Data Protection for Salesforce

Introduction of Salesforce Event Monitoring

November 11th, 2014

Watch the Replay

Adam Torman

Director Product Management

Salesforce

atorman@salesforce.com

Today’s Panel

Andy Louca

Head of CRM & Business Information

Thomson Reuters GRC

andy.louca@thomsonreuters.com

Kurt Long

Founder

FairWarning, Inc.

Kurt@FairWarning.com

Agenda

• Overview of Salesforce Event Monitoring, Adam Torman

• Salesforce Data Protection in a Large Enterprise, Andy Louca

• Lessons Learned from our Trials, Kurt J. Long

• Q & A

Adam Torman Introduction

• Overview of Salesforce Event Monitoring

• Director Product Management

• @atorman

• Salesforcehacker.com – Best Practices Blog

Have you ever….

• needed to know what your partners are clicking on?

• needed to know what files your employees are downloading?

• needed to audit when ex-employees leave the company with your customer list?

• wanted to track the adoption of projects that you roll out on the Salesforce platform like S1, Chatter, or the FairWarning® app?

• wanted to track who did what, when they did it, where they did it from, how frequently they did it, and how quickly they did it can be a challenge

Why Audit Salesforce

• Salesforce is a mission critical application • Employees, partners, and customers in the form of users all

interact within the same organization• Tracking who did what, when they did it, where they did it from,

how frequently they did it• Audit for compliance, adoption, troubleshooting, or performance

monitoring• Use visualizations to explore and analyze the data

Auditing at Salesforce

Field History

TrackingSetup Audit

Trail

Debug Logs

Forensic

Investigations

API UsageSystem

Overview

Custom Object

Usage

Login HistoryAll images licensed from dryicons.com

Event Monitoring

Introducing Event Monitoring

Activity: Track detailed user activity including

location, IP range, browser, and app

information

Adoption: Track adoption of apps and the

success of IT initiatives

Audit: Identify and act on anomalies in user

behavior

Performance: Trend performance of your

people and your code

Log Types

APEX CALLOUT

APEX EXECUTION

APEX SOAP

APEX TRIGGER

API

ASYNC REPORT

BULK API

CHANGE SET OPERATION

CONTENT DISTRIBUTION

CONTENT DOCUMENT LINK

CONTENT TRANSFER

DASHBOARD

DOCUMENT ATTACHMENT DOWNLOADS

LOGIN

LOGIN AS

LOGOUT

MDAPI OPERATION

MULTI BLOCK REPORT

PACKAGE INSTALL

REPORT

REPORT EXPORT

REST API

SANDBOX

SITES

UI TRACKING (S1 Adoption)

URI

WORKFLOW

VISUALFORCE All images licensed from dryicons.com

Who, What, When, Where

WhoWhen WhereWhatHowLong

Tracking User Behavior

From Marc Benioff Contact Record, Clicked Edit Button

Edit

From Home Tab, Clicked on Marc Benioff Contact Record

/0033000000Vt4Od

Data Leakage Detection

Report URIWhoWhen Where Report ColumnsHow

Export

Report URI

Adoption Metrics

List Views Printed

Account Records Printed

Accounts Viewed

Mobile S1 Clicks

# of Users

Other Use Cases

• Application Performance Management

• Troubleshoot Issues

• Device Adoption

• Anomaly Detection

How do I get it?

• Add-on Price for Enterprise, Unlimited, and Performance Editions: 30 Day Data Retention

• Free for Developer Edition: 1 Day Data Retention

– http://bit.ly/deSignup

Andy Louca Introduction

• Salesforce Data Protection in a Large Enterprise

• Head of CRM & Business Information

• Thomson Reuters GRC

• andy.louca@thomsonreuters.com

Managing Your Security

• At a Salesforce Org Level– Sharing rules– Password Policies (expiry time,

complexity, login attempts, Lock out period)

– Single Sign-On– Session settings, Caching, Identity

Confirmation (Email/SMS)– Trusted IP Ranges– Expire all Passwords

– File Upload & Download Security

Managing Your Security

• At a Salesforce Profile Level– IP Range Accessibility– Defined Business Hours– Object Accessibility– Field Level Security– App Permissions– Visualforce Page Access– API Enablement– Permission Sets– Export Rights– Connected Apps (e.g. Dataloader/other

Apps)– Desktop Client Access (Offline, Connect

for Office, Outlook)

High Level Security Matrix

Internal External Both

Sharing Rules High Medium Medium

Field Accessibility High High High

Password Policies High Low Low

Risk Identity Confirmation Low Medium Low

Two Factor Authentication Low High Medium

Trusted IP Range by Profile Low High Medium

Data Export Profile Management Medium Medium Medium

Kurt Long Introduction

• Lessons Learned from our Trials

• Founder FairWarning®

• @KurtJamesLong

• Kurt on LinkedIn - http://goo.gl/9guOsm

• FairWarning® on LinkedIn - http://goo.gl/46rSkE

How it Works

28 Event Monitoring

Log Files

Trials with Salesforce Customers

• User Activity Monitoring

– Media and Finance

– Financial Services

– Healthcare Insurance

– Technology

– Large and medium enterprises

High Demand

Drivers

– Protection against data theft

– Plus regulation: HIPAA, EU Data Protection Act,

UK Data Protection Act, SOX 404 IT controls,

PCI, PIPEDA, FFIEC

– User adoption

Roles

– Director, Manager of Salesforce-CRM

– Salesforce System Administrators

– Information Security

Fills an important gap in Salesforce Data Protection

General Lessons Learned

• Results must be easy-to-interpret for a business user

• Visualization, trending, graphing for reports

• Standard and Custom Objects

• Multi-org support

• Limited IT support requires ease-of-deployment, low-no maintenance

Use Cases - Lessons Learned

• Incident Management - Vital to Wrongful Termination Defense, eDiscovery, Law Enforcement

• Forensic Investigations - “If you wait, it’s too late”

• Monitoring & Alerting - Establish Success with Focus on Specific Use Cases

FairWarning® for SalesforceForensics, Reporting, Monitoring, Alerting, Incident Management

User Activity Reports

Proactive Breach Detection Analytics and Alerts

Investigationsand Legal Defense

Automated Monthly

Effectiveness Reports

Governance & Compliance Effectiveness

Risk and Audit Dashboards

Why FairWarning® for Salesforce

More Information

Salesforce World Tour Dates at which FairWarning® is exhibiting

http://www.fairwarning.com/news-and-events/upcoming-events

FairWarning® for Salesforce Videohttp://goo.gl/4w3NqV

Solution Demonstration

salesforce@FairWarning.com

White Papersalesforce@FairWarning.com

Pricing & Availability

• Salesforce Event Monitoring: Ask Salesforce account manager

• FairWarning® for Salesforce: Tiered pricing based on the number of users in your Salesforce Org

PRICING

• Salesforce Event Monitoring: Ask Salesforce account manager

• FairWarning® for Salesforce: Dependent on availability of Salesforce event monitoring

AVAILABILITY

Andy Louca, Thomson Reuters

Q&A

Adam Torman, Salesforce Kurt Long, FairWarning ®