Salesforce.com has bolstered Salesforce Shield, its network activity monitoring system, with a new Transaction Security feature that keeps track of who is authorized to access sensitive data and flags attempts to access protected files by unauthorized users.
Salesforce Shield, originally released in July 2015, enabled IT administrators and security specialists to see user activity at a granular level, such as what services they were logging in to and what data was being accessed within the Salesforce cloud.
The monitoring tools were of particular interest to regulated industries that needed to be particularly careful about who accessed sensitive data inside and outside the company.
“But you couldn’t do anything in response in real time,” Seema Kumar, senior director of app cloud marketing for Salesforce, told eWEEK.
However, with the release of the Transaction Security feature on March 7, Shield can be customized to respond to unauthorized access or provide on-the-fly authorized access to things like sales reports to users who normally or by default aren’t able to get it.
For example, a company might not want to give anytime access of sales data to all sales representatives. But with Transaction Security, you could specify that certain reps can access the data on a one-time basis by having them provide proof of identity using two-factor identification, such as a phone number or PIN.
The system would also retain a record of that transaction. The big selling point of this feature is that users don’t have to go through the time-consuming process of getting permission from IT or a supervisor to access the data.
Shield includes three services—Event Monitoring, Audit Trail (that keeps track of data changes for up to 10 years) and Platform Encryption of data at rest. Transaction Security is now part of Event Monitoring. Kumar describes it as a customizable policy engine that lets IT create dynamic rules in real time rather than relying on more rigid policies that restrict access broadly.
“It’s completely flexible and lets IT intercept user behavior in real time,” said Kumar.
On that last point, she noted, Transaction Security addresses two use cases IT has been asking for help with. One is with multiple instances of Salesforce. Users will log in to Salesforce on their desktop, then their tablet and phone and perhaps even another device as they travel. Managing these multiple points of access becomes a management hassle.
Administrators could use Transaction Security to restrict log-ins to two devices. To further increase security, they should also require users to prove their identity using two-factor authentication when they try to log in on more than two devices.
As with other Shield services, Transaction Security can be extended to allow any app built natively on the Salesforce App Cloud to leverage its capabilities. Salesforce partners could, for example, build apps to detect specific programmatic terms being entered into a Salesforce Community or Chatter session and block them in real time.
There hasn’t been anything else like Shield on the market that responds in real time, regardless of what device or computer is in use, Kumar said. “It’s incredibly difficult to build without impacting user performance,” she said. “If you see anything like it out there, let us know.”
Salesforce Shield with Transaction Security is available starting March 7 as part of the Salesforce App Cloud. It’s free to existing Shield customers. For new customers, the Shield Suite (including Transaction Security) is priced at 30 percent of a customer’s total Salesforce spend based on their existing contract, or 10 percent for just Event Monitoring with Transaction Security.
This is a different pricing model than the typical per-user, per-month fee Salesforce charges. “This is not about users, it’s about data. You need it for everyone,” Kumar said.
Editor’s Note: This story was updated with revised price information provided by Salesforce.com.