2019 Year in Review: Readers’ 10 Favorite Cloud Security Blog Posts
CCPA, insider threats, Salesforce Shield: Event Monitoring, and more – 2019 saw an increase in awareness of cloud data security threats, the privacy movement and how it’s shaping Information Security (InfoSec) efforts, and the threat to data stored in cloud applications like Salesforce. Curious to know what readers were most interested in this past year? Here we present the 2019 year in review that contains the year’s 10 most popular cloud security blog posts from the Imprivata FairWarning Insights and Research hub.
1. Everything You Need to Know About CCPA, the New California Data Privacy Law
The California Consumer Privacy Act was first signed into law in 2018, but 2019 saw a dramatic increase in awareness and preparation as the January 1, 2020 enactment date came into view. This blog post offers a consolidated resource that helps readers understand the full impact of CCPA, what it means for organizations, actionable steps for compliance, and more. Here, you’ll find answers to come of the most frequently asked questions such as, “How do I know if my organization collects or sells information?” and “What is the penalty for non-compliance?”
2. Insider Threat Awareness: Do You Recognize These 5 Familiar Faces?
Insider threats are everywhere, and while InfoSec teams have been taking notice of this for a while, other business areas are starting to realize the potential insiders have to cause significant damage. From CISOs to CRM admins and CFOs – 2019 saw a massive increase in insider threat awareness, but there are still many who aren’t aware of the significant risk. This post highlights five different insider threats that are commonly found in offices across industries, helping you identify potential dangers and plug any security gaps to avoid a breach.
3. What is Einstein Analytics? A Closer Look at Salesforce’s Visibility Tool
Einstein Analytics is Salesforce’s native tool for visualizing user activity occurring in Salesforce orgs. Whether organizations utilize Salesforce for Sales, Marketing, or Service, this visibility tool provides a way to understand the Event Monitoring data that tracks users’ interactions with information like contacts, campaigns, or accounts. This article examines why you might need a visibility tool and whether Einstein is the right choice for your organization’s data security, privacy, and compliance needs.
4. The California Consumer Privacy Act is Coming – Does Your Organization Meet CCPA Compliance?
As organizations continue to discuss and plan for CCPA, many security, privacy, and compliance professionals search for ways to make sure they’re covering all the bases when it comes to CCPA preparedness. Unfortunately, many companies that aren’t located in the state see the word, “California” and assume it doesn’t apply to them. The truth is that CCPA compliance extends far beyond state lines. This blog post outlines how to determine if your organization meets the guidelines that require you to comply with the regulation. Even if you’re located somewhere far away from California like New York, as long as you collect, store, manage, or sell California residents’ personal information, you may be required to comply with CCPA.
5. You Just Bought Shield: Now What? A Salesforce Shield Implementation Guide for Admins
Salesforce Shield contains three essential elements for robust data security: Event Monitoring, Field Audit Trail, and Platform Encryption. Thousands of InfoSec professionals rely on Shield to protect sensitive company data from theft, loss, or compromise. But sometimes it’s hard to know where to start after you obtain access to these must-have tools. This post offers a step-by-step implementation guide that will help admins in any industry – financial services, healthcare, insurance, technology – set up their Shield suite to optimize ROI and lock down data, preventing a breach and mitigating other security risks.
6. The 6 Elements Every Financial Institution Needs for Defense-in-Depth Security
Because financial services organizations rely on customer trust to succeed, establishing that trust is of the utmost importance – and it begins with securing personal data and keeping it private. To establish the most robust security, defense in depth provides multiple defensive measures because no single option is completely infallible — if one security control fails or a hacker exploits a vulnerability, they could instantly access all the sensitive data stored in an application. Multiple barriers may seem redundant, but that’s the point – should one layer fail, numerous others are immediately ready to thwart any danger. This blog post outlines the necessary elements for a defense-in-depth strategy, particularly as it pertains to financial organizations like banks, insurers, mutual funds, and more.
7. Canadian Data Privacy Laws, Security Frameworks, and Cloud Compliance
Privacy regulations like CCPA and GDPR have the United States and Europe abuzz, but Canada’s privacy-related measures are also picking up steam as companies around the globe reformat their compliance postures. This blog post explains the different regulations, frameworks, and standards that Canadian legislative bodies – at a federal, provincial, and territorial level – have enacted to secure citizens’ private, personal information.
8. Salesforce Event Monitoring Facts and Misconceptions: Understanding What it Does (and Doesn’t) Do
Salesforce Event Monitoring provides log files for nearly 50 types of “events” – user actions – in your Salesforce org. The event log files detail which user did what, when, from where, how many times, and more. This information is critical for securing your data and keeping it private, and it can also help admins improve the functionality of their org.
However, this log information isn’t delivered in a neat, visual package that tells you exactly what you need to know right away. Event Monitoring data comes in its raw format – a jumble of numbers, letters, and symbols that look like intricate coding. You can manually parse this information for insights, but that requires a significant amount of time and effort, and you won’t necessarily be able to draw any conclusion from simply translating the event logs. There are ways to solve this problem though, which this blog post addresses. It also goes into detail about other Event Monitoring misconceptions and sets the record straight, enabling you to make the most of this truly powerful tool.
9. The Impact of GDPR One Year Later: The Good, The Bad, and The Future
GDPR rocked the data privacy landscape in 2018 by transforming the protection of European Union citizens’ data. Companies across the globe – so long as they collected, stored, managed, or sold EU residents’ information – scrambled to revamp their privacy efforts to avoid non-compliance fines. May of 2019 marked the one-year anniversary of the landmark regulation, and this post examines the changes – both good and bad – that GDPR has created, as well as what the future of data privacy regulations looks like not only for Europe, but for Americans as well.
10. Insider Threat Mitigation: 5 Best Practices from Cybersecurity Experts
Cybersecurity experts Jeffrey DiMuro, Salesforce’s Chief Security and Compliance Architect for Financial Service Industry Team, and Josh Hofer, Stearns Bank’s Chief Risk and Information Security Officer, shared their best practices for defeating insider threats in cloud environments. This post summarizes five key tactics to help mitigate the risk that insiders post to your organization’s data security, particularly sensitive data stored in Salesforce and other cloud applications.