The last pillar of a Salesforce Center of Excellence is security. Here are three main considerations for security:
1. New/Old Users
With a small org, it’s common for new users to be manually added and maintained. When a user leaves the organization, they can be manually frozen or deactivated.
As the org grows, this process can be automated through an identity provider (IDP) such as MS Active Directory (AD). This means when a user is added or disabled from AD, their Salesforce user is created or deactivated as well. This integration can be extended to more advanced functionality, such as Identity Governance and Administration (IGA) and Single Sign-On (SSO).
2. User Permissions
Permission sets and permission set groups are the recommended approach for providing user access. As such, users are given a base profile, and then a series of permission sets to expand their ability to work within Salesforce. Permissions can also be scaled back by using restriction rules.
The golden rule here is provide the necessary access for users, and nothing more. Regardless of the org size, only 2-5 users should be system administrators. The minimum is two because you want a backup in case you get locked out.
3. Data Masking/Encryption
Examining data, data masking and encryption are options to secure more sensitive data. Salesforce has some basic options for these, and there is Salesforce Shield for optimal security. Either way, Salesforce should only store the necessary information to operate. For example, it’s not meant to store credit card information or to be a file repository with potentially sensitive information.
The takeaway
Security decisions should be taken seriously and followed. It’s best to have a few basic steps in place and scale up as needed.