salesforce shield: a new level of trust and security webinar
TRANSCRIPT
Forward-Looking Statements
Statement under the Private Securities Litigation Reform Act of 1995:
This presentation may contain forward-looking statements that involve risks, uncertainties, and assumptions. If any such uncertainties materialize or if any of the assumptions proves incorrect, the results of salesforce.com, inc. could differ materially from the results expressed or implied by the forward-looking statements we make. All statements other than statements of historical fact could be deemed forward-looking, including any projections of product or service availability, subscriber growth, earnings, revenues, or other financial items and any statements regarding strategies or plans of management for future operations, statements of belief, any statements concerning new, planned, or upgraded services or technology developments and customer contracts or use of our services.
The risks and uncertainties referred to above include – but are not limited to – risks associated with developing and delivering new functionality for our service, new products and services, our new business model, our past operating losses, possible fluctuations in our operating results and rate of growth, interruptions or delays in our Web hosting, breach of our security measures, the outcome of any litigation, risks associated with completed and any possible mergers and acquisitions, the immature market in which we operate, our relatively limited operating history, our ability to expand, retain, and motivate our employees and manage our growth, new releases of our service and successful customer deployment, our limited history reselling non-salesforce.com products, and utilization and selling to larger enterprise customers. Further information on potential factors that could affect the financial results of salesforce.com, inc. is included in our annual report on Form 10-K for the most recent fiscal year and in our quarterly report on Form 10-Q for the most recent fiscal quarter. These documents and others containing important disclosures are available on the SEC Filings section of the Investor Information section of our Web site.
Any unreleased services or features referenced in this or other presentations, press releases or public statements are not currently available and may not be delivered on time or at all. Customers who purchase our services should make the purchase decisions based upon features that are currently available. Salesforce.com, inc. assumes no obligation and does not intend to update these forward-looking statements.
Agenda
Introductions
Why Salesforce Shield
Event Monitoring
Field Audit Trail
Platform Encryption
Q&A
More data moves to the cloud than ever before
Not just CRM data
Financial
Data
Social
Data
Health Data
Web Data
Location Data
Siloed systems, walls around sensitive data
77%of customers are not engaged with companies
Compliance and security concerns stall customer innovation
Data generated by your customers
IoT
Internal Processes
Marketing
Service
Sales
What we’ve been *hearing from CISOs
Track user activitiesLogs are good, but more granular event reporting is needed
Generate security policiesEvents should lead to real-time actions: notifications and prevention
Automate actions from policiesIt’s a continuous process to fine-tune security policies
Analyze results and audit Security policies should provide reports for auditors
* Since we launched in November 2014
Salesforce Trust PlatformSeventeen years of innovation on the world’s most trusted cloud
Infrastructure Services
Network Services
Application Services
Secure Data Centers
Backup and Disaster Recovery
47 Major Releases
HTTPS Encryption
Penetration Testing
AdvancedThreat Detection
Identity & Single Sign On
Two Factor Authentication
User Roles & Permissions
Field & Row Level Security
Secure Firewalls
Real-time replication
Password Policies
Third Party Certifications
IP Login Restrictions
CustomerAudits
150,000+ customers 2,000,000+ apps
SalesCloud
ServiceCloud
MarketingCloud
CommunityCloud
AnalyticsCloud
AppCloud
IoTCloud
Salesforce ShieldNew services to help you build trusted apps fast
Infrastructure Services
Network Services
Application Services
Secure Data Centers
Backup and Disaster Recovery
HTTPS Encryption
Penetration Testing
AdvancedThreat Detection
Identity & Single Sign On
Two Factor Authentication
User Roles & Permissions
Field & Row Level Security
Secure Firewalls
Real-time replication
Password Policies
Third Party Certifications
IP Login Restrictions
CustomerAudits
Salesforce Shield
Platform Encryption
Event Monitoring
Field Audit Trail
Salesforce ShieldNew services to help you build trusted apps fast
Infrastructure Services
Network Services
Application Services
Secure Data Centers
Backup and Disaster Recovery
HTTPS Encryption
Penetration Testing
AdvancedThreat Detection
Identity & Single Sign On
Two Factor Authentication
User Roles & Permissions
Field & Row Level Security
Secure Firewalls
Real-time replication
Password Policies
Third Party Certifications
IP Login Restrictions
CustomerAudits
Salesforce Shield
Platform Encryption
Event Monitoring
Field Audit Trail
Add automation to your Salesforce data security
Events Insights Policies Actions
Capture events Analyze patterns Apply context Trigger policies
From Events to Action
API-first service34 event types
Location, Device, Role, etc.
Block, additional authentication
Event Monitoring Wave App
Seamless Integration of Event Data
Immediate Value with 15 Dashboards
Easily Configurable and Customizable
Gain complete visibility into user actions with powerful, integrated dashboards
Example: Adoption of Salesforce1 App
Understand adoption and take actions:
• By role and profile
• By browser
• By geography
• Logins from S1
• S1 features used
Adoption and User Engagement Dashboards
Lightning SFX
Page Views (URI) Wave Adoption
Visualforce Requests
Example: Performance of Custom Salesforce Features
Find and address performance issues before your users do:
• Slow Apex performance
• Report taking long to load
• Custom Visualforce page is slow
• See weak code or pages
• Prioritize, troubleshoot, and optimize
Example: User Account Compromise
Detect and investigate user account compromise:
• Abnormal login patterns
• Distant geo consecutive logins
• Changes in browser
• Changes in IP
• Massive data exfiltration
Security and Compliance DashboardsMy Trust
Rest API Login As
Report Downloads
Files
User Logins
** Setup Audit Trail
Event Monitoring - Transaction SecurityReal-time security policies that adapt to your business
Flexible, customizable policy engine
Real-time interception of user behavior
Easy set up with clicks or code
Problem set: Concurrent Login Sessions
Users should not be logged in to
more than ‘n’ sessions
Limit the number of concurrent
sessions to
Reduce risk
FedRamp requirement
Security policy should understand
who will be impacted and prompt
the user to remove previous
sessions that no longer apply
Transaction Security
1. Block Large Data Export
2. High-Assurance Session (high-assurance login session when accessing confidential data.)
3. Block specific operating system and/or browser
4. Block access by geography
5. Block access by OS
6. Alert on IP Range change (notify a specific Salesforce admin of a change made by
another admin)
Use Cases
Salesforce ShieldNew services to help you build trusted apps fast
Infrastructure Services
Network Services
Application Services
Secure Data Centers
Backup and Disaster Recovery
HTTPS Encryption
Penetration Testing
AdvancedThreat Detection
Identity & Single Sign On
Two Factor Authentication
User Roles & Permissions
Field & Row Level Security
Secure Firewalls
Real-time replication
Password Policies
Third Party Certifications
IP Login Restrictions
CustomerAudits
Salesforce Shield
Platform Encryption
Event Monitoring
Field Audit Trail
What is Field Audit Trail?Keep track of your data evolution and life cycle
3xFIELD HISTORY
PER OBJECT
With Field Audit Trail
Applies to all editions: Contact Manager, Group, Professional, Enterprise, Performance, Unlimited, Developer
18
UP TO 10
MONTHS
YEARS
FIELD AUDIT TRAILFIELD HISTORY
accounts contacts
leads
opportunities
cases
products
campaigns
contracts
organization
quote
report
workgoal
custom object
custom object
custom object
inspectionwarehouse
inventory
position
job
applicant
badge
bug
sprint
user story
patient
Medications
budgets
expenses
members
transactions
OUT-OF-THE BOX
CUSTOM RETENTION POLICY
Field Audit TrailStrengthen data integrity
Ensure data is accurate and reliableAnswers the who, what, when of data changes
Establish Data Retention PoliciesComply with internal and industry regulations
Track and Access Data at ScaleBig data back-end for more fields for longer retention
Salesforce ShieldNew services to help you build trusted apps fast
Infrastructure Services
Network Services
Application Services
Secure Data Centers
Backup and Disaster Recovery
HTTPS Encryption
Penetration Testing
AdvancedThreat Detection
Identity & Single Sign On
Two Factor Authentication
User Roles & Permissions
Field & Row Level Security
Secure Firewalls
Real-time replication
Password Policies
Third Party Certifications
IP Login Restrictions
CustomerAudits
Salesforce Shield
Platform Encryption
Event Monitoring
Field Audit Trail
Platform EncryptionSeamlessly protect data while preserving key business functionality
Seamlessly protect data at restEncrypt standard & custom fields, files & attachments
Natively integrated E.g., Search, Chatter, Lookups work with encrypted data
Customer managed keysCustomer-driven encryption key lifecycle management
Encryption Services
Hardware Security Module based key management infrastructure
FIPS 140-2 compliant
Customer control over policy configuration
Preserve important functionality like search and business rules
Key Management Policy Management App Cloud Integration
Standards based encryption built natively into the App Cloud
Platform
AES encryption using 256-bit keys
Comprehensive feature set gives customers complete control
Standard Field Encryption and SearchMetadata-driven encryption
Account
• Account/Person Account Name
• Description
• Phone and Fax
Contact
• First/Middle/Last Name
• Description
• Phone, Mobile and Fax Home/Other Phone
• Mailing Street & City
Case
• Subject
• Description
• Case Comments’ Body
Search Fields and Files
• Desktop
• Salesforce1 Mobile
• SOSL
Custom Field EncryptionMetadata-driven encryption
Custom Field Types
• Date
• Date/Time
• Phone
• Text
• Text Area
• Text Area (Long)
• URL
Encrypt Existing Fields
Files and Attachments EncryptionMetadata-driven encryption
Encrypt Content of Files
Preview Encrypted Files
Search File Content
Encrypt Content of Attachments
Including Email Attachments
Customer Driven Key Lifecycle
Generate , Manage, and Rotate Keys
Declarative & API Based Key Management
Deriving Data Encryption Keys
Key Derivation Server
Embedded
HSM
Master Secret
Winter‘17
Tenant Secret 1
Password Based
Key Derivation
Function
Master Salt
Winter ‘17
Data Encryption Key 1
Cache
Data Encryption Key 1
On Demand
Derived Encryption Keys Are Never Persisted
Standards Based Key Derivation Function: PBDKF2 HMAC with SHA256
Runs 15,000 Iterations
Outputs 256 bit length Data Encryption Key
Gain greater controls over tenant secrets
Address requirements for key management
Manage key lifecycle using any approach
Introducing: Platform Encryption BYOKAPI-enabled, simple, and flexible key management, giving customers more control over key custody
Proper Strong Encryption Breaks (Some) FunctionalityKey Tradeoffs and Considerations
Not possible to reference encrypted fields:
• In SOQL WHERE clause
• In SOQL ORDER BY clause
• In SOQL GROUP BY clause
• As External lD or Unique
• In Formula fields (Limited pilot is available in Win ‘17)
Feature limited with encrypted fields:
• Filtering in reports & list views (Works in WF rules)
• Sorting records by encrypted fields in List Views (Works in Reports and Dashboards)
Salesforce ShieldNew services to help you build trusted apps fast
Infrastructure Services
Network Services
Application Services
Secure Data Centers
Backup and Disaster Recovery
HTTPS Encryption
Penetration Testing
AdvancedThreat Detection
Identity & Single Sign On
Two Factor Authentication
User Roles & Permissions
Field & Row Level Security
Secure Firewalls
Real-time replication
Password Policies
Third Party Certifications
IP Login Restrictions
CustomerAudits
Salesforce Shield
Platform Encryption
Event Monitoring
Field Audit Trail
`
Resources
• Event Monitoring Log Files Resources
Trail: https://developer.salesforce.com/trailhead/module/event_monitoring
Event Monitoring Deep Dive Video (Customer Facing)https://www.salesforce.com/form/conf/platform-event-monitoring-deep-dive.jsp
EM Wave App Webinar - Unlock Powerful Insights to Strengthen Salesforce Security & Performancehttps://www.brighttalk.com/webcast/10061/208719
Using Event Monitoring - Process Reference:https://developer.salesforce.com/docs/atlas.en-us.api_rest.meta/api_rest/using_resources_event_log_files.htm
• Wave App Resources:
Setup Doc: https://sfdc.co/waveappsetup-external
Wave App Trail: https://developer.salesforce.com/trailhead/module/wave_apps_basics
• Transaction Security Trailhead Resources
Transaction Security Policies: https://help.salesforce.com/HTViewHelpDoc?id=security_transactions_about.htm
Trail: https://developer.salesforce.com/trailhead/module/transaction_security
Setup: https://help.salesforce.com/apex/HTViewHelpDoc?id=security_transactions_setup.htm&language=en_US
Policies: https://releasenotes.docs.salesforce.com/en-us/summer16/release-notes/rn_security_transaction_security.htm
Examples: https://help.salesforce.com/HTViewHelpDoc?id=security_transactions_apex_policies.htm
Resources
`
• Salesforce Developer Docs: https://developer.salesforce.com/docs/
• Object Reference Guide – API for each ELF
https://resources.docs.salesforce.com/202/latest/en-us/sfdc/pdf/object_reference.pdf
• Blog: A short explanation by salesforcehacker.com - on how to use Event Log Files
http://bit.ly/elfWaveETL
• Wave Analytics Resources
Trail: https://developer.salesforce.com/trailhead/module/wave_analytics_basics
Wave Desktop Exploration• https://developer.salesforce.com/trailhead/module/wave_desktop_exploration
Wave Mobile Exploration• https://developer.salesforce.com/trailhead/module/wave_mobile_exploration
Basic Wave Dashboard Customization• https://develope r.salesforce.com/trailhead/module/wave_apps_basic_wave_dashboard_customization
ResourcesResources