To control what files users are attaching in Salesforce, organizations need to understand how content is stored in Salesforce. The next section covers the basic polling design organizations can leverage to ensure their files are stored safely while waiting for scan results from a third-party virus scanner. How Content is Stored and Versioned in Salesforce Keeping reading to learn what a custom virus scanning solution could look like in Salesforce and what to consider during implementation. Ultimately, the decision to invest in a new file scanning platform or repurpose an existing one will depend on each organization’s use case. “Even if a virus scanning platform is in place, an organization may want more control over what files get scanned.” However, your use case may require a more custom solution that needs to be built and maintained, and that maintenance will require Salesforce development skills. If there is a virus scanning platform in your organizations’ tech stack, it is possible to repurpose it. Can Organizations Repurpose an Existing File Scanner platform for Salesforce? However, there may already be a virus scanning platform in use at your enterprise (ensure your organization validates this). These solutions work well as point-solution scanners for Salesforce. Two examples are F-Secure Cloud Protection and Cyber Alarm Antivirus. Several great pre-built virus scanners on the AppExchange provide monitoring tools to keep an eye out for any malicious files. This holds in the case of virus scanners. The AppExchange is the first place we recommend organizations look to extend the functionality of Salesforce. The AppExchange: Salesforce Virus Scanners This opens the possibility of an external user attaching a malicious file to a record and anyone else in the system (including internal users) downloading and installing that file, thus putting their local machines at risk. There is no native file scanning completed when a user uploads a file to Salesforce. Organizations cannot enforce what browser Salesforce Experience users are using or what virus scanners they have installed on their machines. The risk is higher because, at the enterprise level, Salesforce Admins don’t have any governance over how Salesforce Experience end-users interact with the platform. However, if your organization is leveraging Salesforce Experience (formerly Community Cloud), the risk of an end-user adding a malicious attachment to Salesforce via file storage is much higher. You may trust internal Salesforce users to not attach a malicious file in Salesforce (plus their computers are likely scanned for vulnerabilities). Salesforce File Storage: Malware Protection Considerations Now that we’ve covered the difference between data storage and file storage in Salesforce, let’s uncover how to protect file storage in Salesforce from cybersecurity risks. Generally, file storage starts at around 10 GB and increases by about 2 GB for Enterprise and Unlimited Editions, as shown here (this is always subject to change). Or, for example, an attachment on an email uploaded to a Case. File storage is what is used when a Salesforce user uploads a file, like a pdf, to a record. Data storage is used every time a user creates a new record like an Account or Contact. Salesforce provides a generous amount of file storage that’s separate from record data storage. However, there is an exception to this rule: files and attachments. There’s a misconception that nothing can affect your local machine since everything you’re interacting with lives on Salesforce’s servers. Often, people assume that malware protection isn’t necessary when dealing with cloud platforms like Salesforce. “91% Of Data Breaches Start With Spear Phishing Attacks On Organizations.” However, there are still basic steps all organizations need to take to minimize breaches, including malware protection, to prevent phishing attempts and improve Salesforce security. The good news is, Salesforce is an extremely secure platform. With Salesforce being the central hub of information for many enterprises, it’s no surprise that organizations are focused on keeping their Salesforce instance secure.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |