data protection for salesforce - fairwarning...data protection for salesforce introduction of...
TRANSCRIPT
Data Protection for Salesforce
Introduction of Salesforce Event Monitoring
November 11th, 2014
Watch the Replay
Adam Torman
Director Product Management
Salesforce
Today’s Panel
Andy Louca
Head of CRM & Business Information
Thomson Reuters GRC
Kurt Long
Founder
FairWarning, Inc.
Agenda
• Overview of Salesforce Event Monitoring, Adam Torman
• Salesforce Data Protection in a Large Enterprise, Andy Louca
• Lessons Learned from our Trials, Kurt J. Long
• Q & A
Adam Torman Introduction
• Overview of Salesforce Event Monitoring
• Director Product Management
• @atorman
• Salesforcehacker.com – Best Practices Blog
Have you ever….
• needed to know what your partners are clicking on?
• needed to know what files your employees are downloading?
• needed to audit when ex-employees leave the company with your customer list?
• wanted to track the adoption of projects that you roll out on the Salesforce platform like S1, Chatter, or the FairWarning® app?
• wanted to track who did what, when they did it, where they did it from, how frequently they did it, and how quickly they did it can be a challenge
Why Audit Salesforce
• Salesforce is a mission critical application • Employees, partners, and customers in the form of users all
interact within the same organization• Tracking who did what, when they did it, where they did it from,
how frequently they did it• Audit for compliance, adoption, troubleshooting, or performance
monitoring• Use visualizations to explore and analyze the data
Auditing at Salesforce
Field History
TrackingSetup Audit
Trail
Debug Logs
Forensic
Investigations
API UsageSystem
Overview
Custom Object
Usage
Login HistoryAll images licensed from dryicons.com
Event Monitoring
Introducing Event Monitoring
Activity: Track detailed user activity including
location, IP range, browser, and app
information
Adoption: Track adoption of apps and the
success of IT initiatives
Audit: Identify and act on anomalies in user
behavior
Performance: Trend performance of your
people and your code
Log Types
APEX CALLOUT
APEX EXECUTION
APEX SOAP
APEX TRIGGER
API
ASYNC REPORT
BULK API
CHANGE SET OPERATION
CONTENT DISTRIBUTION
CONTENT DOCUMENT LINK
CONTENT TRANSFER
DASHBOARD
DOCUMENT ATTACHMENT DOWNLOADS
LOGIN
LOGIN AS
LOGOUT
MDAPI OPERATION
MULTI BLOCK REPORT
PACKAGE INSTALL
REPORT
REPORT EXPORT
REST API
SANDBOX
SITES
UI TRACKING (S1 Adoption)
URI
WORKFLOW
VISUALFORCE All images licensed from dryicons.com
Who, What, When, Where
WhoWhen WhereWhatHowLong
Tracking User Behavior
From Marc Benioff Contact Record, Clicked Edit Button
Edit
From Home Tab, Clicked on Marc Benioff Contact Record
/0033000000Vt4Od
Data Leakage Detection
Report URIWhoWhen Where Report ColumnsHow
Export
Report URI
Adoption Metrics
List Views Printed
Account Records Printed
Accounts Viewed
Mobile S1 Clicks
# of Users
Other Use Cases
• Application Performance Management
• Troubleshoot Issues
• Device Adoption
• Anomaly Detection
How do I get it?
• Add-on Price for Enterprise, Unlimited, and Performance Editions: 30 Day Data Retention
• Free for Developer Edition: 1 Day Data Retention
– http://bit.ly/deSignup
Andy Louca Introduction
• Salesforce Data Protection in a Large Enterprise
• Head of CRM & Business Information
• Thomson Reuters GRC
Managing Your Security
• At a Salesforce Org Level– Sharing rules– Password Policies (expiry time,
complexity, login attempts, Lock out period)
– Single Sign-On– Session settings, Caching, Identity
Confirmation (Email/SMS)– Trusted IP Ranges– Expire all Passwords
– File Upload & Download Security
Managing Your Security
• At a Salesforce Profile Level– IP Range Accessibility– Defined Business Hours– Object Accessibility– Field Level Security– App Permissions– Visualforce Page Access– API Enablement– Permission Sets– Export Rights– Connected Apps (e.g. Dataloader/other
Apps)– Desktop Client Access (Offline, Connect
for Office, Outlook)
High Level Security Matrix
Internal External Both
Sharing Rules High Medium Medium
Field Accessibility High High High
Password Policies High Low Low
Risk Identity Confirmation Low Medium Low
Two Factor Authentication Low High Medium
Trusted IP Range by Profile Low High Medium
Data Export Profile Management Medium Medium Medium
Kurt Long Introduction
• Lessons Learned from our Trials
• Founder FairWarning®
• @KurtJamesLong
• Kurt on LinkedIn - http://goo.gl/9guOsm
• FairWarning® on LinkedIn - http://goo.gl/46rSkE
How it Works
28 Event Monitoring
Log Files
Trials with Salesforce Customers
• User Activity Monitoring
– Media and Finance
– Financial Services
– Healthcare Insurance
– Technology
– Large and medium enterprises
High Demand
Drivers
– Protection against data theft
– Plus regulation: HIPAA, EU Data Protection Act,
UK Data Protection Act, SOX 404 IT controls,
PCI, PIPEDA, FFIEC
– User adoption
Roles
– Director, Manager of Salesforce-CRM
– Salesforce System Administrators
– Information Security
Fills an important gap in Salesforce Data Protection
General Lessons Learned
• Results must be easy-to-interpret for a business user
• Visualization, trending, graphing for reports
• Standard and Custom Objects
• Multi-org support
• Limited IT support requires ease-of-deployment, low-no maintenance
Use Cases - Lessons Learned
• Incident Management - Vital to Wrongful Termination Defense, eDiscovery, Law Enforcement
• Forensic Investigations - “If you wait, it’s too late”
• Monitoring & Alerting - Establish Success with Focus on Specific Use Cases
FairWarning® for SalesforceForensics, Reporting, Monitoring, Alerting, Incident Management
User Activity Reports
Proactive Breach Detection Analytics and Alerts
Investigationsand Legal Defense
Automated Monthly
Effectiveness Reports
Governance & Compliance Effectiveness
Risk and Audit Dashboards
Why FairWarning® for Salesforce
More Information
Salesforce World Tour Dates at which FairWarning® is exhibiting
http://www.fairwarning.com/news-and-events/upcoming-events
FairWarning® for Salesforce Videohttp://goo.gl/4w3NqV
Solution Demonstration
White [email protected]
Pricing & Availability
• Salesforce Event Monitoring: Ask Salesforce account manager
• FairWarning® for Salesforce: Tiered pricing based on the number of users in your Salesforce Org
PRICING
• Salesforce Event Monitoring: Ask Salesforce account manager
• FairWarning® for Salesforce: Dependent on availability of Salesforce event monitoring
AVAILABILITY
Andy Louca, Thomson Reuters
Q&A
Adam Torman, Salesforce Kurt Long, FairWarning ®