Skip links

Six Essential Steps to Staying Safe in the Cloud

Securing your Integration with Salesforce AppExchange Apps

Businesses across the world rely on customer relationship management systems, or CRMs, to identify and manage the unique characteristics of their clients. CRMs such as Salesforce offer businesses a competitive edge, empowering them to capitalize on the opportunities presented by their clients’ changing circumstances through real time marketing of personalized services.

Salesforce offers seamless integration of many apps that enable the platform to be tailored to the exclusive requirements of each business. Yet cyber attacks on organizations grow more sophisticated, more serious, and more extensive every day, and when data is breached many businesses find themselves reevaluating their security infrastructure.

Staying Safe in the Cloud Blog CP Cyber Security Consulting Firm Denver Colorado

The Contemporary Security Landscape

In recent years, organized crime networks have become increasingly high-tech, making the teen hackers of the early internet obsolete. Today, data cartels harvest personal data from corporate and government networks on a grand scale. Even the government agencies of several states have been caught with their fingers in the pie as highly targeted, long-term international espionage and sabotage campaigns have been exposed.

Many businesses take cloud computing, mobility and virtualization for granted, but most are not equipped to manage the target-rich environment this creates for hackers.

Moving to the Cloud? A Dangerous Neighborhood

Today’s business landscape has dissolved traditional enterprise security parameters. Most businesses still storing data in legacy applications are keen to make the move to the cloud, yet hackers need only a small backdoor entry to gain access to an entire corporate IT network.

Being subject to a data attack is not only financially devastating, but it also costs businesses the hard-won trust of their clients.

Salesforce Cloud-Based Security

Businesses don’t move to the cloud lightly. Salesforce customers spend an average of four months evaluating the Salesforce platform from a security, compliance and business continuity perspective before making the move to the cloud-based solution.

Great CRMs understand that trust requires far more than security, and the Salesforce CRM successfully alleviates the concerns of legal, compliance and security experts through its commitment to transparency and compliance with industry and country-specific standards. And it works. The business community’s trust in Salesforce is grounded in the clarity of information it provides on the ways it safeguards customers’ data, its service availability and its performance metrics.

It is easy to assume that apps listed on Salesforce AppExchange are as secure from data attacks as the core CRM itself. Yet the AppExchange landscape is changing, and all apps are not created equally. To ensure your business remains safe in the cloud, it is essential you understand the way Salesforce AppExchange functions.


5 Myths about Salesforce AppExchange Apps


Myth 1: It is listed on AppExchange. It must be secure.

Reality: Salesforce performs an overall check on new apps, but does not certify the security of its AppExchange apps, nor does it accept any liability for their vulnerabilities.

Myth 2: This app is safe because the front end is built on Salesforce.

Reality: Many AppExchange listings expose the front end on Salesforce to reduce the training needs of their clients, but they store the data on a shared infrastructure.

Myth 3: We won’t use this app widely, so security review isn’t important.

Reality: Insecure smaller applications offer a backdoor entry to your larger applications and your data.

Myth 4: We’re not really storing our data, just code and metadata.

Reality: Amid the web’s changing architecture, the line between data and metadata is blurring. Hackers can even mine your information from the declarative court that is used to build an app.

Myth 5: This app is built on Salesforce, Amazon Web Services or Heroku.

Reality: These are great platforms, however, small vendors often rent shared market spaces. Apps from multi-tenancy arrangements can lead to big problems with security, performance and business continuity.


Six Essential Steps to Staying Safe in the Cloud


Cloud-based data management is essential for success in today’s business environment, and stringent cloud-based security is possible.

Before adopting any AppExchange solution, have your security team sign off on the security of the app and ask your C-level management to approve any security exceptions, particularly if your data is being stored by the AppExchange partner.

Safeguard your security by asking the app’s developers the following six questions:


  1. Data Access: Do you have access to our data or code? What backend infrastructure do you use to store our application data?  If you use multi-tenancy data architecture, what certifications do you have in place to ensure that our data remains safe?


  1. Rented and owned infrastructure: How much do you spend on vulnerability scanning? What are your certified uptimes? What is your business continuity plan? What is your intrusion detection and prevention strategy?


  1. Compliance: What compliances do you adhere to? Specify the compliances for your app, including SOC 1, SOC 2, SOC 3, HIPAA, IS0 27001 and PCI.


  1. Security best practice: Are you able to apply all of the security best practices provided by Salesforce, including integration for use with your corporate identity directory, two-factor authentication, restricted IP access, and restricted profile access? Can the company leverage Salesforce shield to encrypt data? How about customizing security using privileges and roles?


  1. Security spending: How many employees maintain the security of your solution? What is your total outlay on security?


  1. References: Get in touch with another business who has used the app and contact a trusted security expert to fill in any technical gaps you may not have in-house.


Today’s business landscape is constantly shifting, bringing with it new challenges and many exciting possibilities. With careful research and insightful planning, you’ll reap all of the benefits cloud-based data capture has to offer, opening endless opportunities, safeguarding your data, and maintaining the hard-won trust of your customers.

More About CP Cyber

CP Cyber is a full service cyber security consulting firm helping our clients uncover risks and build top of the line defenses to prevent cyber crimes.  To find out more about us visit our homepage here: or follow our Colorado Cyber Security Google Page.


Share the Post: