Now that we understand how Salesforce stores data, it is essential to discuss how Salesforce provides data security. Since Salesforce is a multi-tenant cloud platform, Salesforce takes the security of its customer data very seriously.
Salesforce has the industry’s best security for its platform. The infrastructure layer comes with data duplication, disaster recovery planning, and backup facilities. Network services are equipped with encryption in transit and advanced threat detection features. Salesforce shield provides Platform Encryption, Event Monitoring, and Field Audit Trail. Salesforce in its security documentation states the following, “Salesforce offers customers a robust data processing addendum containing strong privacy commitments”.
For our discussion, we will focus more on data-level security. Salesforce provides conditional access to data based on certain criteria. When it comes to giving access to data, Salesforce follows a less is the better approach. This means that by default, it will start with the lowest level of access. You can increase access to data as and when required.
Data security in Salesforce can be divided into four levels:
- Organization-level security
- Object-level security
- Record-level security
- Field-level security
Figure 1.16: Salesforce Security Model
Let’s talk about each of these four levels in detail.
The top level of security is organization-level security. Organization-level security controls who has access to Salesforce and from where they can connect to Salesforce. Security in this layer is in the form of user credentials like user id and password, along with multi-factor authentication using a mobile phone application called Authenticator, through which a user has to enter a code along with the user id and password to log in. IP ranges are another layer of security using which Salesforce restricts the IP from which users can log in as well as the time during which users can log in. For example, you can restrict customer service reps from logging in after their shifts are over.