Salesforce Data Security Challenges in Wake of the Recent Breach

Originally published by Adaptive Shield.

Written by Hananel Livneh.

Recent incidents continue to shed light on vulnerabilities that organizations face. A notable case involves a networking products company whose support website inadvertently exposed sensitive customer information, as reported by KrebsOnSecurity. This incident underscores the critical importance of robust security measures in safeguarding customer data. In this blog post, we'll delve into the details of the exposure, explore potential causes, and discuss actionable items to enhance security in Salesforce.

In this case, the support website that experiences a data exposure and was utilized by the networking products company was Salesforce. This lapse allowed unintended access to customer information, including device details, warranty status, and serial numbers. Discovered by a 17-year-old intern named Logan George, the incident highlights the potential risks associated with inadvertent data exposure.

Upon discovering the issue, the networking products company swiftly addressed the problem, emphasizing that the exposure resulted from a recent upgrade to its support portal. The company assured users that it has fixed the issue and currently has no reason to believe that any identifiable or personal customer data was compromised.

The company has not provided specific details on when the user rights issue was introduced. This raises concerns about the adequacy of user permissions within Salesforce assets, echoing a broader issue of misconfigurations that can lead to data exposure. This is the second time in less than a year that a Salesforce misconfiguration exposes sensitive information (that we know of).

Adopting Strong Salesforce Security Protocols

In the wake of this incident, it is essential for businesses, particularly those dependent on platforms like Salesforce, to adopt strong security protocols. Here are key security principles crucial for safeguarding Salesforce. These security recommendations hold significance even in the absence of specific insights into the factors contributing to this particular data breach.

Securing Salesforce Communities

Salesforce Communities (“Experience”) refers to a feature within the Salesforce platform that allows organizations to create branded, customizable communities for collaboration and engagement with customers, partners, and employees in a secure and personalized online environment. Salesforce Communities often involve the sharing of sensitive data such as customer information, partner details, or internal communications. Proper security measures help safeguard this data from unauthorized access or breaches.

Salesforce Communities allow a high degree of customization. Therefore it's important to ensure that objects, files, records, and configurations follow best practices to minimize vulnerabilities. Regularly review and update security settings to adapt to evolving threats. Emphasis should be put on configurations that allow access and visibility to all users or guests.

Securing Standard and Custom Objects in Salesforce

In Salesforce, an object is a fundamental data structure used to store and organize information. Objects in Salesforce are akin to database tables and are central to the platform's data model. Salesforce provides a variety of standard objects, and users can also create custom objects to meet specific business requirements. Objects are made up of fields, which define the types of data that can be stored in them. Salesforce provides robust security features that allow administrators to control access to objects, fields, and records. This ensures that users have appropriate permissions to view, edit, or delete data. Objects should be reviewed constantly in order to make sure they are not exposed to unauthorized access. Also, make sure that they are not publicly accessible. Validate who has access to what object and how such access was given (such as Profile or Permission set).

User Authentication and Authorization

Implementing robust authentication mechanisms ensures that only authorized users have access to the community. This involves using secure login methods and controlling user access based on their roles and permissions within the organization. Setting up strong password policies, requiring MFA, and using SSO is a good start. Complement good login methods with strong control on access to data with visibility into Profiles and Permission Sets making sure there is no permission sprawl and that all user access is only to “need to know”. Finally, implement monitoring tools and conduct regular audits to track user activities, identify potential security incidents, and ensure compliance with security policies.

Conclusion

The recent incident involving the networking products company's support website serves as a reminder of the ongoing challenges in managing large systems and the importance of robust cybersecurity measures. By implementing the suggested actionable items, organizations can fortify their defenses against potential data exposure risks, ensuring a safer digital environment for both the company and its customers.