5 Strategies to Prevent Privileged User Abuse in Salesforce

Privileged users in Salesforce may be people at a keyboard, or they may be applications and interfaces interacting with your instance. Either way, they have higher levels of permission than the standard user.

Privileged users hold the keys to your kingdom – including sensitive proprietary business and customer data. One misstep, either intentional or accidental, could devastate your organization. In fact, 80 percent of security breaches involve privileged user credentials, according to Forrester. But how do you know who they are — or keep track of what they’re doing within Salesforce?

In this webinar, Mark Bowling, Consulting ISO of United Capital Financial Partners, and LaDon Williams, Information Security Analyst at Imprivata FairWarning, discuss the issue of privileged users in your Salesforce instance and the risks they can pose to your organization.

They also reveal how they’re approaching the issue of privileged user abuse in Salesforce at their respective organizations, and best practices for managing Salesforce user access.

You’ll learn how to:

  • Identify your Salesforce privileged users and what they have access to.
  • Implement key security controls, policies, and procedures that improve your compliance posture and secure your data (and that of your customers), specifically with regards to GDPR and ISO 27001.
  • Provide the right permissions to the right users to minimize your attack surface.
  • Detect unusual behaviors, such as a larger-than-average export of data by a specific user, a login from a suspicious location, or access by an unauthorized application.
  • Develop an appropriate incident or breach response plan in the event that data is compromised within Salesforce, and perform forensic investigations in response to law enforcement, regulatory, or e-discovery requests.

“Minimizing your human attack surface is every bit as important as minimizing your technical attack surface.”

Bowling also discusses:

  • How United Capital created a culture of compliance and security to drive risk out of their organization and keep company and customer information safe.
  • What GDPR says about privileged access, and which specific ISO 27001 controls United Capital has implemented to strengthen its compliance, security, and privacy posture.
  • How United Capital created an internal control framework to assess their risk mitigation efforts reduce the incidence of security incidents or breaches.
  • How United Capital determines whether unauthorized changes are being made or whether data is being accessed or handled improperly within Salesforce.

Watch the replay to learn more about how these security professionals are detecting, investigating, mitigating, and remediating privileged user abuse in Salesforce.