security in the cloud: protecting your business in a cloud 2 world
DESCRIPTION
There is no finish line to building the right security. And security is the foundation of success. Join this hard-hitting session to learn tips and best practices for ensuring data integrity and systems security in your organization.TRANSCRIPT
Security in the CloudProtecting Your Business in a Cloud World
IT Professionals
Jim Cavalieri: SVP & Chief Trust Officer, salesforce.com
Safe HarborSafe harbor statement under the Private Securities Litigation Reform Act of 1995: This presentation may contain forward-looking statements that involve risks, uncertainties, and assumptions. If any such uncertainties materialize or if any of the assumptions proves incorrect, the results of salesforce.com, inc. could differ materially from the results expressed or implied by the forward-looking statements we make. All statements other than statements of historical fact could be deemed forward-looking, including any projections of subscriber growth, earnings, revenues, or other financial items and any statements regarding strategies or plans of management for future operations, statements of belief, any statements concerning new, planned, or upgraded services or technology developments and customer contracts or use of our services.
The risks and uncertainties referred to above include – but are not limited to – risks associated with developing and delivering new functionality for our service, our new business model, our past operating losses, possible fluctuations in our operating results and rate of growth, interruptions or delays in our Web hosting, breach of our security measures, the outcome of intellectual property and other litigation, risks associated with possible mergers and acquisitions, the immature market in which we operate, our relatively limited operating history, our ability to expand, retain, and motivate our employees and manage our growth, new releases of our service and successful customer deployment, our limited history reselling non-salesforce.com products, and utilization and selling to larger enterprise customers. Further information on potential factors that could affect the financial results of salesforce.com, inc. is included in our annual report on Form 10-K for the most recent fiscal year ended January 31, 2010. This documents and others are available on the SEC Filings section of the Investor Information section of our Web site.
Any unreleased services or features referenced in this or other press releases or public statements are not currently available and may not be delivered on time or at all. Customers who purchase our services should make the purchase decisions based upon features that are currently available. Salesforce.com, inc. assumes no obligation and does not intend to update these forward-looking statements.
Agenda
How Salesforce defines “trust”
How Salesforce manages security for customers
How customers manage security with Salesforce
features
Malware and Phishing
Resources Available
Agenda
How Salesforce defines “trust”
How Salesforce manages security for customers
How customers manage security with Salesforce
features
Malware and Phishing
Resources Available
High Reliability
High Performance
High Security
What is Trust?
Trust means having …
Page Response
Times (ms)
Quarterly Transactions(billions)
Trust is Enhanced by Cloud Computing
Cloud computing is democratic– Broad set of security features
– All customers benefit from security enhancements
Cloud computing is flexible– Features can be tuned to match sensitivity of data being stored
Cloud computing is simple– Removes patching headaches
– Economies of scale and speed
Trust Requires a Strong Infrastructure
And Trust Requires a Security Strategy
Operations Defense-in-depth approach
Commitment to investment
Transparency about security
Partnership with the industry
Products Leader in Cloud Computing
Breadth-of-Options approach
Commitment to security
usability
Transparency about security
Partnership with our
customers
Agenda
How Salesforce defines “trust”
How Salesforce manages security for customers
How customers manage security with Salesforce features
Malware and Phishing
Resources Available
Trust Team Organization
Privacy
Corporate & Physical Security
Information Security
Enterprise Risk Management
Product Security
Technology Audit & Compliance
Policies structured
around ISO27002
framework
Board and executive
commitment to security
governance
Security awareness and
targeted training
conducted routinely
Information Security Management System
Policies
Procedures
Guidelines
Standards
Operational Security Controls
Security monitoring•Security event management & correlation deployed
Incident handling•Detection•Response•Forensics
Operational Security•Background checks•Secure workstation for operators•Private management network•Systems/devices configured for least privilege
Vulnerability Assessments•Internal•External
Infrastructure Security Controls
Transmission security• SSL 128-bit certificate• SSL session terminates on load
balancers/SSL off loaders• SSL v3/TLS with no weak ciphers
Network security• Stateful firewalls• Intrusion detection systems
Host security• Linux and Solaris systems• Java and PL/SQL Application –
limited OS native code
Database security• Customer passwords are stored in DB
using one-way hash• DBA access restricted• Field level encryption supported
Data center security• 24x365 on-site security• Five levels of biometric scanning
including man traps required to reach Salesforce cages
Multiple Global Datacenters• Geographically-dispersed, mirrored
data centers• Seamless disaster recovery• No single points of failure
Secure Software Development Lifecycle
Design• Security Principles• Office Hours• VAT• Threat Modeling
Coding• Security Development Lifecycle
• 100% Application Security Training• Security Frameworks
• Security “Done” Touchpoints• Code Reviews, Security Audits• Tracking 3rd Party Components
Sprint Done – Security• Features adhere to security principles
and standards with all critical issues resolved.
• All high risk features have been threat modeled with the Product Security team.
• In depth security testing scheduled, if necessary, during the release.
Testing• Automated Tools
• Code Analysis• Black Box Scanners• Dynamic Analysis
• Internal and External Security Analysis
Release• Final Security Signoff• Independent External Assessments• Customer Security Audits• Security Best Practice and Deployment
Guides• Incident Response
Release Done – Security• Security Tool Suite (AppScan, Checkmarx,
etc) run over entire feature/code base• All critical bugs resolved (fixed and verified)
Latest Technology
Highest Performance & Security
Real-time Provisioning
No Hassle Upgrades
Single Multitenant Infrastructure & Kernel
Your Success
Multitenant Kernel Application Security
87,200 Customers
Security
Performance
Reliability
Upgrades
Scale
Continuous Advancement
Mobile Security
General Salesforce Mobile
application security– Passcode lockout
– Remote application data wipe
– Sharing model enforced
SQLite– “SQLite with encryption” database
engine
Passwords– No stored passwords
– OAuth1 access tokens (CRM Mobile)
– Oauth2 refresh tokens (Chatter Mobile)
URLs– Basic tests on URLs for malicious code
Agenda
How Salesforce defines “trust”
How Salesforce manages security for customers
How customers manage security with Salesforce
features
Malware and Phishing
Resources Available
Customer Controlled Security Features
Sophisticated sharing model
CRUD and field level security
Authentication options
Trusted Networks
Login History log
Setup Audit Trail log
Object history tracking
Compliance bcc
Customer Controlled Security Features
Sandbox environments
Encrypted Custom Fields & Apex encryption
User permissions
CAPTCHA for reports & export
Automated user management
APEX callouts/outbound messaging
Portal Health Check Report
Security Health Check Application
Sophisticated Sharing Model
CRUD and Field Level Security
Limit a user to read-
only access to a
field, or hide the
field entirely
Set Read, Create,
Edit and Delete
access for all
Force.com objects
Authentication Options
Salesforce native
Delegated Authentication
SAML 1.1 and SAML 2.0
Trusted Networks
Restrict login by IP range
Specify trusted networks
Login History Log
Setup Audit Trail Log
180 days of setup history– Date of the change
– User that made the change
– What the change was
What it monitors– Weekly data export requests
– Multiple currency setup changes
– User, role, and profile changes
– Public groups, organization-wide sharing, and
sharing rule changes
– Password policy changes
– Mass delete, mass transfer, and import wizard
– Other changes as documented in online help
Object History Tracking
Compliance BCC
Facilitates monitoring all outbound emails
Automatically send a hidden copy of each outbound email
message to an email address you specify
Prevents users from editing the BCC field on any email and
disables their Automatic Bcc setting
Allows for monitoring of emails with Data Loss Prevention tools
Fully Replicated Development Environments
Support any IT Governance Strategy
Production-class Infrastructure
One Click Import/Refresh of Your Production Data
Refresh Anytime
Eliminate Risk in Deployment
Development Testing Training
Production
Sandbox Environments
Encrypted Custom Fields & APEX Encryption
Can be used to protect– Non-public personally identifying information (NPPI)
– Credit Card numbers
– National identification numbers such as SSN
Has some limitations– Must be enabled by customer support
– See online help for further information
User Permissions
Export reports (and
printable view)
Run reports
Mass email
View encrypted data (if
encrypted fields enabled)
CAPTCHA for Reports and Export
Requires users to complete a CAPTCHA– Covers report export, printable list views, and weekly export
– Challenges once per session
Protects against some
types of malware
Contact Salesforce Support
to have it enabled
Automated User Management
Integrate with internal user
management software– E.g., ActiveDirectory
– Single source of user
information / status
Integration options– Build your own using the
Salesforce API (Users, Profiles)
– Use a Partner offering
APEX Callouts/Outbound Messaging
APEX triggers– Before or After insert, update or delete or after undelete
– Send an outbound message to your security event monitoring
system
Portal Health Check Report
Easily monitor portal access– Sensitive administrative and user permissions
– Object permissions and field level security
– Organization-wide default settings
– Sharing rules
Your Company Your Partners
Security Health Check Application
Agenda
How Salesforce defines “trust”
How Salesforce manages security for customers
How customers manage security with Salesforce
features
Malware and Phishing
Resources Available
Malware & Phishing
Social Engineering is a Serious Threat
1. User receives email
2. Malicious softwareinstalls itself on PC
3. Malware tracks user and steals data
Identity Confirmation
The ability for an end-user to activate additional IP
addresses for accessing Salesforce– Only necessary if IP address is unknown and browser cookie
does not exist
Simple activation procedures– Any computer that will be used to access Salesforce through
the Web interface
Web Clients
Customers Must Still Secure Employee Systems
Update to latest browser version• Helps user identify bogus sites• More secure than previous versions
Deploy email filtering technology• Stop phish and spam from reaching users• White list Salesforce IP Addresses
Install and maintain desktop protection• Virus and malware detection and removal• Keep application and definitions up-to-date• Consider client malware protection
Mitigation is a Joint Effort
Customers need to: Educate users about security
Secure employee systems
Implement customer controlled security
features commensurate with the
sensitivity of the data being stored in
Salesforce
Call support and specify a security
contact for your company
Agenda
How Salesforce defines “trust”
How Salesforce manages security for customers
How customers manage security with Salesforce
features
Malware and Phishing
Resources Available
Extensive Resources Available
Security Implementation Guide
Trust site– trust.salesforce.com
Developer site– developer.force.com
Online Help
Professional Services
AppExchange partner applications
Security Health Check
AppExchange application
Transparent Information
Live System Status
Security Best Practices
Privacy Overview
Historical Performance
Jim Cavalieri
SVP & Chief Trust Officer,
salesforce.com
jcavalieri [at] salesforce [dot] com
415-901-7013
How Could Dreamforce Be Better? Tell Us!
Log in to the Dreamforce app to submit
surveys for the sessions you attendedUse the
Dreamforce Mobile app to submit
surveysEvery session survey you submit is
a chance to win an iPod nano!
OR