Your business likely requires certain users to have privileged access to your cloud resources. This means they can basically have free reign to access all manner of company data, workflows, security controls and resources. Privileged access equals advanced permissions, which let users make changes to your Salesforce instance or cloud environment. These changes enable malicious actors to hide their activity and cause severe security risk.
Let’s look at why privileged users pose a threat to your organization, followed by ways organizations can secure their Salesforce and cloud environments to keep the keys to the kingdom in the hands of the right users and prevent privileged user abuse.
Here are five reasons that privileged users constitute a top security concern in the cloud.
1. They’re Considered Insider Threats
Recently, the security focus has shifted from external attackers to insiders who will not only open the doors to external attackers but will also maliciously or inadvertently abuse access to your Salesforce or cloud environment. According to the 2018 Insider Threat Report, 90 percent of surveyed organizations felt vulnerable to insider threats. Of those insider threats, regular employees (56 percent), privileged users (55 percent) and contractors (42 percent) posed the largest concern for respondents. Insider threats can include departing employees looking to take your company data to a competitor or privileged users who inadvertently change business-critical controls to your Salesforce environment.
2. Hard to Manage
Privileged users possess an understanding of the way your organization is structured and inherently have a high level of access to company resources. These users are usually administrators and monitors of systems. Essentially, preventing privileged user abuse means you need to monitor those who are monitoring your systems. Say, for instance, your network engineer’s account was compromised and was used to create a new service account. It may be difficult to determine if this access was not legitimate. Was this a part of their job function? Or was this a malicious act on the part of the engineer to cover up their tracks?
3. Remaining Compliant
To meet compliance in today’s digital era, regulations like FINRA, FFIEC, GDPR, FCA, HIPAA and PCI require stringent security controls. Information held within Salesforce and the cloud requires careful consideration as to who has access to data and what they can do with it. Privileged users can change permissions, privileges and security controls that can change your compliance posture – putting you not only at security risk but also at risk of regulatory fines and enforcement.
4. Evolving Permissions
As employees’ job roles and projects change, so do their permissions and access. Without proper monitoring, too many permissions changes can be given without approval. User, profile and role permissions in Salesforce should be adjusted according to each one’s role, ensuring that they only have access to information that is necessary to their job function.
5. Cybercriminals Target Privileged Users
Cybercriminals target privileged user accounts because it gives them the chance to enter your organization’s network and cloud environment under the cloak of privileged access. Oftentimes, privileged users aren’t audited at the depth that would allow employers to raise suspicion – giving them the opportunity to pilfer sensitive data across your organization’s environment.
Though they are necessary to business, privileged users pose a great threat to the security of your organization. Below are five security considerations to take to monitor privileged users and prevent privileged user abuse in the cloud.
1. Monitor Access to Your Salesforce Environment
How are users accessing your Salesforce environment? Perhaps a user is logging into Salesforce from a restricted location or IP address, or after hours. Upon detecting such unwanted behavior, you can set up rules to prevent privileged user abuse. The data that’s available in the access count can also detect if users are logging in from unsupported devices.
2. Watch for Compliance and Abnormal User Behavior
You are more equipped to satisfy state, federal and global regulations regarding access controls and monitoring access by monitoring privileged users, login access and abnormal user behavior. In addition, you are able to automate your compliance process and hold your associates accountable for their activity in Salesforce. In return, the sensitive data and confidential information in your Salesforce instance are more secure.
3. Least Privilege
Give users permissions only for what they need to perform their job role in your Salesforce instance or cloud environment. Organizations can customize user privileges per user and per application. For example, if an employee needs read/write privileges to a certain files system, then they don’t necessarily need root privileges.
4. Consolidate Your View
Your Salesforce environment is constantly being updated with new objects, applications, functionality, roles and projects. With security in mind, you probably find yourself comparing permissions to various users as their roles and workflows evolve. Obtaining a consolidated view of all users’ permissions lets you save time and not have to click into each permission set in Salesforce. With time savings, you can complete more thorough access reviews in much less time. Furthermore, if you’re managing multiple orgs or sandboxes, you may need to change permissions in one and not the other – this leaves a lot of room for errors. With a single view, you can identify errors and view who made what changes to permissions with proactive notification.
5. Detect Salesforce Changes
Can you tell when someone modifies an IP whitelist? Do you know when a user is created in your Salesforce environment? How about when changes occur in the permission set? Monitoring for changes to security controls within Salesforce gives you the ability to keep track of your users and your data. It’s most valuable to implement proactive alerting on changes that are most relevant to your role and your security posture.
A Secure Flow
In order for efficient workflows and business functions, privileged users are absolutely necessary to have in your Salesforce and cloud environments. However, there are tactics you can employ to secure your privileged user accounts and prevent privileged user abuse. Keep the security concerns mentioned above in mind as you implement best practices for keeping your employees productive and your cloud environment safe.
About the Author:
Mike Mason is the senior product manager at FairWarning. Mike has oversight and financial responsibility over nearly every aspect of FairWarning’s marketplace communications and education efforts. Mike’s efforts are directed at telling the company’s story and its customer stories from an authentic point of view. Mr. Mason was previously a product manager for Rakuten MediaForge.
