Salesforce Misconfigurations are Exposing Sensitive Data
Blog Article Published: 06/14/2023
Originally published by Obsidian Security.
Just last week, cybersecurity journalist Brian Krebs shared a post to his website detailing how Salesforce misconfigurations were causing several organizations to inadvertently expose sensitive data to the public.
Affected organizations discovered that guest users (accounts that do not require authentication prior to data access) of their Salesforce Experience Cloud websites were able to access private records including full names, Social Security numbers, addresses, and various other forms of personally identifiable information (PII).
Salesforce responded to this story by reassuring customers that the vulnerabilities identified were not inherent to the platform but instead the result of the organizations’ poor configurations of Salesforce Experience Cloud websites and guest user profiles. They also suggested that teams review their guidance around configuration best practices.
While this story made headlines in cybersecurity news, the underlying vulnerability is nothing new—in fact, guest user access to Salesforce sites is something our team covered in a dedicated section of our Salesforce Security Checklist published last year. Krebs’ blog and the subsequent Salesforce response serves to remind teams of a fundamental fact of SaaS security: while SaaS providers work to ensure the integrity of underlying infrastructure, the configuration and security of the tenant remains the customer’s responsibility.
Below, we’ll take a closer look at and provide some guidance around Salesforce Experience Cloud configurations to help security teams minimize these risks. We’ll also discuss the broader challenge of SaaS configuration management at scale, because this issue is by no means exclusive to Salesforce—or any single SaaS platform, for that matter.
What is Salesforce Experience Cloud, and what risks do guest users pose?
Salesforce Experience Cloud enables businesses to build and deliver digital experiences to their customers— websites, portals, storefronts, and forums, for example—that are personalized using data from the Salesforce CRM platform. Specific parts of these sites can be made publicly available to visitors without requiring authentication. In these cases, the level of access is controlled by the guest user permissions associated with that Experience Cloud site.
To ensure the integrity and privacy of sensitive Salesforce data, security teams should tightly control the permission and access levels of these unauthenticated guest users. In the past, there were a number of issues with guest user management—guests could own records, have edit and delete privileges, and potentially be exposed to all records for a given object. While recent Salesforce releases have since attempted to address these glaring issues, there are still important considerations that need to be addressed to ensure guests aren’t privy to more information than intended.
What can I do to prevent Salesforce public data exposure?
Security teams and Salesforce application owners may be understandably concerned about whether or not their own Salesforce environment is vulnerable to inadvertent public data exposure. To help review and mitigate this risk, we’ve put together a brief checklist of important considerations for your Salesforce sites:
- Review guest user sharing settings. When you create a guest user sharing rule, all affected records are immediately accessible by the public. Review these rules and keep the objects and records shared with guests to an absolute minimum.
- Restrict Apex class access. Prevent guest users from accessing Apex classes, especially AuraEnabled classes. Review the VisualForce and Apex pages that guest users can access and keep these to an absolute minimum.
- Review and lock down object settings. To ensure the security and integrity of sensitive data contained within Salesforce objects, you should assign the most restrictive possible object permissions in the guest user profile. These may vary based on organizational requirements, but powerful object permissions such as View All and Modify All are of particular concern.
- Review and lock down system permissions. Audit and deselect Salesforce permissions that aren’t strictly necessary for your business. Disable the sensitive View All Users and Run Flows permissions, for example, if guest users don’t need to see those abilities. Unless there is a legitimate reason why your guest users might need it, it is also advisable to disable API access.
The Salesforce team provides further guidance around guest user configurations in their documentation.
Even with these settings locked down, Salesforce configurations can drift over time whether by an inadvertent modification or an update to the platform itself. Make sure to periodically monitor your guest user access to ensure that this risk doesn’t reemerge down the line.
Managing SaaS configurations at scale
Although this story is focused on a configuration vulnerability in Salesforce, the fact is that managing potentially thousands of unique SaaS settings effectively at scale is almost impossible without tooling to consolidate and automate your approach. It isn’t just a matter of security hygiene, either—the security of SaaS applications has direct relevance to regulatory compliance increasingly as sensitive data continues to migrate to the cloud.
SaaS Security Posture Management (SSPM) solutions are purpose-built to help organizations address this challenge at scale. By helping security teams identify and address configuration vulnerabilities proactively, SSPM solutions minimize opportunities for both malicious or accidental breaches from occurring. Moreover, they can enable teams to map SaaS configurations directly to complex regulatory frameworks to ensure compliance is both an approachable and continuous effort.
If you’re concerned about the security of Salesforce and other central SaaS platforms such as Microsoft 365, Google Workspace, ServiceNow, and Workday, Obsidian Security is offering a no-cost risk assessment to help teams better understand the risks present in their environment. A member of our team will provide you with a snapshot with powerful security insights that include:
- Your SaaS security posture score with insights into user privileges and application configurations, providing actionable steps you can take to minimize risk
- Compliance mapping to complex industry and regulatory standards including SOC 2, NIST 800-53, ISO 27001, CSA Cloud Controls Matrix (CCM), and more
- Surfaced risk exposure introduced by SaaS integrations to your core applications including insights into permissions and different levels of access, integration activity, and areas of excessive risk
Trending This Week
#1 What are the Most Common Cloud Computing Service Delivery Models?
#2 Zero Trust and AI: Better Together
#3 Top Threat #2 to Cloud Computing: Insecure Interfaces and APIs
#4 101 Guide on Cloud Security Architecture for Enterprises
#5 Demystifying Secure Architecture Review of Generative AI-Based Products and Services
Sign up to receive CSA's latest blogs
This list receives 1-2 emails a month.