“He who defends everything, defends nothing.” ― Frederick the Great
Presenter
Presentation Notes
Message: Set the context. There is a time and a place for High impact (or classified) systems. This is neither. As you evaluate cloud solutions be sure to follow the Risk Management Framework (RMF) and start with a FIPS 199 data classification. Note: Regardless of you opinion of our nation's involvement in French Indochina, this guy makes a good point. We need to be humble. We need to be build trust. Feedback: Mr Conrad - He who defends everything defends nothing - Frederick the Great Mrs. Collett - Throughout the notes I would spell out acronyms at least the first time (RMF, FIPS etc)
Message: As a managed service there are some security controls we handle, but unlike other cloud providers we give the customer a lot of control of their security. Note: This might be the most important slide in the deck. Feedback: John Hill - How about physical security? (added slide) Berarducci - i know it seems silly and i know it is part of the talk track, but i think it would be helpful to actually list out “we control” “you control” Mrs Malamatenios - what slides from this deck can be shared with customers in an RFx? When it would make sense to do so like the DR graphic. Berarducci makes an excellent point. Mr Meyer - I second Jenny’s comment about making the control talk track part of the slide Mr Murphy - copy/paste slide pulled in green circles… woo hoo! Mrs Howard Davis - this is a great slide! Very clear and concise. Key Takeaway:�Salesforce.com provides application level and infrastructure level security in different zones so that customers data is always protected Talk Track: Salesforce has multiple layered zones of trust both within the application but also within the infrastructure. At the application level there are multiple different levels of access that can be granted starting with the ability to only login from trusted networks, all the way down to very specific field-level security access. And all of this is tracked. You can even set object level history tracking so you can see when individual changes are happening. Within the infrastructure the same is true for the various zones of trust. We have firewalls and access controls at every level of system and at the database layer to get direct access to the systems you have to go through a separate bastion host so direct login to the database servers is prevented. We also encrypt traffic that is flowing between our data centers so that we don’t have data open as it travels between primary and backup locations. Another layer of security that we do within the data centers is that bad disks are erased 7 times and then shredded so data can not be recovered from these drives.
Salesforce Security Provides Multi-layer ZonesAdaptive Flexible Security Model
Application-level Security
Trusted Networks
Authentication Options
Field Level Security
Object Level
Security (CRUD)
Audit Trail Object History
Tracking
• IP Range Restrictions; enforce VPN access
• Multiple User Authentication options
• Organization Wide Defaults• Sharing Rules• Profiles and Permission Sets• Objects and Field Level Security• Field Audit Trail• Setup Audit Trail• Event Monitoring and Data
Encryption
Presenter
Presentation Notes
Message: Note: Same slide, more detail Feedback: Key Takeaway:�Salesforce.com provides application level and infrastructure level security in different zones so that customers data is always protected Talk Track: Salesforce has multiple layered zones of trust both within the application but also within the infrastructure. At the application level there are multiple different levels of access that can be granted starting with the ability to only login from trusted networks, all the way down to very specific field-level security access. And all of this is tracked. You can even set object level history tracking so you can see when individual changes are happening. Within the infrastructure the same is true for the various zones of trust. We have firewalls and access controls at every level of system and at the database layer to get direct access to the systems you have to go through a separate bastion host so direct login to the database servers is prevented. We also encrypt traffic that is flowing between our data centers so that we don’t have data open as it travels between primary and backup locations. Another layer of security that we do within the data centers is that bad disks are erased 7 times and then shredded so data can not be recovered from these drives.
Salesforce Security Provides Multi-layer ZonesAdaptive Flexible Security Model
Infrastructure-Level Security
FirewallsDDoS
Filtering
SSL AcceleratorIDSIPS
Host based IDP
File Integrity Monitoring
Network Segregation
Security Information
Event Monitoring
• HTTPS Transport• TLS Encrypted Data in Transit• Tiered Firewalls• Segregated Networks for Corporate,
Service Delivery and Management• Encrypted Data Replication between
Data Centers• Logging and Monitoring• Forensic Analysis
Presenter
Presentation Notes
Message: Note: Same slide, more detail Feedback: Key Takeaway:�Salesforce.com provides application level and infrastructure level security in different zones so that customers data is always protected Talk Track: Salesforce has multiple layered zones of trust both within the application but also within the infrastructure. At the application level there are multiple different levels of access that can be granted starting with the ability to only login from trusted networks, all the way down to very specific field-level security access. And all of this is tracked. You can even set object level history tracking so you can see when individual changes are happening. Within the infrastructure the same is true for the various zones of trust. We have firewalls and access controls at every level of system and at the database layer to get direct access to the systems you have to go through a separate bastion host so direct login to the database servers is prevented. We also encrypt traffic that is flowing between our data centers so that we don’t have data open as it travels between primary and backup locations. Another layer of security that we do within the data centers is that bad disks are erased 7 times and then shredded so data can not be recovered from these drives.
"Agencies should put their Low and Moderate apps in a public cloud so they can focus on their most critical assets”- Dr. Ron Ross, National Institute of Standards and Technology (NIST)
Presenter
Presentation Notes
Message: Continue to set the context. This is the biggest benefit of Public Cloud. Note: This guy basically wrote the federal standards. He is kind of a celebrity. Feedback: Mr Meyer - Your font settings for these quotes should probably be consistent between slides
Customers Store Sensitive Data in Salesforce TodayFinancial Services
State & Local GovernmentFederal Government
Healthcare Government Contractors
And over 120,000 more…
Presenter
Presentation Notes
Message: Salesforce is trusted by customers across multiple verticals. Each vertical has unique compliance requirements. With Salesforce you can build a HIPAA compliant FedRAMP compliant solution. Note: This is a great place to drop names or tell a story. I like to call out USAA, Google, and Red Hat. Feedback: Mrs Malamatenios - I would change SFDC to Salesforce (done!) Mr Meyer - FONTS!!!! ;-)
Customer Penetration Testing
*Requires signed Security Assessment Agreement prior to testing
Presenter
Presentation Notes
Message: We encourage our customers to test our service. This is a key benefit of multi tenancy. When Kaiser finds a vulnerability, we patch the entire system and Wells Fargo receives the benefit. Multiply this times hundreds of tests a year and you see how a rising tide lifts all boats. Note: Not all cloud providers allow this. Feedback: Mr Meals - Mrs Malamatenios - Mr Conrad - Mr Miller - Mr Niemeyer - Mr Lynch - Mr Meyer - Mr Schillaci - Mr Roser - Mr Murphy -
Security Health Check
Confidential: Subject to Non-Disclosure Agreement
Salesforce Shield
Salesforce ShieldNew services to help you build trusted apps fast
Standard Field Encryption• Account Name• Contact First/Middle/Last Name• Email • Phone• Home/Other Phone• Mobile • Fax • Mailing Street & City• Person Account fields• Case Subject, Description• Case Comments’ Body
Search Fields and Files• Desktop
• Salesforce1 Mobile
• SOSL
Confidential: Subject to Non-Disclosure Agreement
Custom Field Encryption
Custom Field Types• Email• Phone• Text• Text Area• Text Area (Long)• URL
Enable with Metadata
Encrypt Existing Fields
Confidential: Subject to Non-Disclosure Agreement
Files and Attachments Encryption
Encrypt Content of Files
Preview Encrypted Files
Search File Content
Encrypt Content of Attachments
Confidential: Subject to Non-Disclosure Agreement
Field Audit Trail
Retain Field History for Up to 10 Years with Field Audit Trail
Establish Data Retention PoliciesKnow the state and value of data at any time
Access Retained Data at ScaleNormalize on big data back-end for performance
Comply with Industry RegulationsSecure data archive with the highest trust standards
Confidential: Subject to Non-Disclosure Agreement
Standard Offering• 20 fields/object • Retention for only 18 months
Field Audit Trail Add-on• Up to 60 fields /object• Retention the audit trail for up to 10 years
Field Audit Trail
Confidential: Subject to Non-Disclosure Agreement
Event Monitoring
Monitor User ActivityKnow who is accessing data from where
Optimize PerformanceTroubleshoot application performance to improve end user experience
Track Application UsageUnderstand application usage to increase adoption
Gain Visibility Into User Actions with Event Monitoring
Confidential: Subject to Non-Disclosure Agreement
• Capture Data– 29 event types
captured– 30 days of events
retained– One day lag from
event occurrence to when it is available in the API
How Does It Work? So how does it work…?
• Visualize Data– Use any analytics tool– Leverage pre-built
integrations with AppExchange partners
– Option to export to CSV file
• Take Action– Improve app performance– Initiatives to increase
adoption– Modify governance policies– Automation using triggers
Worldwide follow the sun support Support provided by US based, US citizens
ISO 27001, SOC 2, PCI, HIPAA ISO 27001, SOC 2, PCI, HIPAA, NIST 171 and FedRAMP
Premier+ Support not included Premier+ Support included
Presenter
Presentation Notes
Message: We didn’t have to re-invent anything. We just cloned our commercial cloud. But now that we have an isolated ENCLAVE, we can do gov-specific things. Note: If you position premiere+ as part of the Gov Cloud, the uplift is only 5%. Feedback: Mrs Malamatenios - logos at top - but should you use Commercial Cloud and then Government Cloud in the first row, Premier+ take out e (fixed Bryan E). Also says government clients - FFRDCs and Gov contractors also Mrs. Howard Davis - Premier is misspelled. (fixed - Bryan E) Strandtman - I think we need to add NIST 800-171 controls -- re. Systems Integrators -- they don’t need FedRAMP, but need NIST. Those controls not evaluated in Comm Cloud (done!)
Government Cloud Data Centers Data doesn’t leave CONUS
San Jose (SJL)
SF Dev (SFM)
Chicago (CHI)
Washington DC (WAS)
Ashburn (ASG)
London (LON)
Frankfurt (FRA)
Paris (PAR) Tokyo
(TYO)
ExistingIn Development
Presenter
Presentation Notes
Message: For Gov Cloud customers data never leaves the contiguous united states. Note: We don’t access the systems from overseas. They can if they want to. Feedback: Mrs Malamatenios - Expanding in EMEA in 2014 and 2015 is dated (done!)
ATOs to date
Presenter
Presentation Notes
Message: Since our original ATO, we have been granted 34 more. Note: An Authority To Operate basically means that an agency CIO has reviewed our security controls and signed off on Salesforce. Feedback: Mrs Malamatenios - Do you go into Agency-wide vs. Project Specific ATOs, AppExchange apps Mr Murphy - yes, crib notes perhaps Mrs Collett - would love the full list here in the notes for quick reference - summary of process and timeline or link to such would be great as well
ViaSat Case Study on Migration
California Case Study on Migration
Complete copyof all org datato a new Instance
Org not accessible duringOrg Migration
Instance y
The “What is” and “How do we do it” of an Org Migration
After Org Migration alldata on a new instance
Instance x
Presenter
Presentation Notes
An org migration is when we copy a customer’s org from one instance to a new instance in a different data center.
Typical Org Migration Project Steps
Presenter
Presentation Notes
Org migration must be approved and requires ample lead time Org migration requires downtime (guidance: 48 hours, often starting Friday evening through Sunday) Standard maintenance windows of current instance and new instance Release cycle of current and new instance All hard-coded references must be fixed before the org migration Org must have My Domain enabled prior to migration Areas to Review: Web-to-Lead and Web-to-Case forms Email Templates API integrations S-controls Buttons Links APEX triggers Formula Fields Web Services calls Integration configurations Usage of Single Sign-on Required changes of SSL Certificates WSDL Re-Generation Salesforce Portal Usage
Preparation of the Org MigrationAvailable Resources:Best Practices When Referencing Server Endpoints:▪ https://help.salesforce.com/apex/HTViewSolution?urlname=Updating-Hard-Coded-References-FAQ&language=en_US
IP White List:▪ https://help.salesforce.com/apex/HTViewSolution?urlname=What-are-the-IP-addresses-that-need-to-be-white-listed-for-Gov-Cloud-
Salesforce Infrastructure Overview & Best Practices▪ https://help.salesforce.com/HTViewQuickStarts?id=000220318
My Domain▪ https://help.salesforce.com/HTViewHelpDoc?id=domain_name_overview.htm&language=en_US
Absolute URLs• e.g. from https://na6.salesforce.com to https://govagency.my.salesforce.com
Presenter
Presentation Notes
What salesforce.com network IP addresses do I need to whitelist? Resolution: The purpose of whitelisting an IP address range is to allow for disaster recovery procedures with the Mirrorforce data backup centers and for future expansion.��There is no risk in white listing the specified range of IP addresses as Salesforce.com *OWNS* the range. It is not leased or shared in any way with any other organizations.�Salesforce.com has an IP address block allocated directly to salesforce.com by the American Registry for Internet Numbers (ARIN).��To provide continuity of service if you utilize email or IP address security filters, whitelist or otherwise add salesforce.com's IP address space to your list of trusted addresses��The IP address spaces are as follows (see CIDER notation below for explanation of full addresses):��204.14.232.0/23 East Coast Data Center (set one)�204.14.237.0/24 East Coast Data Center (set two)�96.43.144.0/22 MidWest Data Centers�96.43.148.0/22 MidWest Data Centers�204.14.234.0/23 West Coast Data Center (set one)�204.14.238.0/23 West Coast Data Center (set two)�182.50.76.0/22 Japan Data Center��Salesforce sends Email from 52 different IP addresses. If your organization blocks any of these IP addresses, users might not receive all email sent from Salesforce.��To make sure organizations can receive Emails from every Salesforce IP address, the following 52 IP Addresses must be whitelisted�96.43.144.64 to 96.43.144.65 96.43.148.64 to 96.43.148.65 182.50.78.64 to 182.50.78.79 204.14.232.64 to 204.14.232.79 204.14.234.64 to 204.14.234.79 �if customer has enabled Email Relaying, they only needs to whitelist the IP addresses Salesforce uses for email relaying�96.43.144.65 96.43.148.65 182.50.78.65 204.14.232.65 204.14.234.65 �For information on email relaying, see Setting Up Email Relaying.���For more information on API security and port information, please refer the the API developer documentation:��http://www.salesforce.com/us/developer/docs/api/index_Left.htm#StartTopic=Content/sforce_api_concepts_security.htm?SearchType=Stem
Migration Time• During the org migration, the org will be down to all users for the duration
of the migration.• Upon completion, Salesforce.com Support, with the customer’s login
permission, is able to do a validation of the migrated org. • If there are integrations or links that require an absolute URL and that can
not be adjusted before the org migration (e.g. certain integrations), these will need to be updated post-migration and prior to the org being available to all end-users.
Thank Y u
Classic Encrypted Custom Fields
Data encrypted at rest and masked in the presentation layer
Keys are managed and stored in Salesforce
Compliance controls to prevent unauthorized access to data and keys
REFERENCE: Read more on H&T
Custom Text field only
Limited to 175 characters
Fields are not indexed or searchable
Cannot be used in filters (list views, reports, roll up summary fields, rule filters)