Best Practices in Securing Your Customer Data in Salesforce, Force.com & Chatter

Similar documents
W H IT E P A P E R. Salesforce Security for the IT Executive

CipherCloud CASB+ Connector for ServiceNow

Enterprise Guest Access

Today s workforce is Mobile. Cloud and SaaSbased. are being deployed and used faster than ever. Most applications are Web-based apps

SECURITY & PRIVACY DOCUMENTATION

PCI DSS Compliance. White Paper Parallels Remote Application Server

Securing Your Salesforce Org: The Human Factor. February 2016 User Group Meeting

Google Identity Services for work

Securing Your Most Sensitive Data

OpenIAM Identity and Access Manager Technical Architecture Overview

Security and Privacy Overview

WHITE PAPER AIRWATCH SUPPORT FOR OFFICE 365

Cloud Access Manager Overview

SAP Security in a Hybrid World. Kiran Kola

CA Security Management

Dell One Identity Cloud Access Manager 8.0. Overview

Salesforce Security Guide

Whose Cloud Is It Anyway? Exploring Data Security, Ownership and Control

Verizon Software Defined Perimeter (SDP).

Keep the Door Open for Users and Closed to Hackers

BYOD: BRING YOUR OWN DEVICE.

Safelayer's Adaptive Authentication: Increased security through context information

STRATEGIC WHITE PAPER. Securing cloud environments with Nuage Networks VSP: Policy-based security automation and microsegmentation overview

IBM SmartCloud Notes Security

Total Threat Protection. Whitepaper

Related Labs: Introduction to Universal Access and F5 SAML IDP (Self-paced)

Best Practices in Securing a Multicloud World

The Nasuni Security Model

Cloud-Security: Show-Stopper or Enabling Technology?

A Practical Step-by-Step Guide to Managing Cloud Access in your Organization

Data Sheet: Endpoint Security Symantec Multi-tier Protection Trusted protection for endpoints and messaging environments

Managing Your Privileged Identities: The Choke Point of Advanced Attacks

Introduction. The Safe-T Solution

Virtual Machine Encryption Security & Compliance in the Cloud

Salesforce Security Guide

Adaptacyjny dostęp do aplikacji wszędzie i z każdego urządzenia

Kenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data

TECHNOLOGY LEADER IN GLOBAL REAL-TIME TWO-FACTOR AUTHENTICATION

Introducing MVISION. Cohesive Cloud-based Management of Threat Countermeasures and Devices Leveraging Built-in Device Controls. Jon Parkes.

SAML-Based SSO Solution

MigrationWiz Security Overview

Cisco s Appliance-based Content Security: IronPort and Web Security

A company built on security

90% 191 Security Best Practices. Blades. 52 Regulatory Requirements. Compliance Report PCI DSS 2.0. related to this regulation

MOBILE SECURITY 2017 SPOTLIGHT REPORT. Information Security PRESENTED BY. Group Partner

MESSAGING SECURITY GATEWAY. Solution overview

Security Policies and Procedures Principles and Practices

SAML-Based SSO Solution

GLOBALPROTECT. Key Usage Scenarios and Benefits. Remote Access VPN Provides secure access to internal and cloud-based business applications

Evaluating Encryption Products

Challenges 3. HAWK Introduction 4. Key Benefits 6. About Gavin Technologies 7. Our Security Practice 8. Security Services Approach 9

Inside Symantec O 3. Sergi Isasi. Senior Manager, Product Management. SR B30 - Inside Symantec O3 1

Security Solutions. Overview. Business Needs

the SWIFT Customer Security

UT HEALTH SAN ANTONIO HANDBOOK OF OPERATING PROCEDURES

Key Features. DATA SHEET

Securing Office 365 with MobileIron

McAfee Embedded Control

McAfee Public Cloud Server Security Suite

MU2a Authentication, Authorization & Accounting Questions and Answers with Explainations

Unleash the Power of Secure, Real-Time Collaboration

DreamFactory Security Guide

Spotlight Report. Information Security. Presented by. Group Partner

BEYOND AUTHENTICATION IDENTITY AND ACCESS MANAGEMENT FOR THE MODERN ENTERPRISE

Cyber Security Program

Identity Provider for SAP Single Sign-On and SAP Identity Management

ArcGIS Enterprise Security: An Introduction. Randall Williams Esri PSIRT

Reviewer s guide. PureMessage for Windows/Exchange Product tour

Ensuring Desktop Central Compliance to Payment Card Industry (PCI) Data Security Standard

MEETING ISO STANDARDS

Access Management Handbook

Salesforce Security Guide

Security

CIS Controls Measures and Metrics for Version 7

IBM Secure Proxy. Advanced edge security for your multienterprise. Secure your network at the edge. Highlights

Inventory and Reporting Security Q&A

Symantec Security.cloud

Managing SaaS risks for cloud customers

Salesforce1 Mobile Security White Paper. Revised: April 2014

EXTENDING SINGLE SIGN-ON TO AMAZON WEB SERVICES BEST PRACTICES FOR IDENTITY FEDERATION IN AWS E-BOOK

Privileged Account Security: A Balanced Approach to Securing Unix Environments

BULLETPROOF365 SECURING YOUR IT. Bulletproof365.com

SYMANTEC DATA CENTER SECURITY

Comprehensive Database Security

GLBA. The Gramm-Leach-Bliley Act

Directory Integration with Okta. An Architectural Overview. Okta Inc. 301 Brannan Street San Francisco, CA

IBM SmartCloud Engage Security

Attachment 3 (B); Security Exhibit. As of March 29, 2016

Choosing the Right Solution for Strategic Deployment of Encryption

Salesforce Security Guide

CISCO NETWORKS BORDERLESS Cisco Systems, Inc. All rights reserved. 1

SECURE DATA EXCHANGE

BULLETPROOF365 SECURING YOUR IT. Bulletproof365.com

ENCRYPTION IN USE FACT AND FICTION. White Paper

PROTECT WORKLOADS IN THE HYBRID CLOUD

Vidder PrecisionAccess

Liferay Security Features Overview. How Liferay Approaches Security

Vision deliver a fast, easy to deploy and operate, economical solution that can provide high availability solution for exchange server

eguide: Designing a Continuous Response Architecture 5 Steps to Reduce the Complexity of PCI Security Assessments

Salesforce Security Guide

Transcription:

White Paper Best Practices in Securing Your Customer Data in Salesforce, Force.com & Chatter Overcoming Security, Privacy & Compliance Concerns 333 W. San Carlos Street San Jose, CA 95110

Table of Contents Abstract... 1 Introduction to Security & Privacy in the Cloud... 2 Data Classification A First Step to Cloud Data Migration... 2 Compliance and Risk Management... 2 Identity & Access Management... 3 Advanced User Sign-On... 4 Authorization Controls... 5 Data Protection Controls... 6 Encryption... 7 Key Management... 8 Malware Detection... 9 Continuous Auditing & Monitoring... 10 Conclusion... 10 About CipherCloud... 11 i

Abstract The technology industry has changed dramatically over the last 10 years. In economic times like these, leading companies are looking to cloud computing platforms to deliver business functions ranging from packaged business applications to custom application development at a fraction of the time and cost of traditional on-premises platforms. With this growth in the use of cloud computing comes a corresponding increase in responsibility to protect sensitive data in the cloud. For many businesses, the essential questions about security, privacy, compliance, and control of corporate data remain unanswered. According to the KPMG 2010 Cloud Computing Survey, security is the biggest obstacle to cloud adoption, followed closely by legal, compliance, and privacy issues. Salesforce.com is the leader in enterprise cloud computing, with more than 12 years of experience in all aspects of service delivery, from infrastructure scalability to availability, policies, and procedures. A growing number of enterprises trust the Force.com cloud computing platform to deliver critical business applications, in large part because of a combination of native Force.com security features and partner solutions that allow enterprises to extend their internal security controls to Force.com data. This paper first explains the terms security, privacy, and trust, and then explores the basic requirements for secure cloud computing. Subsequent sections of this paper provide a comprehensive introduction to the inherent security and privacy features of the Force.com enterprise cloud computing platform. Finally, it highlights the additional controls needed to overcome emerging cloud threats and secure applications and customer data. 1

Introduction to Security & Privacy in the Cloud In the context of computing, the terms security, privacy, and trust are related, but have different meanings. Security refers to a computing system s level of resistance to threats. Privacy is a key concern that most often relates to the digital collection, storage, and sharing of information and data, including the transparency of such practices. Can you be sure that salesforce.com s controls over data access would match your own? Data Classification A First Step to Cloud Data Migration The sensitivity of data involved in the use of a service is critical to determining whether the service can be managed by salesforce.com and, if so, which security and privacy controls should be used to ensure that compliance obligations are met throughout the process. Defining and systematically adhering to a sound data classification policy for instance, specifying which types of data are considered confidential and which are not is critical to determining the control mechanisms that will protect each data type. While this principle also applies to on-premises systems, risks derived from having no data classification policy, or one that is incorrect, are greater in the cloud because data might not be afforded the appropriate protective measures. There is little that salesforce.com or any third-party can do in this area; the responsibility mostly lies with the enterprise that is moving data to the cloud. Compliance and Risk Management With an on-premises computing system, organizations have primary control over how the environment is built and run. In the cloud scenario, some of the related tasks and decisions are delegated to salesforce.com. This can present new challenges, such as the need to entrust parts of the organization s fundamental compliance and risk management processes to salesforce.com. Delegation does not discharge the enterprise from managing risk and compliance, or from having to prove compliance to the appropriate authorities. In fact, cloud providers generally exclude themselves from 2

compliance responsibility in their service agreements. Nevertheless, salesforce.com s 3 rd party certification efforts, including ISO27001, SAS70 and vulnerability assessments, might contribute to the enterprise s compliance efforts. Enterprises should request salesforce.com for a copy of such reports. Identity & Access Management By default, web access to Force.com is granted by requiring users to provide a username and password that match values stored within Salesforce tables. Users are directed to a single form-based sign-in page to enter their credentials. Once users sign in, they can access any Force.com property that is authorized by their profile, including their own applications, Salesforce CRM, Portals, Sites, Ideas or VisualForce pages without re-authenticating. Administrators are able to force a reset of single or bulk user passwords, as well as setting password policy around password expiration (forcing the user to reset their password after a certain time), password lockout (refusing access to an account if an incorrect password is used too many times), and requirements for length and complexity of new passwords. Password Policies are managed at Setup Security Controls Password Policies. Force.com includes the ability to restrict the hours during which users can connect and the range of IP addresses from which they can connect. When an organization imposes IP address restrictions and a connection request originates from an unknown address, 3

Force.com denies the connection request, thus helping to protect data from unauthorized access and phishing attacks. To protect established sessions, Force.com monitors and terminates idle sessions after a configurable period of time. Force.com s session security limits help defend system access when a user leaves his/her computer unattended without first disconnecting. Advanced User Sign-On Many organizations use single sign-on mechanisms to simplify and standardize user authentication across a portfolio of applications. Force.com supports two single sign-on options: Federated Authentication: Uses industry standard protocols to communicate between the organization and the Force.com platform for authentication purposes. The organization configures the platform to trust "assertions" about users made using SAML (Security Assertion Markup Language). The Force.com platform is able to natively validate these assertions and create a session for the user when appropriate. Compared to delegated authentication, which requires the organization to host a service that makes proprietary web services API calls, SAML is an industry standard protocol that can securely communicate information between multiple Internet sites without proprietary coding. To use federated authentication, your Enterprise must have a SAML Identity Provider (or IdP). This Identity Provider can use either version 1.1 or version 2.0 of SAML. Delegated Authentication: Enables an organization to integrate Force.com cloud applications with an authentication method of choice, such as an LDAP (Lightweight Directory Access Protocol) service or authentication using a token instead of a password. The delegated authority can be set up to validate users in three different combinations: o Password Validation: The Salesforce login page is used to collect a username and password, but the username and password are validated against the delegated authority instead of the internal Salesforce password store. o Token Validation: The Salesforce login page no longer works for sign-in. Users must first authenticate to their Enterprise, and the Enterprise must then create a Salesforce session by sending (via HTTP POST) the username and a token to Salesforce for validation by the delegated authority. Once this has occurred, the user may travel between Salesforce and the Enterprise without re-authentication. 4

o Hybrid Model: Users are required to use token validation when accessing the Salesforce website directly, but are allowed to authenticate using password validation when using a client application. Authorization Controls Two primary mechanisms control user access to resources on the Force.com platform: user profiles and sharing rules. User profiles: An organization can control the access its users have to objects by customizing profiles. Within objects, organizations can then control the access users have to fields using field-level security. Sharing settings allow for further data access control at the record level. Sharing settings: Organization-wide default sharing settings provide a baseline level of access for each object and let the organization extend that level of access using hierarchies or sharing rules. For example, an organization can set the default access for an object to Private when users should only be able to view and edit the records they own, and then create sharing rules to extend access of the object to particular users or groups. 5

Sharing rules: Sharing rules allow for exceptions to organization-wide default settings that give additional users access to records they don t own. Sharing rules can be based on the record owner or on field values in the record. Manual sharing: When individual users have specific access requirements, owners can manually share records. Although manual sharing is not automatic like organizationwide defaults, role hierarchies, or sharing rules, it lets record owners share particular records with particular users, as necessary. Data Protection Controls Organizations migrating to the Force.com platform imminently run into data security challenges, primarily because the cloud computing model has introduced a unique set of threats that are not addressed by legacy security technologies: Encrypting data 'at rest' or in storage has a performance impact data must be decrypted when accessed, and encrypted again when written to storage. Added to the inherent latency of the cloud, this can affect endpoint performance. As a result, salesforce.com does not uniformly encrypt data at rest. Who controls encryption keys? If encryption keys reside within salesforce.com s infrastructure, then once again the status of the encrypted data is in question. According to the SANS Institute, a security research and education organization, attacks against web applications constitute 60% of the total attack attempts observed on the internet. Encryption applied on the cloud database fails to protect against such attacks, as data is decrypted prior to being presented to the web application. 6

According to Osterman Research, 78% of organizations experienced malware attacks in the last 12 months. As a result of the cloud s multi-tenant architecture and ease of sharing (across customers and partners), exposure to untrusted (malicious) data is elevated. Encryption Salesforce.com does not encrypt customer data stored within its databases. While some rudimentary encryption options are provided out-of-the-box, these are inadequate to provide enterprise level security. CipherCloud TM Encryption Gateway uses flexible, configurable policies to identify sensitive data and automatically encrypt/decrypt data between your business users and the Force.com platform, using encryption keys that remain under your control at all times. You can identify which data you consider sensitive (such as proprietary information, personally-identifiable information, or other regulated data). When that data is posted or updated into the cloud, CipherCloud applies the selected encryption method to protect that data before it leaves the enterprise network. CipherCloud's highly secure encryption preserves both the format and function of the data, so that the cloud application remains operational, but its real content remains locked within the enterprise. CipherCloud reverses the process when employees access the cloud application through the appliance, decrypting data in real time so the users see the actual data rather than the encrypted version that resides within the cloud. This is best illustrated with an example. The following screens compare what the user sees when accessing an account through CipherCloud, and what someone would see when accessing the same account directly in the cloud: 7

Key Management While data encryption is important to a secure cloud strategy, it s even more critical to protect your encryption keys. The native encryption provided by salesforce.com requires them to have access to your keys in order to encrypt, decrypt and process data appropriately. On the other hand, CipherCloud s ability to encrypt and decrypt data within the enterprise s control ensures that enterprises retain possession of their encryption keys at all times. It s recommended that customers rotate their encryption keys at a frequency determined by their regulatory or internal security requirements. CipherCloud s advanced key management user-interface makes this process seamless and does not impact legacy data. The following chart compares the Force.com platform s native encryption and key management functions to those provided by the CipherCloud Encryption Gateway. 8

Salesforce Encrypted Fields CipherCloud Encryption Gateway Native Solution Yes No, Appliance which can be installed at customer site Standard Fields No Yes Field Limits 1MB - Initial No Field Length Yes (175 chars) No Restrictions Field Type Special encrypted field type Text, Text Area, Phone, Email (more coming soon) Search No Yes Search Results Yes Yes Reports No Near Full Functionality Workflow No Yes Validation Rules/Apex Yes Yes Scripts Encryption Options AES 256 Multi-Region N/A Deployment Incremental Latency Key Ownership Salesforce.com Customer Key Rotation No Yes Partial Encryption No Yes Encryption over Wire Attachment Encryption AES-256, Function Preserving Encryption, Length Restricting Encryption, etc. Ability to select on a field-by-field basis Yes 0 + 3% (compensated by static content caching) No No Yes Yes Malware Detection As a result of the salesforce.com s multi-tenant architecture and ability to share data with 3 rd parties via Customer Portal and Partner Portal, exposure to untrusted (malicious) data is elevated. However, salesforce.com does not scan any customer data for malware and/or viruses. With built-in cloud malware detection, CipherCloud provides real time protection against viruses, spyware, trojans, bots, rootkits, and more. The CipherCloud Gateway scans all in-bound and out-bound content (files & attachments) for malicious code and cleans and/or quarantines infected content on-the-fly. Signatures are updated several times a day to provide zero-day malware protection with easy access to all protection status information and settings. 9

The controls discussed in this section ensure that your data is protected from the following threats: Malicious insiders at salesforce.com Account, service and traffic hijacking Insecure APIs & shared technology vulnerabilities Unknown risk profile of internet-based applications Continuous Auditing & Monitoring Auditing and monitoring features do not secure your organization by themselves, but these features provide information about usage of the system, which can be critical in diagnosing potential or real security issues. To satisfy compliance and forensics requirements, it s critical to monitor all user interactions across all clouds and transparently capture data to generate an automatic audit trail of all user activity. Administrators have access to login history logs natively in Force.com. In addition, modifications to standard and custom fields (write access) can be tracked in a decentralized manner, as long as such fields have Field History Tracking enabled. CipherCloud supplements the limited logs provided by salesforce.com by centrally logging all read and write actions. User activity logs can then be fed into existing log management solutions. For specific cloud interactions, CipherCloud records the user involved in the activity, a timestamp capturing the date and time, what actions users performed, and what records they accessed. In addition, CipherCloud records both the source and destination IP addresses of user activity. Conclusion As with most other enterprises challenges, there is no silver bullet for addressing cloud security threats. Delegation of responsibility to cloud providers like salesforce.com does not discharge the enterprise from managing risk and compliance, or from having to prove compliance to the appropriate authorities. Regardless of the protections put forth in legal contracts, the ultimate impact (financial and reputational) of any cloud data breach will be borne by the enterprise whose data is breached. Enterprises must compliment the native security capabilities offered by cloud providers, by implementing additional layers of security controls that provide adequate assurance for data protection. 10

About CipherCloud CipherCloud provides a unified cloud encryption gateway with award-winning technology to encrypt sensitive data in real time before it's sent to the cloud. CipherCloud protects enterprise data using format and operations-preserving encryption and tokenization in any private or public cloud environment without impacting functionality, usability, or performance. CipherCloud eliminates data privacy, data residency, security, and regulatory compliance concerns, and accelerates cloud adoption. CipherCloud has been recognized by Gartner as a Cool Vendor in Cloud Security for 2011. Visit CipherCloud at www.ciphercloud.com. 11

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback