Salesforce security products, such as Shield, Data Encryption, and the Salesforce Security Center provide capabilities that are very similar to how cloud vendors approach security. While Salesforce will provide SLAs and security controls for the platform, they do not guarantee security for applications, automations, and connections that citizen developers build on the platform itself.
Here are some key things to consider when approaching security to apps and automations built on Salesforce:
- The speed at which professional and citizen developers can create and deploy apps and automations results in limited visibility to a huge attack surface
- Low-code apps and automations developed in Salesforce can push and pull data from a huge number of non-Salesforce systems and resources, creating a complex web of connections and data flows without centralized visibility or defined ownership
- Apps and automations developed without proper controls can lead to data leakage, insecure credential sharing, identity misuse, and more
- The data that Salesforce is gathering and remitting via their Generative AI tools provides another huge data warehouse that must be safeguarded, audited, and managed
- Salesforce connectors, add-ons and extensions that users can integrate into their apps and automations, presents a large supply-chain threat
Only Zenity provides the visibility, risk assessment, and governance controls necessary to ensure that Salesforce deployments don’t become security liabilities and cost-eaters.
Secure and Empower Professional and Citizen Developers using Salesforce
Zenity is a firm advocate that businesses not only should, but must use low-code platforms to get more done. However, we also recognize the need for strong security and governance to control all apps and automations, identify vulnerabilities, and enforce proper usage:
Continuous Discovery
- Scan Salesforce low-code environments to maintain visibility of who is creating what in real-time
- Maintain awareness of the relationships between users, data, and applications created in Salesforce
- Evaluate the role that each app plays in the business and identify component relationships, potentially insecure components, and more
Automated Risk Assessment
- Map violations against common security frameworks like the OWASP Top 10 and MITRE
- Comprehensive, out-of-the-box knowledge base with actionable remediation, automated playbooks, and triage recommendations
- Automatically discover risks that originate from faulty business logic, misconfigurations, third-party dependencies, add-ons and more
Governance at Scale
- Leverage custom policies and automated playbooks to take action whenever violations are flagged
- Initiate response by integrating with a variety of 3rd party tools (i.e. SIEM, SOAR, ITSM) to respond to threats
- Identify unused or unowned resources that can eat up license costs and cause security risks
Maximum Power. Minimum Risk.
As one of the most advanced and widely used Low-Code/No-Code platforms, Salesforce is an obvious choice for organizations that want to empower all business users to build on top of the Salesforce platform to get more done. Zenity provides the visibility, risk assessment and governance features to ensure both professional and citizen developers can build what they need, without putting the organization at risk.
