Groundbreaking Security Update from Dreamforce 2019

Groundbreaking Security Update From Dreamforce

Groundbreaking Security Update from Dreamforce 2019

Salesforce has put security at the heart of its plan for the upcoming year. The World’s #1 CRM leading company has also announced two new features during Dreamforce 2019; Data Mask and Permission Set Groups. Here’s an overview.

1) Salesforce Data Mask

We hear more and more about security breaches in the headlines. It is not surprising that some of those breaches are committed by internal employees – not hackers.

Earlier this year, the fifth-largest U.S. credit-card issuer, Capital One Financial Corp., said that a former employee of Amazon Web Services – where company’s customer data was stored – accessed the personal information of approximately 106 million card customers and applicants, one of the largest-ever data breaches of a big bank.

A few months ago, a breach perpetrated by a malicious Desjardins Group employee affected 4.2 million members of the credit union. 

The list of personal information leaked included names, addresses, birthdates, social insurance numbers, email addresses and information about transaction habits.

Data governance issues can cause significant repercussions for your business, including loss of customer trust and legal consequences, including regulatory fines. GDPR infractions alone can lead to fines of up to 4% of annual global revenues, or $20 million, whichever is greater.

However, not all GDPR infringements lead to data protection fines. Supervisory authorities can take a range of other actions, including: Issuing warnings and reprimands; imposing a temporary or permanent ban on data processing; ordering the rectification, restriction or erasure of data; and suspending data transfers to third countries.

Companies were too focused on protecting their data from external threats that they neglected the internal threat. Even with the most secure system, it’s important to make sure that the data is secured.

It’s important to have “real” data in order to be able to perform more relevant system tests and platform development. However, more employees usually have more access to the data in a sandbox as the security layer is usually less there for convenience.

Hence, Data Mask Secure Sandbox is a new feature that allows people having access to a lot of data without compromising the private data. Instead of manually securing data and access for sandbox orgs, Salesforce Data Mask automatically masks private data in sandboxes.

It anonymizes and deletes private data from your sandbox environments so you can test with high fidelity substitute data and rest assured that your customers’ data is kept private and confidential.

Data Mask works in three possible ways:

  1. Anonymization — or making the data anonymous — scrambles a field’s contents into unreadable results. For example, Blake becomes gB1ff95-$.
  2. Pseudonymization converts a field into readable values unrelated to the original value. For example, Kelsey becomes Amber.
  3. Deletion converts a field into an empty data set.

Don’t even think about it. Salesforce Data Mask uses nondeterministic obfuscation, meaning that you cannot unmask the data even if you try to reverse engineer the approach or use statistical inference attacks to attempt to maliciously hack the data.

Get excited, Data Mask will be available in the next update!

2) Permission Set Groups

In Salesforce, you are able to control general security access of users using Profiles since day 1. With time, it became apparent that within a company users would have similar Profiles, but some of them needed access to additional functionalities in order to be able to perform the work that was assigned to them.

Salesforce Admins were then creating multiple versions of the same profiles with slightly different access in order to be able to achieve the desired level of activities.

Then, Salesforce created the permission set. This new feature has been allowing Salesforce Admins to keep the same Profiles, but adding permission set at a granular level in order to be able to give more specific access to some users. This feature has been very useful, but somehow difficult to manage because users can have a lot of permission set overtime

As of Spring’20, Salesforce is now releasing the Permission Set Group which will allow SF Admins to create a Group of permission set thus simplifying the management of security access of Salesforce users. With this new feature, you could now remove individual permissions from a group with the muting permission set feature to ensure that permissions do not exceed user roles.

By Julien Tozzi – Professional Services Director at Nubik