Salesforce Security Challenges, Authorization, and Access Management

Salesforce’s dominance in the CRM space has made it a prime target for hackers. Cyber criminals after more than basic info—they want detailed customer behavior data. This data can reveal industry trends, buying patterns, competitive insights, and more that they can exploit themselves, or sell to an interested party. So when a breach occurs, it isn’t just bad news for one company; it can spark a chain reaction across entire industries.

With AI becoming more accessible than ever, hackers are developing sophisticated Salesforce-specific attacks, while the platform’s frequent updates create moving security targets.

These factors underscore the need for a fresh look at Salesforce security, particularly around authorization and access controls. This blog post outlines the major challenges in Salesforce security today along with practical tips to minimize risk and strengthen the organizational security posture.

Salesforce security challenges in 2024

The following challenges are some of the most pressing concerns for security teams working with Salesforce in 2024:

1. Ever-increasing access points

Salesforce ecosystems have been expanding rapidly, with a growing number of users, integrations, and automated processes accessing the platform. These increasing access points, including both human users and non-human identities (NHIs) like service accounts and APIs, significantly widen the attack surface. This makes Salesforce security, especially identity and access management, even more complex.

Security teams have to take care of a variety of tasks to securely manage access points:

• Tracking permissions across custom objects and fields
• Managing access for external users, partners, and customers
• Controlling API access for various integrations and automated workflows
• Ensuring appropriate access levels for mobile and offline usage

The challenge is particularly acute when it comes to NHIs, which often require elevated privileges but may not be subject to the same scrutiny as human users.

2. Secrets management complexity

The increasing number of integrations and automated processes in Salesforce environments has also led to more secrets—credentials such as API keys, tokens, and passwords—scattered across the hybrid environments. This “secrets sprawl” poses significant challenges:

• Credentials scattered across Apex classes, custom metadata types, and external systems
• Difficulty in tracking and rotating secrets used by NHIs in complex automation flows
• Increased risk of exposure through insecure storage practices
• Challenges in auditing and monitoring secret usage across the ecosystem

Salesforce admins and developers often resort to insecure practices like hardcoding credentials in Apex classes or storing them in unencrypted custom fields, leaving sensitive data vulnerable to breaches. This problem is compounded for NHIs, which may use long-lived access tokens that rarely get rotated.

3. Over-privileged access and permissions

Maintaining the principle of least privilege in Salesforce permissions is not easy. Users, both human and non-human, frequently receive excessive permissions due to:

• Complex permission sets and profiles that are difficult to fine-tune
• “All or nothing” access is often granted for simplicity in integrations
• Lack of granular control over field-level security in some scenarios
• Challenges in determining minimum necessary access for automated processes

Over-privileged accounts amplify the potential damage from compromises. For instance, an NHI with broad data access could expose vast amounts of sensitive customer information if breached. The dynamic nature of NHIs, often created and modified as part of DevOps processes, makes maintaining proper access controls even more difficult.

4. Advanced Persistent Threats (APTs) and sophisticated attacks

High-value Salesforce data attracts sophisticated, long-term attacks. APTs employ stealthy techniques to maintain prolonged access, targeting both user accounts and system integrations. In a Salesforce context, these threats might manifest as:

• Exploitation of vulnerabilities in connected apps or custom code
• Slow, methodical exfiltration of customer data over extended periods
• Manipulation of automation rules to create covert access points
• Injection of malicious code into business processes via modified Apex triggers

The complex nature of Salesforce environments, with their integrations and customizations, combined with potentially less-monitored NHIs with elevated privileges, creates an ideal setting for these advanced threats to operate and persist.

5. Compliance and audit challenges

Salesforce deployments must adhere to industry-specific compliance requirements (e.g., GDPR, HIPAA, FedRAMP). This necessitates robust security controls and data protection measures. However, many factors complicate compliance efforts:

• Difficulty in tracking data access and modifications across complex automation flows
• Challenges in ensuring data residency compliance in global Salesforce implementations
• Limited granularity in out-of-the-box logging for certain types of access and changes
• Complexity in maintaining comprehensive audit trails across Salesforce and integrated systems

Each integration and customization introduces potential gaps in logging and monitoring. This is particularly true for NHIs, which may operate across system boundaries and generate high volumes of automated activities. Distinguishing between legitimate NHI operations and potential security incidents adds another layer of complexity to compliance and auditing efforts.

These challenges in maintaining clear audit trails impede compliance efforts and complicate incident investigations, potentially exposing organizations to regulatory penalties and undetected security breaches.

Salesforce security best practices

Salesforce’s expansive ecosystem demands a nuanced security approach that addresses human and non-human identity (NHI) challenges. Here’s how forward-thinking organizations are fortifying their Salesforce environments:

1. Implement a unified Salesforce Identity and Access Management (IAM) strategy

As organizations expand their Salesforce footprint, they often accumulate a patchwork of identity solutions across different instances, connected apps, and external systems. This fragmentation creates security blind spots, increases operational overhead, and leaves dangerous gaps for attackers to exploit.

A unified identity & access management strategy isn’t just a security enhancement; it’s the foundation of a resilient Salesforce infrastructure.

To build this foundation:

• Integrate Salesforce with your enterprise Identity Provider (IdP) for centralized control
• Implement Single Sign-On (SSO) to reduce password-related risks and simplify access
• Leverage OAuth 2.0 and JWT for secure API integrations, using short-lived tokens to minimize risks and improve non-human identity management

This unified approach streamlines the management of both human users and non-human identities (NHIs) across your Salesforce ecosystem, significantly reducing your attack surface while improving operational efficiency. It also lays the groundwork for a zero trust model, where every access request is verified regardless of its source.

2. Refine Role-Based Access Control (RBAC)

Static, overly permissive access roles are a ticking time bomb in Salesforce environments. They lead to privilege creep, increase the blast radius of potential breaches, and create compliance nightmares. Modern RBAC isn’t just about assigning roles; it’s about dynamically aligning access with business needs and security requirements.

To implement a robust RBAC strategy:

• Conduct a thorough review of your role hierarchies and align them with your organizational structure and actual business processes
• Implement dynamic permission sets that adjust based on context, such as just-in-time privileged access for specific projects or clients
• Automate regular access reviews to maintain the principle of least privilege and catch any anomalies

For instance, a sales team working on a sensitive merger might receive temporary access to a restricted Salesforce instance, with permissions automatically revoked once the deal closes. This dynamic approach ensures that access remains relevant and minimizes long-term security risks.

3. Enhance authentication and authorization mechanisms

Static passwords have become woefully inadequate for protecting high-value Salesforce assets. Robust authentication allows for more flexible work arrangements without compromising data integrity.

To strengthen your Salesforce auth posture:

• Deploy risk-based Multi-Factor Authentication (MFA) across all Salesforce environments and tailor the authentication requirements to the sensitivity of the data being accessed
• Implement adaptive authentication that considers contextual factors like user location, device health, and behavior patterns
• Extend strong authentication measures to API access and non-human identities, using certificate-based authentication where possible
• Consider passwordless authentication methods for reduced friction and enhanced security

Implement a system of short-lived access tokens with granular scopes for APIs and service accounts. This approach minimizes the potential impact of compromised credentials and provides a clear audit trail of system-to-system interactions.

4. Implement fine-grained access controls and data protection

Salesforce’s vast data repositories often contain mundane and highly sensitive information. Without granular controls, organizations risk exposing critical data to unauthorized eyes or violating data protection regulations, eventually undermining Salesforce security.

To mitigate these risks:

• Leverage field-level security to restrict access to sensitive data fields like social security numbers or financial details
• Implement record-level security to ensure users only see records relevant to their role or territory
• Use Salesforce Shield Platform Encryption to protect sensitive data at rest, particularly for fields containing PII or financial information
• Develop a comprehensive data classification scheme that automatically tags and protects sensitive information as it enters the Salesforce ecosystem

For example, a healthcare organization might implement field-level encryption for patient diagnoses, restrict access to billing records based on employee roles, and automatically classify and protect any data matching patterns for protected health information (PHI).

5. Secure API and integration management

Salesforce integrations with external systems create a complex web of potential vulnerabilities. Each connection point represents a potential entry for attackers or data leakage.

To secure your API ecosystem:

• Implement OAuth 2.0 for all API integrations, using separate credentials for each integration to limit the impact of a potential breach
• Use JWT bearer token flows for server-to-server integrations, reducing the risk associated with long-lived access tokens
• Implement IP whitelisting for API access where possible, restricting calls to known, trusted IP ranges
• Use a dedicated secrets management solution like Entro to centralize and automate the lifecycle of API credentials

Consider a scenario where a marketing automation tool integrates with Salesforce. Instead of using a single, powerful API user, implement granular OAuth scopes that limit the tool’s access to only the necessary objects and fields. Rotate these credentials regularly using Entro, ensuring that the exposure is limited and short-lived even if compromised.

6. Continuous monitoring and access analytics

Most Salesforce admins rely on quarterly or annual access reviews, leaving months-long windows where unauthorized access or data leakage can go undetected. Robust monitoring processes can help minimize the risks of credential misuse, data exfiltration, and non human identity attacks.

Here’s what infosec teams are doing to ensure monitoring across their Salesforce environments:

• Deploying real-time monitoring of user and NHI activities, focusing on high-risk actions and sensitive data access
• Implementing advanced anomaly detection using machine learning to identify unusual access patterns or potential data exfiltration attempts
• Leveraging Salesforce Event Monitoring for comprehensive visibility, including detailed information on API calls and data exports
• Developing custom dashboards and alerts tailored to each organization’s specific risk profile and compliance requirements

By combining these monitoring capabilities with automated response playbooks, security teams can quickly identify and mitigate potential threats, such as compromised accounts or insider data theft attempts.

7. Automated compliance and access governance

Manual access reviews and compliance checks are error-prone and resource-intensive. Automation creates a consistent, auditable process that can keep pace with the dynamic nature of modern Salesforce deployments.

To automate your governance processes:

• Implement automated access certification workflows that prompt managers to review and validate access rights regularly to ensure identity lifecycle management for both human and non-human identities
• Maintain detailed, tamper-evident audit trails for all access changes, leveraging blockchain or similar technologies for added integrity
• Align access controls with relevant regulatory requirements (e.g., GDPR, HIPAA, CCPA), automatically flagging potential compliance issues
• Develop custom reports and dashboards that provide real-time visibility into your compliance posture

For instance, an automated system might detect when a user’s role change requires recertification of their Salesforce access rights, triggering a workflow that ensures compliance without manual intervention. This approach reduces the administrative burden and helps ensure consistent application of security policies across the entire Salesforce environment.

Implementing these best practices forms the foundation of a robust Salesforce security strategy. However, as organizations scale their Salesforce usage and integrate it with other systems, they face a growing challenge: managing access points, integrations, and non-human identities (NHIs) across increasingly complex hybrid environments.

This expansion introduces an important yet often overlooked aspect of security—the consistent management of secrets across platforms. API keys, tokens, and other credentials used by integrations and automated processes become difficult to track, rotate, and secure uniformly as environments grow more intricate. Through centralized credential control, automated rotation, and enhanced visibility across platforms, organizations can implement consistent security practices efficiently, whether in Salesforce, other cloud services, or on-premises systems.