels, and enhance personalization. Implement Passwordless Login for a simplified registration and access experience, catering to mobile-first markets and enhancing user convenience. Enable Social Sign On to streamline registration using familiar social credentials, reducing friction and improving the overall user experience. Maximize ROI with Salesforce’s Success Ecosystem, offering support, expert guidance, and resources to unlock the full potential of your investment. Salesforce prioritizes security and transparency, providing robust data processing mechanisms and privacy commitments to ensure compliance with data protection laws. As the leading CRM platform, Salesforce empowers organizations to build trust while leveraging data intelligence to enhance customer experiences. Embrace a Zero Trust security strategy, grounded in the principle of least privilege, to fortify your organization’s security posture. Implementing Zero Trust requires continuous authentication and restricting access to essential resources, mitigating the risk of unauthorized network access. Adhere to the Principle of Least Privilege within your Salesforce org by granting minimal permissions necessary for users’ roles. Conduct regular privilege audits to prevent over-privileged users and maintain compliance with security best practices. Stay informed about upcoming changes, such as the end-of-life of permissions on profiles, and explore additional security measures to strengthen your Salesforce instance’s security further. Ensure data security at rest with encryption-enabled databases and adherence to regional data laws, such as GDPR. Salesforce’s secure server environment and robust firewall technologies protect customer data from external intruders. In order to keep your data secure and private, prioritize data privacy and security in your Salesforce implementation by leveraging tailored solutions, adopting best practices, and fostering collaboration between your organization, Salesforce, and security teams. For assistance doing an audit of your system’s security or adding security features, contact Tectonic today. Content updated March 2024. Like1 Related Posts Salesforce OEM AppExchange Expanding its reach beyond CRM, Salesforce.com has launched a new service called AppExchange OEM Edition, aimed at non-CRM service providers. Read more The Salesforce Story In Marc Benioff’s own words How did salesforce.com grow from a start up in a rented apartment into the world’s Read more Salesforce Jigsaw Salesforce.com, a prominent figure in cloud computing, has finalized a deal to acquire Jigsaw, a wiki-style business contact database, for Read more Health Cloud Brings Healthcare Transformation Following swiftly after last week’s successful launch of Financial Services Cloud, Salesforce has announced the second installment in its series Read more

Read More
November 2, 2022in Data, Laws, Salesforce

Subscribe to our mailing list. Join our mail list to receive our newsletter

We'll keep you up to date with our latest news, insights, free resources, and much more.
Don't worry, we won't spam you.
gettectonic.com