If you’ve been a Salesforce customer for more than five minutes, you’ve likely heard us talk about our commitment to Trust (yes, we take it that seriously!). The framework we follow for upholding the highest level of trust between Salesforce and our customers is called the Shared Responsibility Model. This is a “widely-used model by cloud providers where the provider is in charge of security related to the cloud itself and its underlying infrastructure, while its customers or end users are responsible for protecting data stored in the cloud environment. With the shared responsibility model, there is an implied ownership of security of the platform by the provider, but that leaves the platform flexible enough for customers to configure it to meet their individual needs.”
At Salesforce, we provide customers with a flexible, secure platform as well as outline security best practices for customers to follow to securely manage their data. If these best practices aren’t followed – also known as a product misconfiguration – it can create additional (and unnecessary) security risk for customers.
Types of misconfigurations
There are many types of risks that customers can face by misconfiguring their Salesforce instance; in this post, we’ll focus on a few that fall under the OWASP Top 10. If you’re not familiar, the OWASP Top 10 is considered the authoritative list of the most critical risks to web applications. Let’s start by diving into the risks, their definitions, and how they may be relevant to Salesforce customers.
1. Broken access control
OWASP definition: “Access control enforces policy such that users cannot act outside of their intended permissions. Failures typically lead to unauthorized information disclosure, modification, or destruction of all data or performing a business function outside the user’s limits.”
One example of access control misconfiguration in a Salesforce environment is incorrectly setting up Guest User (unauthenticated user) permissions in Experience Cloud. Guest User misconfigurations can potentially grant unauthenticated users access to more data than intended, which poses a potential security risk. We know our customers use Experience Cloud sites in unique ways and the desired settings for Guest User permissions may vary.
To help our customers retain flexibility while ensuring their data remains secure, Salesforce continues to release robust tools and guidance for customers to address the risk of data exposure due to misconfigurations. We strongly encourage customers to always:
Customers that purchase the Shield product have the ability to identify and investigate Guest User Anomalies, as well as advanced threat detection capabilities with Shield’s Event Monitoring tool.
By following Salesforce security guidance, Experience Cloud customers can protect against risks from broken access controls and maintain a healthy Salesforce environment.
2. Security misconfiguration
OWASP definition: “Unnecessary features are enabled or installed (e.g., unnecessary ports, services, pages, accounts, or privileges)… Without a concerted, repeatable application security configuration process, systems are at a higher risk.”
One example of a Security Misconfiguration risk in a Salesforce environment is the improper deactivation of Experience Cloud sites. Customers may have the need to deprecate Experience Cloud sites, but don’t always properly deactivate them. Improper deactivation leaves the old site open to compromise by allowing any users with permissions to still view and modify the site and its data. This creates a high level of risk for the customer. Customers should follow the proper path to deactivate an Experience Cloud site — which as a best practice closes off these sites and keeps customer data safe.
Another example of this in a Salesforce environment is the practice of Guest Users uploading files. Because the files are by default labeled as “unassigned” when uploaded by an unauthenticated user, the files become publicly visible, potentially making proprietary data visible to anyone. Luckily, this vulnerability is easily remediated. As a best practice, set up a trigger to always assign an owner to files uploaded by Guest Users. You can also restrict file upload size or type by using community file moderation as an additional security control.
3. Identification and authentication failures
OWASP definition: “Confirmation of the user’s identity, authentication, and session management is critical to protect against authentication-related attacks. There may be authentication weaknesses if the application… Has missing or ineffective multi-factor authentication.”
Salesforce provides identity-based solutions for users to securely access Salesforce accounts. To help customers keep their accounts secure, as of February 1, 2022, Salesforce requires customers to use Multi-Factor Authentication (MFA) when accessing Salesforce products. MFA is a very effective and relatively easy-to-use security control, but despite its obvious benefits, some customers still choose to use weaker forms of authentication such as SMS text.
Allowing users to log in with weaker forms of authentication can sharply decrease a customer’s org security and make the org more vulnerable to phishing attempts and hackers.
If you’re an admin and haven’t implemented MFA for your Salesforce instance yet, there’s no better time than the present! To learn how to implement MFA for Salesforce, visit security.salesforce.com/mfa.
Master secure configurations
After reading about these three common misconfiguration scenarios, you should have a deep understanding of the responsibility that lies with customers to securely configure their Salesforce instances. Remember, the best way to avoid taking on unnecessary risk is to proactively prevent against it!
Blog collaborators
Sid Chowdhury, Lead Threat Intel Researcher at Salesforce
David Ng, Product Management Director at Salesforce
Ping Yan, Sr. Director of Data Science & Analytics at Salesforce
Doug Miller, VP of Threat Management at Salesforce
Sources:
Security best practices
Curious about more ways to bolster the security of your Salesforce org? Check out our guide for additional guidance and resources.
