This document discusses techniques for hardening a Salesforce org against cybersecurity threats. It covers Salesforce security at the infrastructure and application levels. It also recommends best practices like using two-factor authentication, auditing permissions, and providing security training for users. The document promotes the Salesforce Toolkit and a free online cybersecurity course for further resources.
Salesforce MVPs Alex Sutherland and Maria Belli give Salesforce Admins an overview of security in Salesforce. From Org wide defaults, to object, field, and record access this presentation will help you understand how to secure your data and understand sharing rules.
The Salesforce platform offers system as well as application level security capabilities for building robust and secure applications. Join us as we introduce the system-level security features of Salesforce, like authentication and authorization mechanisms that include various Single Sign-On and OAuth flows. We'll also cover declarative application-level security features, like user profiles, roles and permissions, and how an Organization Wide Security and record-sharing model enforces a finer level of access control over the data.
One of the most important aspects for a new Salesforce implementation is setting up the correct security structure. Join us as we explain design considerations for setting up Security in a Salesforce instance. We'll explain usage of OWD, Role Hierarchy, Sharing Rules, Permission Sets with scenarios and discuss the impact of security for Community users.
An introduction to OAuth 2.0 from a Salesforce perspective to establish the foundations of OAuth 2.0. Discusses the key concepts of Authentication and Authorization and distinguishes the two. Also discusses Open ID connect.
In the short presentation, I have briefly described about the difference in between Salesforce Classic and Lightning along with the changes that have been introduced.
Salesforce Tutorial for Beginners: Basic Salesforce IntroductionHabilelabs
Salesforce is the worlds best Customer Relationship Management (CRM) platform which is flexible and powerful database supplier in the market.This blog is introducing about Salesforce and it’s CRM, Multitenant Architecture etc.
"We'll need an Apex trigger to do that." Sound familiar? Take your advanced Admin skills to the next level by developing Apex triggers to solve complex business requirements that can't be implemented using just the configuration-driven features of Force.com. Join us to learn when and how to write your first Apex trigger, and some best practices for making them effective.
Salesforce MVPs Alex Sutherland and Maria Belli give Salesforce Admins an overview of security in Salesforce. From Org wide defaults, to object, field, and record access this presentation will help you understand how to secure your data and understand sharing rules.
The Salesforce platform offers system as well as application level security capabilities for building robust and secure applications. Join us as we introduce the system-level security features of Salesforce, like authentication and authorization mechanisms that include various Single Sign-On and OAuth flows. We'll also cover declarative application-level security features, like user profiles, roles and permissions, and how an Organization Wide Security and record-sharing model enforces a finer level of access control over the data.
One of the most important aspects for a new Salesforce implementation is setting up the correct security structure. Join us as we explain design considerations for setting up Security in a Salesforce instance. We'll explain usage of OWD, Role Hierarchy, Sharing Rules, Permission Sets with scenarios and discuss the impact of security for Community users.
An introduction to OAuth 2.0 from a Salesforce perspective to establish the foundations of OAuth 2.0. Discusses the key concepts of Authentication and Authorization and distinguishes the two. Also discusses Open ID connect.
In the short presentation, I have briefly described about the difference in between Salesforce Classic and Lightning along with the changes that have been introduced.
Salesforce Tutorial for Beginners: Basic Salesforce IntroductionHabilelabs
Salesforce is the worlds best Customer Relationship Management (CRM) platform which is flexible and powerful database supplier in the market.This blog is introducing about Salesforce and it’s CRM, Multitenant Architecture etc.
"We'll need an Apex trigger to do that." Sound familiar? Take your advanced Admin skills to the next level by developing Apex triggers to solve complex business requirements that can't be implemented using just the configuration-driven features of Force.com. Join us to learn when and how to write your first Apex trigger, and some best practices for making them effective.
Salesforce Sales Cloud services are basically too help the Sales reps and help in managing connections, close the deals, to sell the products and services. The tools, included in Sales cloud are Chatter, Data.com. opportunities and quotes, work process and approval, Forecasting and Analysis, App Exchange, Partner Management, Email and calendaring, Marketing and Leads. Sales Cloud provide following features
What Is Salesforce? | Salesforce Training - What Does Salesforce Do? | Salesf...Edureka!
This Edureka Salesforce Tutorial slides for beginners will take you through why Salesforce became popular, what is Salesforce, Salesforce products along with a Salesforce use case. This Salesforce tutorial video is ideal for beginners to learn what is Salesforce. You can read the blog here: https://goo.gl/rEHG4a
You can create simple and some complex logic using workflows in Force.com, but sometimes you may need something more. Apex triggers provide the ability to solve complex logic and are an essential part of any Salesforce implementation.
Learn how to build and manage triggers and best practices on when to use them. Lastly, we’ll also take a look at some debugging techniques and tools that will make coding Apex triggers a breeze.
When building an enterprise solution or creating an app, data often comes from multiple systems, and business processes frequently cross application boundaries.
Salesforce offers a rich library of programmatic and point-and-click integration tools to customize business processes that span multiple application systems. In this webinar, we will survey the many integration options and technologies available in Salesforce, including newer API and integration features.
This webinar is the first in a series that will explore several ways to integrate systems and services with Salesforce.
Apex Triggers can be your best friend or your worst enemy. When a trigger is firing properly your data is under control and remains sane, but when a trigger doesn't fire properly, your users can be faced with the frustration of exceptions when saving a record, or worse: incorrect data. Join us to learn tips and tricks on how to debug and solve the most complex issues, including: Ambiguous Field Validation, After Insert Activity Errors, and SOQL and Governor Limit Errors. You'll learn the origins of these kinds of advanced trigger issues and gain solutions for avoiding them.
Do you want to be able to integrate external systems to Salesforce without copying the data and be able to write back to that system? Join us to go through several techniques that will allow you to leverage Lightning Connect's new write capability to its fullest potential. We'll show you how to build robust two-way integrations using a variety of declarative and programmatic tools and techniques. In addition, we'll explore common pitfalls like high operation latency and transaction semantics to help you avoid potential failures.
Salesforce Training For Beginners | Salesforce Tutorial | Salesforce Training...Edureka!
This Salesforce Training tutorial is all you need to learn about Salesforce. It is ideal for both beginners and professionals who want to understand the various Salesforce cloud services. Below are topics covered in this tutorial:
1. Why is Salesforce popular & in-demand?
2. Advantages: On-premise vs. Cloud
3. Where does Salesforce fit in the cloud model?
4. Various Salesforce Cloud Services
5. Salesforce architecture
6. Demo: Sales Cloud & Service Cloud
Salesforce Security Review Tips and TricksRyan Flood
Building on the Salesforce platform means having access to our world-class security team. Join us to hear from our resident security experts and learn how you can leverage important tools and resources to build a secure app. Understand the purpose and payoff of having your app reviewed and learn how to streamline the process. #DF17Partners
Salesforce Sales Cloud services are basically too help the Sales reps and help in managing connections, close the deals, to sell the products and services. The tools, included in Sales cloud are Chatter, Data.com. opportunities and quotes, work process and approval, Forecasting and Analysis, App Exchange, Partner Management, Email and calendaring, Marketing and Leads. Sales Cloud provide following features
What Is Salesforce? | Salesforce Training - What Does Salesforce Do? | Salesf...Edureka!
This Edureka Salesforce Tutorial slides for beginners will take you through why Salesforce became popular, what is Salesforce, Salesforce products along with a Salesforce use case. This Salesforce tutorial video is ideal for beginners to learn what is Salesforce. You can read the blog here: https://goo.gl/rEHG4a
You can create simple and some complex logic using workflows in Force.com, but sometimes you may need something more. Apex triggers provide the ability to solve complex logic and are an essential part of any Salesforce implementation.
Learn how to build and manage triggers and best practices on when to use them. Lastly, we’ll also take a look at some debugging techniques and tools that will make coding Apex triggers a breeze.
When building an enterprise solution or creating an app, data often comes from multiple systems, and business processes frequently cross application boundaries.
Salesforce offers a rich library of programmatic and point-and-click integration tools to customize business processes that span multiple application systems. In this webinar, we will survey the many integration options and technologies available in Salesforce, including newer API and integration features.
This webinar is the first in a series that will explore several ways to integrate systems and services with Salesforce.
Apex Triggers can be your best friend or your worst enemy. When a trigger is firing properly your data is under control and remains sane, but when a trigger doesn't fire properly, your users can be faced with the frustration of exceptions when saving a record, or worse: incorrect data. Join us to learn tips and tricks on how to debug and solve the most complex issues, including: Ambiguous Field Validation, After Insert Activity Errors, and SOQL and Governor Limit Errors. You'll learn the origins of these kinds of advanced trigger issues and gain solutions for avoiding them.
Do you want to be able to integrate external systems to Salesforce without copying the data and be able to write back to that system? Join us to go through several techniques that will allow you to leverage Lightning Connect's new write capability to its fullest potential. We'll show you how to build robust two-way integrations using a variety of declarative and programmatic tools and techniques. In addition, we'll explore common pitfalls like high operation latency and transaction semantics to help you avoid potential failures.
Salesforce Training For Beginners | Salesforce Tutorial | Salesforce Training...Edureka!
This Salesforce Training tutorial is all you need to learn about Salesforce. It is ideal for both beginners and professionals who want to understand the various Salesforce cloud services. Below are topics covered in this tutorial:
1. Why is Salesforce popular & in-demand?
2. Advantages: On-premise vs. Cloud
3. Where does Salesforce fit in the cloud model?
4. Various Salesforce Cloud Services
5. Salesforce architecture
6. Demo: Sales Cloud & Service Cloud
Salesforce Security Review Tips and TricksRyan Flood
Building on the Salesforce platform means having access to our world-class security team. Join us to hear from our resident security experts and learn how you can leverage important tools and resources to build a secure app. Understand the purpose and payoff of having your app reviewed and learn how to streamline the process. #DF17Partners
Top Five Ways to Protect Your Salesforce Data DataArchiva
This Slideshare will walk you through the major strategies that you can adopt to protect your Salesforce data against unexpected data loss scenarios such as cyberattacks, human errors, and natural disasters. Swipe left to learn how modern strategies such as restricted access control, multi-factor authentication, and data backup can help you prevent Salesforce data loss.
Increase IBM i Security & Accelerate Compliance with New Syncsort Security Re...Precisely
Regulatory compliance and security of critical systems, applications and data are top-of-mind issues for IT organizations in 2018. New capabilities are now available from the Syncsort Assure products that can help your organization achieve and maintain compliance while strengthening IBM i security.
View this webinar on-demand to discover how new innovations from Syncsort can help you meet your auditing and control needs.
Make Every Spin Count: Putting the Security Odds in Your FavorDavid Perkins
Cerdant’s Director of Engineering, Joshua Skeens, presented the best ‘bets’ to increase your security odds. Josh warned customers to stop gambling with their data, and cautioned against weak, guessable passwords stating, “Use 2-Factor Authentication everywhere!” The first step in creating the best security posture possible for your business will always be just getting started, and to keep momentum Josh suggests implementing 1 new security practice each week.
I used to get questions on what it takes to have a career in Information Security. Here are my thoughts on building a career in Security touching points like skills, job titles, are certifications needed etc
The hacker playbook: How to think and act like a cybercriminal to reduce risk...Paula Januszkiewicz
In reference to my talk at Ms Ignite: "The hacker playbook: How to think and act like a cybercriminal to reduce risk" I am sharing slides, tools and a brief talk summary. More details you can find here: https://cqureacademy.com/ignite/the-hacker-playbook
Top 20 certified ethical hacker interview questions and answerShivamSharma909
The technique of discovering vulnerabilities in a software, website, or agency’s structure that a hacker might exploit is known as ethical hacking. They employ this method to avoid cyberattacks and security breaches by legitimately hacking into systems and looking for flaws. CEH was designed to include a hands-on environment and a logical procedure across each ethical hacking area and technique. This is to provide you the opportunity to work towards proving the knowledge and skills to earn the CEH certificate and perform the tasks of an ethical hacker.
Read more: https://www.infosectrain.com/blog/top-20-certified-ethical-hacker-interview-questions-and-answer/
CLE Devs: Security Check Readiness for MFALyndaKane2
Cleveland Salesforce Developer Group presentation from 1/8/2022 for Security Check: Are you ready for MFA in February? presented by Co-Leaders Lynda Kane and Orlando Briceno Gomez
Slides form my talk - Essential security measures in ASP.NET MVC . More info on - https://hryniewski.net/essential-security-measures-in-asp-net-mvc-resources-for-talk/
Cybersecurity Interview Questions and Answers | CyberSecurity Interview Tips ...Edureka!
** CyberSecurity Certification Training: https://www.edureka.co/cybersecurity-certification-training **
This Edureka tutorial on "Cybersecurity Interview Questions and Answers" consists of 50 questions from multiple cybersecurity domains which will help you in preparation of your interviews.
Passwords are passé. WebAuthn is simpler, stronger and ready to goMichael Furman
The presentation shows what’s wrong with passwords.
Then it elaborates what is Two-Factor Authentication.
Finally, it demonstrates standard web API WebAuthn (Web Authentication).
The presentation were presented at OWASP Appsec IL 2018
https://appsecisrael2018.sched.com/event/FvfG/passwords-are-passe-webauthn-is-simpler-stronger-and-ready-to-go
Organizations are increasingly looking to their Internal Auditors to provide independent assurance about cyber risks and the organization's ability to defend against cyber attacks. With information technology becoming an inherent critical success factor for every business and the emerging cyber threat landscape, every internal auditor needs to equip themselves on IT audit essentials and cyber issues.
In part 12 of our Cyber Security Series you will learn about the current cyber risks and attack methods from Richard Cascarino, including:
Where are we now and Where are we going?
Current Cyberrisks
• Data Breach and Cloud Misconfigurations
• Insecure Application User Interface (API)
• The growing impact of AI and ML
• Malware Attack
• Single factor passwords
• Insider Threat
• Shadow IT Systems
• Crime, espionage and sabotage by rogue nation-states
• IoT
• CCPA and GDPR
• Cyber attacks on utilities and public infrastructure
• Shift in attack vectors
This presentation targets to guiding security expert and developer to protect PaaS deployment to eliminate security threats. This also introduces Threat Modeling.
The secret formula to being an #AwesomeAdmin is…FORMULAS! Join Admin Evangelist Jennifer Lee for this session to understand Salesforce formulas, how to build them, and some of the most common use cases for formulas. You will learn the basic framework for a Salesforce formula, where they can be used, and considerations for building them.
Watch the Trailhead LIVE Episode here: https://trailhead.salesforce.com/live/broadcasts/a2r3k000001vDKv/admin-best-practices-building-useful-formulas
Admin Best Practices: 3 Steps to Seamless DeploymentsSalesforce Admins
Deployment strategies can make or break the rollout of a new configuration into production. Join Carlos Siqueira, Salesforce MVP, and J. Steadman, Lead Admin Evangelist, as they walk through three steps to manage deployments without disruption - while avoiding bugs and increasing user adoption.
Watch the episode here: https://trailhead.salesforce.com/live/broadcasts/a2r3k000001vDKq/admin-best-practices-3-steps-to-seamless-deployments
Awesome Admins Automate: Integrate Flow with AI and ChatbotsSalesforce Admins
Think of a business process today that could be optimized. With Einstein Automate, you can reimagine this process and completely shift the way your employees and customers engage with your business. Come learn how to build end-to-end workflows by combining Salesforce Flow with AI, chatbot, or low-code integration tools.
Watch the Episode here: https://trailhead.salesforce.com/live/broadcasts/a2r3k000001vCmQ/awesome-admins-automate-integrate-flow-with-ai-and-chatbots
#AwesomeAdmins Automate: Create Triggered Flows and Batch JobsSalesforce Admins
What are some manual tasks that are recurring for your team today? How much time do they spend on them? Salesforce Flow can reduce the time spent on these tasks and remove the potential for error by automatically performing any follow-up actions for you. Come learn how simple it is to create record-triggered flows, schedule-triggered flows, and batch jobs using Flow Builder and get started on your automation journey today.
Watch the full episode here: https://trailhead.salesforce.com/live/broadcasts/a2r3k000001vCmK/awesome-admins-automate-create-triggered-flows-and-batch-jobs
Admin Best Practices: Introducing Einstein Recommendation BuilderSalesforce Admins
You’re invited to learn about a new AI capability in the Salesforce Platform, Einstein Recommendation Builder. You might be familiar with recommendations while you are shopping on your favorite online retailer. Einstein Recommendation Builder brings a similar recommendation engine capability into the Salesforce Platform that can be leveraged for CRM applications. Join us to hear use cases, see a live demo, and learn how you can start building your own personalized, AI-powered recommendations.
Watch the Trailhead LIVE Episode here: https://trailhead.salesforce.com/live/broadcasts/a2r3k000001Lc9i/admin-best-practices-introducing-einstein-recommendation-builder
Essential Habits for Salesforce Admins: Actionable AnalyticsSalesforce Admins
As a Salesforce Admin, you have four core responsibilities that you need to master to succeed and grow your career. In this session, we'll dive into the core responsibility of Actionable Analytics and the habits you need to build to successfully master it: review key reports, meet with business leaders, report on report usage, check custom report types, and update business performance metrics. You'll learn how to develop each habit, with expert advice and key actionable takeaways.
Watch the broadcast here: https://trailhead.salesforce.com/live/broadcasts/a2r3k000001n2Ri/essential-habits-for-salesforce-admins-actionable-analytics
For more about the four-part Essential Habits for Salesforce Admins series, check out the blog post here: https://admin.salesforce.com/blog/2020/essential-habits-for-salesforce-admins-just-got-bigger-and-better
As a Salesforce Admin, you have four core responsibilities that you need to master to succeed and grow your career. In this session, we'll dive into the core responsibility of Security and the habits you need to build to successfully master it: review roles, profiles, and permissions sets; run Health Check; align with IT, and review login history. You'll learn how to develop each habit, with expert advice and key actionable takeaways for you to implement right away.
Learn about the Essential Habits for Salesforce Admins series here: https://admin.salesforce.com/blog/2020/essential-habits-for-salesforce-admins-just-got-bigger-and-better
Essential Habits for Salesforce Admins: Data ManagementSalesforce Admins
As a Salesforce Admin, you have four core responsibilities that you need to master to succeed and grow your career. In this session, we'll dive into the core responsibility of Data Management and the habits you need to build to successfully master it: export data, review duplicates, create a data dictionary, refresh sandboxes, delete junk, and run Optimizer. You'll learn how to develop each habit, with expert advice and key actionable takeaways for you to implement right away.
For more about the four-part Essential Habits for Salesforce Admins series, check out the blog post here: https://admin.salesforce.com/blog/2020/essential-habits-for-salesforce-admins-just-got-bigger-and-better
Essential Habits for Salesforce Admins: User ManagementSalesforce Admins
As a Salesforce Admin, you have four core responsibilities that you need to master to succeed and grow your career. In this session, we'll dive into the core responsibility of User Management and the habits you need to build to successfully master it: get to know your users, analyze usage with dashboards, communicate with leadership, review documentation, and audit your users. You'll learn how to develop each habit, with expert advice and key actionable takeaways for you to implement right away.
For more about the four-part Essential Habits for Salesforce Admins series, check out the blog post here: https://admin.salesforce.com/blog/2020/essential-habits-for-salesforce-admins-just-got-bigger-and-better
Join Benjamin Reynolds, CEO and Founder of Alternative Partners, and Keren Stanley, Sr. Customer Adoption & Growth Manager at Salesforce, as they discuss how to grow a team of Salesforce admins with the technical chops and soft skills to succeed.
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024Neo4j
Neha Bajwa, Vice President of Product Marketing, Neo4j
Join us as we explore breakthrough innovations enabled by interconnected data and AI. Discover firsthand how organizations use relationships in data to uncover contextual insights and solve our most pressing challenges – from optimizing supply chains, detecting fraud, and improving customer experiences to accelerating drug discoveries.
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...Neo4j
Leonard Jayamohan, Partner & Generative AI Lead, Deloitte
This keynote will reveal how Deloitte leverages Neo4j’s graph power for groundbreaking digital twin solutions, achieving a staggering 100x performance boost. Discover the essential role knowledge graphs play in successful generative AI implementations. Plus, get an exclusive look at an innovative Neo4j + Generative AI solution Deloitte is developing in-house.
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!SOFTTECHHUB
As the digital landscape continually evolves, operating systems play a critical role in shaping user experiences and productivity. The launch of Nitrux Linux 3.5.0 marks a significant milestone, offering a robust alternative to traditional systems such as Windows 11. This article delves into the essence of Nitrux Linux 3.5.0, exploring its unique features, advantages, and how it stands as a compelling choice for both casual users and tech enthusiasts.
Climate Impact of Software Testing at Nordic Testing DaysKari Kakkonen
My slides at Nordic Testing Days 6.6.2024
Climate impact / sustainability of software testing discussed on the talk. ICT and testing must carry their part of global responsibility to help with the climat warming. We can minimize the carbon footprint but we can also have a carbon handprint, a positive impact on the climate. Quality characteristics can be added with sustainability, and then measured continuously. Test environments can be used less, and in smaller scale and on demand. Test techniques can be used in optimizing or minimizing number of tests. Test automation can be used to speed up testing.
Dr. Sean Tan, Head of Data Science, Changi Airport Group
Discover how Changi Airport Group (CAG) leverages graph technologies and generative AI to revolutionize their search capabilities. This session delves into the unique search needs of CAG’s diverse passengers and customers, showcasing how graph data structures enhance the accuracy and relevance of AI-generated search results, mitigating the risk of “hallucinations” and improving the overall customer journey.
In the rapidly evolving landscape of technologies, XML continues to play a vital role in structuring, storing, and transporting data across diverse systems. The recent advancements in artificial intelligence (AI) present new methodologies for enhancing XML development workflows, introducing efficiency, automation, and intelligent capabilities. This presentation will outline the scope and perspective of utilizing AI in XML development. The potential benefits and the possible pitfalls will be highlighted, providing a balanced view of the subject.
We will explore the capabilities of AI in understanding XML markup languages and autonomously creating structured XML content. Additionally, we will examine the capacity of AI to enrich plain text with appropriate XML markup. Practical examples and methodological guidelines will be provided to elucidate how AI can be effectively prompted to interpret and generate accurate XML markup.
Further emphasis will be placed on the role of AI in developing XSLT, or schemas such as XSD and Schematron. We will address the techniques and strategies adopted to create prompts for generating code, explaining code, or refactoring the code, and the results achieved.
The discussion will extend to how AI can be used to transform XML content. In particular, the focus will be on the use of AI XPath extension functions in XSLT, Schematron, Schematron Quick Fixes, or for XML content refactoring.
The presentation aims to deliver a comprehensive overview of AI usage in XML development, providing attendees with the necessary knowledge to make informed decisions. Whether you’re at the early stages of adopting AI or considering integrating it in advanced XML development, this presentation will cover all levels of expertise.
By highlighting the potential advantages and challenges of integrating AI with XML development tools and languages, the presentation seeks to inspire thoughtful conversation around the future of XML development. We’ll not only delve into the technical aspects of AI-powered XML development but also discuss practical implications and possible future directions.
1. Security and your Salesforce Org
CyberSecurity techniques to harden your org.
Francis Pindar
Technical Architect
francis@netstronghold.com
@radnip
2. Security and your
Salesforce org
CyberSecurity techniques to harden your org.
Francis Pindar
Technical Architect
francis@netstronghold.com
@radnip
www.radnip.com
LinkedIn.com/in/francisuk
5. Salesforce Security
Applicable to the Sales Cloud, Service Cloud, Communities, Chatter, database.com, site.com and Force.com. For audits, certification and security information or other services, please see
the Trust & Compliance section of help.salesforce.com.
Infrastructure-level SecurityApplication-level Security
Firewall SSL
Accelerators
Web/App
Servers
Load
Balancers
Database
Servers
Trusted
Networks
Authentication
Options
Field Level
Security
Object Level
Security
(CRUD)
Audit Trail
Object History
Tracking
10. Two Factor Authentication (2FA)
• Provides an extra layer of security beyond
a password
• If a user’s credentials are compromised,
much harder to exploit
• Require a numeric token on login
• Can be received via app, SMS, email,
hardware (YubiKey)
12. My Top Risky System Permissions
“System Admin” Permission Set Standard Profile
Export Report* Yes Yes No
Data Export No No No
Modify All Data No? No No
Manage Profile
Permission Sets
Yes No No
View Setup Yes Yes No
View All Data Yes? No No
View Encrypted Data No No No
Manage Remote Access Yes No No
Password Never Expires No No No
Bulk API Hard Delete No No No
Permissions you need to have
* Enable reCapture -> Send case to Salesforce
13. My Top Risky System Permissions
“System Admin” Permission Set Standard Profile
API Enabled No Yes No
Manage Interactions Yes No No
Manage Two Factor
Authentication
No No No
Permissions you need to have
Source: placeholder
20. CyberSecurity by FutureLearn/Open University
https://www.futurelearn.com/courses/introduction-to-cyber-security
• FREE online course
• Duration: 8 weeks
• 3 hours a week
• Certificates available
Next Start dates:
• 4th
July 2016
• 3rd
October 2016
21. Key Principles – The Human Factor
• Limit the number of users with admin rights
• Provide users with minimum access to do their job
• Create rigorous process for user termination/deactivation
• Basic security training for all users on credential/password
security, phishing, and social engineering
• Trailhead for ongoing, role-focused education
• Effective security requires cross-org communication
https://developer.salesforce.com/trailhead
22. thank y u
Francis Pindar
francis@netstronghold.com
@radnip
www.radnip.com
LinkedIn.com/in/francisuk
Editor's Notes
BBC Good Food Show tomorrow.
Experts are saying British businesses are not doing enough to protect themselves. Cyber attacks are exacting a heavy toll on british businesses. Research company Cebr last year reported £34bn of increase IT expenditure and lost revenue.
[CLICK]
The UK Government found boards of half of FTSE 350 companies only hear about cyber incidents only on an occasional basis or when something goes wrong.
But Damage can sometimes harm a companies reputation more than the actual attack.
UK Governments Public Policy Exchange is saying the threat from cyber attacks to the UK’s national security is “Real and Growing”. Such attacks have been called a “Tier One” threat to the UK.
[CLICK]
A recent report of UK companies showed that nearly half (46%) of small business owners have no employee responsible for data security and more alarming 27% have no process or policy at all. But its not just isolated to small companies. Last year saw an conservative estimate 487,731,758 records (based on public information) of data leaks from companies like Hyatt, Hilton Hhonors, Costa Coffee, Mumsnet, 56 Deans Street clinic leaks 780 HIV patients (NHS Trust fined £180k), JD Wetherspoon nearly 700,000 personal details were stolen and TalkTalk 156,000.
Secure Your Salesforce Org
Some administrators are surprised when they learn that security is part of their job. Salesforce is built with security as the foundation for the entire service. This foundation includes both protection for your data and applications, as well as the ability to implement your own security scheme to reflect the needs of your organization.
However, protecting your data is a joint responsibility between you and Salesforce but it ultimately your responsibility under EU Data Protection Laws. The security features in Salesforce enable you to help your users to do their jobs efficiently, while also limiting exposure of data to users that need to act upon it. Implement security controls that you think are appropriate for the sensitivity of your data. Your data is protected from unauthorized access from outside your company, and you should also safeguard it from inappropriate usage by your own users.
There are features built into the platform that you have the opportunity to activate to make the experience as secure as possible for your company.
Today we will focus on two of the key features that Salesforce highly recommends that customers enable – Two Factor Authentication and Login IP Ranges. We will also talk at a high level about protecting data by “who sees what”, or setting up roles and profiles.
No security strategy or feature is bullet-proof, but shoring up your implementation with these capabilities will decrease the likelihood that your org is compromised and may reduce the amount of data that can be stolen by attackers.
For any organization, its people present the biggest security threat and the greatest opportunity for hackers. Cyber criminals have shifted their tactics from technological attacks to targeted assaults on employees by manipulating basic human behaviors. Now more than ever, every person has an impact on security regardless of their function or title.
According to the PWC Global State of Information Security Survey, 2015, employees remain the most cited source of security compromise (over 55%), and incidents attributed to business partners also climbed 22 percent.
Only 17% of firms have given staff Cyber Security Training.
Open University warned last week that businesses believe upgrading their systems will keep them safe.
It takes only one employee to set off a chain of events that can compromise your company’s data. In this way, security is a job expectation critical to your company’s success. There are basic behaviors that every employee can do to make the company more secure.
Potential steps your users can take in the spirit of protecting data are:checking links in emails by hovering over them with their mouse, stop letting people in their office without checking for a badge, and continue to update logins using stronger passwords. We will talk about specifics later on.
For any organization, its people present the biggest security threat and the greatest opportunity for hackers. Cyber criminals have shifted their tactics from technological attacks to targeted assaults on employees by manipulating basic human behaviors. Now more than ever, every person has an impact on security regardless of their function or title.
According to the PWC Global State of Information Security Survey, 2015, employees remain the most cited source of security compromise (over 55%), and incidents attributed to business partners also climbed 22 percent.
Only 17% of firms have given staff Cyber Security Training.
Open University warned last week that businesses believe upgrading their systems will keep them safe.
It takes only one employee to set off a chain of events that can compromise your company’s data. In this way, security is a job expectation critical to your company’s success. There are basic behaviors that every employee can do to make the company more secure.
Potential steps your users can take in the spirit of protecting data are:checking links in emails by hovering over them with their mouse, stop letting people in their office without checking for a badge, and continue to update logins using stronger passwords. We will talk about specifics later on.
Setting the Stage: The Human Factor
These entry point methods represent common techniques that cyber criminals use to prey on our humanity and get what they want.
1. Phishing/Malware – An attempt to acquire sensitive information such as usernames, passwords, and credit card details by masquerading as a trustworthy entity. This can be used to trick users into downloading software intended to damage a computer, mobile device, computer system, or computer network, or to gain access to its operation.
2. Social Engineering - In the context of security, it is understood to mean the art of manipulating people into taking action or revealing confidential information.
3. Exploiting Public Info - Using publicly available information to help design a social engineering attack, crack a password login, or create a targeted phishing email.
4. Badge Surfing - A method of gaining unauthorized entry into a secured area. Typically, an intruder simply follows behind a legitimate badge holder as they pass through to the secured area or somehow convince that individual to hold the door open for them and knowingly give them access.
5. Eavesdropping - Secretly listening in on private conversations.
6. Rubbish Collection - Collecting sensitive information from the recycling or rubbish that was not appropriately destroyed.
7. Installing Rogue Devices - Malicious wireless routers or USB thumb drives installed on premise to allow a hacker access to a secure network.
Software Engineer for Salesforce.com
Secure Behavior
There are a few more key principles that can help augment the layers of security at your company.
First, limit the number of users with admin rights, and check periodically to make sure that, the same individuals need to have admin permissions. This can change over time. A key principle of security in general is to provide users with the minimum access they need to do their job. There is no need, for example, for a business analyst to see billing information for customers.
For those of you who haven’t checked out Trailhead yet, we highly encourage you to check out this fun and engaging educational tool available for self-paced training. There is a Data Security module that will give you hands-on for some of the things we reviewed today.
And last, cross-org communication is critical to security, not only between org admins, but also with your IT and security departments. Some key things you can talk about with IT:
How can you partner to improve security awareness of Salesforce users
How can you better understand company security policies and integrate into your administration of Salesforce, including password policies
Creating a process for notifying you when a user should be deactivated
What are the most common IP addresses that employees log in from
As foreign as it may seem to some, there is a lot to gain from building a relationship with your IT and Security departments.