Key Security Updates in Salesforce Summer’17 release
If there’s one thing that makes Salesforce a cut above the rest, it is its consistent and methodological approach of releasing new and innovative features, providing its users with the latest cutting-edge possibilities. True to form, the Summer 2017 release offers some significant upgrades.
The primary upgrade in this release relates to security. The spate of sustained cyber attacks and the heightened state of security-related challenges faced by Internet users across the globe make security a top priority.
1. Easier and Better Authentication
Salesforce supports multiple two-factor authentication (2FA) methods, with the ability to deploy from a choice of Salesforce Authenticator, U2F Tokens, OAUTH HOTPs, and Temporary Tokens. The Spring’17 update enhanced the already robust 2FA by making users who add the authentication methods verify their identity, rather than merely enter their username and password.
The Summer’17 release revamps the authentication options, with improved verification requirements, enhancements to connected apps, and more OAuth options. These improvements deliver the twin-benefits of easier and quick logins, while further enhancing security at the same time.
As an added level of protection, admins may now require users to confirm their identities when they attempt to change email addresses. Previously, only the password was required to change the email id. Users now have to go through an added layer of verification, preempting attempts made by attackers, who have stolen passwords or gained unauthorized access in some way, to hijack an account. The new feature comes enabled by default in the new orgs created after the summer’17 release.
2. App Whitelisting Capabilities
Another significant upgrade introduced in the Summer’17 release is API client or app whitelisting capabilities. Admins and enterprises now gain better control over the apps trying to connect to their network. A new API client whitelisting feature blocks all OAuth related app connections to the org until admins explicitly approve such apps.
3. Simplified and Customized Login
Salesforce introduced password-free logins for Lightning in the Spring’17 release, offering a big relief to users hassled at having to remember multiple passwords. Users could now tap Approve in the Salesforce Authenticator on their mobile devices already unlocked using a fingerprint or PIN. Once logged in using such 2FA methods, users don’t have to go through the hassles of entering passwords every time they access Salesforce.
Improved IP Relaxation now offers users a more streamlined method to access Salesforce and connected apps, and also track blocked apps more easily. The IP relaxation option is available for client apps using OAuth and SAML for single sign-on.
The latest release also adds a Single Logout (SLO) option, as a beta feature. SLO logs out the user from all connected apps of service providers, when they log out of Salesforce. Likewise, users who log out from a service provider are also logged out of Salesforce and all other service providers as well.
Furthermore, admins can now create custom login pages with Visualforce and Apex controllers, to control how the login page appears at runtime. For example, admins can specify the type of logo appearing to specific users, depending on whether the user is an employee, customer, or another category. They can likewise offer different registration processes or different content flows to different users.
4. Embedded Logins
Of special note in the list of Summer’17 enhancements is the Embedded Login feature, which extends Salesforce authentication to websites. Admins may now require customers to log in to access web pages, by adding just a few lines of HTML code. The feature extends to both communities created with Salesforce’s in-house Communities and Salesforce Identity products. Enterprises may use this handy new feature to connect their CRM to their websites, something not easily possible before.
The Summer’17 release also enables browser notifications, alerting users when sessions are about to expire, preempting user annoyance on finding they are logged out owing to inactivity.
5. Compliance Burden Made Easy
Many admins are obliged to report Salesforce profile settings to ensure all Salesforce users meet the minimum password requirements. Hitherto, admins had complied with the requirement through a highly inefficient and adhoc way of taking screenshots of the profiles to document settings. The Summer ’17 release allows using the Metadata API to export profile definitions, or deploy it in another environment, reducing compliance burden.
6. Revamped Security Health Check
Security Health Check measures the incumbent security settings against in-vogue baseline standards. Salesforce’s health check page now offers four risk categories and new names for risk statuses, making health checks easier than before.
It is now also possible to import custom baseline standards to Health Check, offering unbridled customization options. Admins may customize their own security baseline to compare the organization’s security settings with individual industry standards.
7. Improved Platform Encryption Capabilities
The new release offers encryption support for flows, leads, and formulas. Formulas now work with encrypted fields, and likewise, it is now possible to use flows and processes with encrypted data. It is also possible to encrypt standard Lead fields, and other elements in the Chatter feed. Search index files may have their own separate encryption keys. Users may bring their own encryption key to protect their search index, and gain better-detailed control of their HSM-protected certificates. These updates are available in beta version, as of now.
8. New Lightning Experience Interface for Transaction Security
A new Lightning Experience interface for Transaction Security offers a new way to create policies against real-time events. The new user interface comes with an easy to use setup wizard, improved editing capabilities, and a carousel containing relevant information and statistics about the Salesforce org. The newly created policies can also check Chatter resources.
9. Easy Option to Disable Chatter
Among the notable security updates comes the easy option to disable Chatter.
Salesforce Chatter, even while being a handy tool, is not always welcome. Some users want Chatter disabled for compliance or security reasons. Up to now, disabling Chatter caused the inconvenience of bookmark re-directions not working. The new update removes this dependency.
The Salesforce Summer’17, though not bringing out any major paradigm-changing innovations, enhances security in a big way. It paves the way for robust policy-based security operations, and underscores the importance of paying attention to details. It goes to show that small yet crucial changes can have a much bigger impact than big-bang announcements.