XCD HR, as a leading provider of cloud HR solutions, is occasionally asked about the security of the Salesforce.com platform on which our application is hosted. Here we provide detailed information regarding Salesforce.com’s approach to data security and why it is the world’s most trusted cloud computing platform.
Salesforce.com’s services are certifed as compliant with some of the most rigorous, industry-accepted security, privacy, and reliability standards. They are certified and audited to standards as a service provider with the ISO/IEC 27001:2005 standard (including ISO 27001), SAS 70 Type II (now SSAE No. 16), SysTrust, and the EU-US and Swiss-US Safe Harbor frameworks). Additional information about salesforce.com’s security and privacy programs is available at http://trust.salesforce.com.
At trust.salesforce.com, you can review the current and archived history of system status and performance metrics, as
well as planned upgrades and
maintenance windows. You’ll also see detailed information about system performance incidents, including when an incident happened, why and how it was resolved, and how Salesforce plans to prevent it from happening again.
to security, privacy, reliability and trust runs across the entire
company. It starts at the very
top with executives who lead teams responsible for the implementation of comprehensive information security governance policies based on the ISO 27002 framework and a robust privacy program.
• Employees – All Salesforce employees receive information security and privacy training. Employees that handle data receive additional training specific to their roles.
• Security staff – Salesforce have a dedicated security staff, including a Chief Trust Officer, a Vice President of Information Security, and a full staff of highly skilled security professionals.
• Privacy counsel – Salesforce have a team of privacy lawyers who are responsible for helping ensure they comply with global privacy laws.
• Assessments – Salesforce regularly conduct both internal vulnerability assessments (for example, architecture reviews by security professionals) and external vulnerability assessments (for example, vulnerability assessments by managed security services providers, or MSSPs). In addition, Salesforce’s largest and most stringent customers assess them over 100 times per year.
• Policies – Detailed internal policies dictate how Salesforce detect, investigate, and respond to security and privacy incidents.
Salesforce.com incorporates OWASP recommendations and other security best practices into its system development processes at all stages. Here’s a summary of some of the development phases Salesforce goes through.
• Design phase – Guiding security principles and required security training help ensure their technologists make the best security decisions possible. Assessing threats to high-risk features helps them identify potential security issues as early in the development lifecycle as possible.
• Coding phase – Salesforce addresses standard vulnerability types with secure coding patterns and anti-patterns, and uses static code analysis tools to identify security flaws. Every salesforce.com software release undergoes a code review and all significant security findings are fixed before applications go live.
• Testing phase – Salesforce internal staff and independent security consultants use third- party tools, proprietary tools, and manual security testing to identify potential security issues.
Along with the testing Salesforce performs on its own products, it also requires that all software vendors listed on the AppExchange, such as XCD HR, submit their products for a security review by the salesforce.com application security team. AppExchange does not list a product until it has been reviewed, and all significant issues have been remediated – accordingly, this applies to XCD’s cloud HR solution which has, of course, passed this review.
The physical security of each salesforce.com facility is comparable to the best civilian data centres in the world. The exterior perimeter of each anonymous building is bullet resistant, has concrete vehicle barriers, closed-circuit television coverage, alarm systems, and manned guard stations, all of which help defend against non-entrance attack points. Inside each building, multiple biometric scans and guards limit access through interior doors and cages at all times. You can read more about their infrastructure design here by following this link:
Salesforce.com invests heavily in network defence. It uses the same world-class security as global banks do for their banking. For example, it encrypts all data transmissions that involve its systems using SSL 3.0/TLS 1.0 global step-up certificates from VeriSign to ensure that prying eyes cannot use data that might be intercepted. It employs perimeter firewalls and edge routers to block unused transmission protocols, and uses internal firewalls to segregate traffic between the application and database tiers (further information available at http://trust.salesforce.com/trust/security/)
Salesforce.com employs several sophisticated security tools that monitor system activity in real time to expose many types of malicious events, threats, and intrusion attempts. For example, its state-of-the-art intrusion detection systems (IDS) detect common types of external attacks. It also monitors application and database activity, and uses event management tools that actively correlate user actions and event data that call attention to potential internal and external threats.
Salesforce.com uses a layered approach to protect your data from simple storage device errors, catastrophic failures, and everything in between. To support basic database recovery scenarios, it backs up all of your data on a rotating schedule of incremental and full backups that lets it restore service more efficiently should the need arise. Its disaster recovery mechanisms use real-time replication to disk at each data centre, and near real- time data replication between the production data centre and the disaster recovery centre (further information available at http://trust.salesforce.com/trust/security/)
Salesforce.com implements industry-accepted best practices to harden all its underlying host computers that support the various software layers of its clouds. For instance, all of its servers use Linux or Solaris distributions with non-default software configurations and minimal processes, user accounts, and network protocols. Application services never execute under root, and they log their activity in a remote, central location for inspection and safekeeping.
Force.com’s database is the underlying data persistence technology at the heart of most salesforce.com cloud services, so it implicitly plays a significant role in the security of XCD’s cloud HR solution.
Force.com includes many features that help provide a secure environment and protect the privacy of your business data. One simple example is the way that Force.com protects customer passwords—with the application of a salted SHA-256, one-way cryptographic hash function.
Force.com’s innovative metadata-driven, multi-tenant database architecture delivers automatic scalability for cloud-based applications without compromising the security of each organization’s data.
• When a user establishes a connection, Force.com assigns the session a client hash value.
• Along with forming and executing each application request, Force.com confirms that the user context (an organization ID, or “orgID”) accompanies each request and includes it in the WHERE clause of all SQL statements to ensure the request targets the correct organization’s data. When data is returned, Force.com validates that every row in the return set of a database query matches the session’s orgID.
And again at the application layer, before returning results to an application request, Force.com confirms that the calculated client hash value matches the client hash value that was set during the login phase. This is a simplified view into how Salesforce enables secure multi-tenancy. It also uses additional validation checks to ensure that accidental or intentional accessing other customers’ data is virtually impossible.
Information security governance in the cloud requires work from both the cloud platform provider (i.e., salesforce.com) and the application provider or developer (i.e., XCD HR). Now that you understand some of the things that salesforce.com does internally to care for your applications and data, it’s time to turn your attention to the many standard features of Force.com.
Force.com and all of its dependent clouds have a full complement of features for managing users, authenticating and restricting their system access, and auditing logins. You, the customer, retain complete control over who has access and are encouraged to integrate into your existing on-premises access management systems to ensure the highest degree of accuracy, efficiency, and auditability.
For example, you can create users declaratively using a browser-based console, bulk-load new user data, use SAML-based automatic provisioning, or have your application make API calls that handle user registrations in real time. Once your users are set up, you can authenticate login requests in several ways: with traditional username/password authentication, federated authentication single sign-on (i.e., SAML), delegated authentication (e.g., LDAP), or OAuth2. Additionally, you can configure user profiles to enforce time- and IP-based login restrictions. For auditing purposes, Force.com maintains a history of login requests.
You can use several Force.com features to control the objects, fields, and specific data records to which your users have access. Here’s a preview of how it’s done.
1. Create profiles and permission sets – Identify the different types of users you need for XCD HR, based on the different functions each type needs to access. Create a base level profile for each type of user so that each profile has only the permissions required for that type of user to perform these functions. Then create permission sets to handle exceptions—situations in which a user may need a few more permissions.
2. Assign users – Assign each user to the appropriate profile and permission sets.
3. Set sharing models – For each object, set the organization-wide default record sharing settings to determine whether the records that each user owns are public or private.
4. Share private records – Use roles, groups, record sharing rules, and other means to share private records with other users.
Force.com makes it painless to comply with auditing requirements that are commonly part of security policies. With a few mouse clicks, you can configure Force.com to audit who changed the value of a field, when it was changed, and what the value of the field was before and after the edit. History data is readily available for reporting, so you can easily create audit trail reports that help you comply with your security policy requirements.
Force.com lets you declare encrypted custom fields so that you can address concerns over data like social security and credit card numbers that your company might define as requiring additional protection. After creating an encrypted custom field, Force.com automatically encrypts this data using AES 128. It then uses key splitting to separate the keying material between application server and database so that no single salesforce.com administrator can recover both parts of the key.
However, encrypted custom fields do have some restrictions that might be important to your use case; they cannot be an external ID and do not have default values, and they are not searchable or available for use in filters such as list views, reports, roll- up summary fields, and rule filters.
When your application requires more control than what’s possible with declarative encrypted fields, you can use methods in Apex Crypto class to programmatically encrypt and decrypt sensitive information in Force.com. Apex Crypto also provides you with methods for creating digests, message authentication codes, and signatures.
You can configure several data download areas within salesforce.com products to require users to pass a user verification test known as CAPTCHA. This simple text-entry test ensures that the platform is interacting with a human being, and it can help reduce the risk of automated attacks, preventing malicious programs from accessing your organisation’s data.
Salesforce.com is committed to earning and maintaining your trust as a cloud computing provider. It certifies its data centres and all of its internal operations to some of the highest industry-accepted standards for data security, privacy controls, and operational reliability.
We hope this serves to illustrate why XCD HR is one of world’s most secure and trusted cloud HR solutions by virtue of its partnership with Salesforce,com the worlds most trusted cloud platform.