1. Blog
    2. When it comes to data security – who is responsible for ensuring best practice?

    When it comes to data security – who is responsible for ensuring best practice?

    One of the most important aspects of any implementation is data security. Projects of all sizes should go through this rigor to shield information, although the responsibility for ensuring best practice can fall to different areas depending on the size of the business.

    • Generally, large enterprises have internal IT security teams to thoroughly assess every addition to the enterprise. However, small and midsize businesses often don’t have such full-time staff. This difference raises the following questions in the context of SMBs:

      1. Who is responsible for ensuring data security during a new project?
      2. What happens when you discover that security best practices were not followed?

      For us at SalesFix the answer to the first question is simple, as Salesforce consultants, it is our responsibility.

      Regardless of the business size, it’s the responsibility of the consultants involved in any project to follow data security best practices. Security considerations start from the discovery phase and continue as part of post-production support and enhancement activities. At each step, there is an absolute need to advise our clients about data security related possible pros and cons. This helps our clients to make an informed decision on any specific requirement.

      In most of the projects, Salesforce is part of an enterprise where there are other systems involved that interact with Salesforce for information exchange. The external systems teams may or may not have Salesforce data security related information. Educating such teams about Salesforce specific data security best practices is also a mandatory activity for any successful implementation.

      Salesforce provides security controls at different levels. Each project has specific requirements, but the overall goal should always remain to take full advantage of data security controls. The required level of data access can be achieved through careful application of org-wide, objects, fields, and records level security. Additionally, all integrations with Salesforce should follow Salesforce recommended security guidelines and integration patterns for secure and effective use of resources.  

      With the Salesforce platform, there are many resources available that can be used to educate client teams in a focused way. One among them is Trailhead, a learning experience platform. Many client teams are also learning about the platform security offerings through Trailhead. 

      When you discover best practices were not followed

      Sometimes you start serving a client and, as part of the overall health check of the client’s existing Salesforce production application, you find that Salesforce recommended security best practices were not implemented. Again, it’s the responsibility of consultants involved in the health check to present the possible risks to the client. Often, it’s helpful to present with enough data points and examples to ensure the message is communicated clearly. Additionally, for each security gap, a mitigation approach should be documented which, includes whether any activity needs to happen after hours. Such a document helps the clients to approve the work based on the severity of security gaps. 

      Remain safe proactively

      Data security requires proactiveness from both consultants and system admins. As consultants, we need to stay alert by regularly conducting security audits of record modification, login history, field history tracking, and set up audit trail. Additionally, following every Salesforce release for new security features and regular health checks of the production application, also help in identifying any security gaps. While this is standard practice for us during a project, unless a managed services arrangement is in place, once a project is completed and handed over, this responsibility passes to the businesses system admin so, it is important they also stay alert.   

  • 2020: Highlights, challenges and looking forward

    When the clocks ticked over to 2020 on January 1 this year, no-one could have known what a tumultuous year it would turn out to be. If you’d told the party revellers that within 4 months, the world would be gripped by a health epidemic and borders would close, events would be cancelled, and people’s movements restricted due to lockdowns, they would have no doubt looked at you like you had already partied too much.

    Learn More

  • Confessions of a people manager

    So here’s a secret: when the energy in a team is positive, collectively the team can achieve something astounding. People energised around an ambitious goal transform into a powerful force.

    Learn More

  • Journey from Admin to Consultant

    One of the advantages being part of the Salesforce ecosystem offers is the ability to upskill or change direction throughout the course of your career.

    Learn More