fbpx
    1. Blog
    2. When it comes to data security – who is responsible for ensuring best practice?

    When it comes to data security – who is responsible for ensuring best practice?

    One of the most important aspects of any implementation is data security. Projects of all sizes should go through this rigor to shield information, although the responsibility for ensuring best practice can fall to different areas depending on the size of the business.

    • Generally, large enterprises have internal IT security teams to thoroughly assess every addition to the enterprise. However, small and midsize businesses often don’t have such full-time staff. This difference raises the following questions in the context of SMBs:

      1. Who is responsible for ensuring data security during a new project?
      2. What happens when you discover that security best practices were not followed?

      For us at SalesFix the answer to the first question is simple, as Salesforce consultants, it is our responsibility.

      Regardless of the business size, it’s the responsibility of the consultants involved in any project to follow data security best practices. Security considerations start from the discovery phase and continue as part of post-production support and enhancement activities. At each step, there is an absolute need to advise our clients about data security related possible pros and cons. This helps our clients to make an informed decision on any specific requirement.

      In most of the projects, Salesforce is part of an enterprise where there are other systems involved that interact with Salesforce for information exchange. The external systems teams may or may not have Salesforce data security related information. Educating such teams about Salesforce specific data security best practices is also a mandatory activity for any successful implementation.

      Salesforce provides security controls at different levels. Each project has specific requirements, but the overall goal should always remain to take full advantage of data security controls. The required level of data access can be achieved through careful application of org-wide, objects, fields, and records level security. Additionally, all integrations with Salesforce should follow Salesforce recommended security guidelines and integration patterns for secure and effective use of resources.  

      With the Salesforce platform, there are many resources available that can be used to educate client teams in a focused way. One among them is Trailhead, a learning experience platform. Many client teams are also learning about the platform security offerings through Trailhead. 

      When you discover best practices were not followed

      Sometimes you start serving a client and, as part of the overall health check of the client’s existing Salesforce production application, you find that Salesforce recommended security best practices were not implemented. Again, it’s the responsibility of consultants involved in the health check to present the possible risks to the client. Often, it’s helpful to present with enough data points and examples to ensure the message is communicated clearly. Additionally, for each security gap, a mitigation approach should be documented which, includes whether any activity needs to happen after hours. Such a document helps the clients to approve the work based on the severity of security gaps. 

      Remain safe proactively

      Data security requires proactiveness from both consultants and system admins. As consultants, we need to stay alert by regularly conducting security audits of record modification, login history, field history tracking, and set up audit trail. Additionally, following every Salesforce release for new security features and regular health checks of the production application, also help in identifying any security gaps. While this is standard practice for us during a project, unless a managed services arrangement is in place, once a project is completed and handed over, this responsibility passes to the businesses system admin so, it is important they also stay alert.   

  • Salesforce CRM Health Check – Why You Need One Now

    Our CRM Health Check & Business Review is an inexpensive way to make sure your business is getting the most from your investment in people, processes and technology. Perfect for SMB’s who have had significant business change or growth in the past 1-2 years and are unsure what to do next.

    Learn More

  • 9 Tips to Conquer the world from home

    If you are new to working at home, it can be hard to switch into work mode every day. These nine tips may help you create a healthy and productive work from home environment.

    Learn More

  • Basics of The Salesforce Manufacturing Cloud Explained

    The Manufacturing Cloud is a Salesforce product that allows companies to see and collaborate between the sales and operations departments of a manufacturing company. The product allows workers to access information about customers through sales agreements and forecasting solutions. 

    Learn More