![]() ![]() Revisiting your risk posture should be part of your normal development processes, particularly as you actively innovate in terms of how you use the platform. Once you’ve implemented your initial set of controls and proved compliance, your work is far from over. Apply regulatory tags to make it easy to determine why data is classified in a certain way as you go through and look for holes in your security posture. Identify and classify all the different types of data in your Salesforce org, and leverage native classification capabilities so that changes are reflected in real time and you’re always working with the most current data. You will never know how to protect your data if you don’t know what data needs protecting. ![]() You might also discover that it’s difficult to even compile this information, which means there’s even more work to do to improve security. Producing a user access report will show you who has access to what data nine times out of 10, the findings will alarm you. If it’s your first time performing this type of exercise, start with a user access report. Baseline with an evaluation of existing controls and associated risksĬonducting an audit of your existing security measures is the only way to effectively start shoring up your Salesforce security posture. apply more broadly to the use and storage of customer data, and your company’s own InfoSec policy will also affect your approach to data security and governance controls in the Salesforce environment. Other regulations such as Europe’s General Data Protection Regulation or the aforementioned California Consumer Privacy Act in the U.S. ![]() In healthcare, for example, HITRUST certification requires you to prove user access to ePHI on a regular basis. The specific regulations governing your company will vary. To begin securing Salesforce against both external threats and internal negligence, follow these four steps: Understand applicable security and privacy regulations All these capabilities offer exciting new opportunities, but entering and storing a wealth of private health information also comes with risks that must be addressed. In particular, life science organizations have adopted Salesforce en masse for the platform’s abilities to fuel sales teams with data, accelerate R&D through data sharing, and improve patient management programs. While most organizations are taking prudent steps necessary to protect their data, many are dangerously unaware of their exposure. The California Consumer Privacy Act limits fines to $7,500 per violation, but there’s no such limit on the number that can be issued - and data breaches can quickly rack up astronomical charges. In one recent settlement, violations of the Health Insurance Portability and Accountability Act incurred a $16 million bill, while the Federal Trade Commission has levied fines exceeding $20 million for misleading data practices. That doesn’t even include the damage to one’s reputation and the crippling fines levied for data violations. Thanks to growth, expansion, and - to some degree - cloud adoption, regulators are keeping a close eye on companies in the space, and shortcomings in data quality and integrity can result in inspections, delayed product approvals, recalls, or even shutdowns. The days of the Wild West of data are fading into the rearview, and that means high expectations for maturing industries such as life sciences. With OwnBackup Secure, you will strengthen security posture by understanding data exposure risks and proactively taking action to protect and secure your data - all within Salesforce. RevCult is now OwnBackup Secure ! In 2021, OwnBackup acquired RevCult, enhancing the cloud data protection platform with proactive data security. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |