Is my org's data accessible to Salesforce?
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty{ margin-bottom:0;
}
up vote
5
down vote
favorite
Salesforce protects our data. But does it protect the data from Salesforce itself ? Is my data always visible/accessible to Salesforce?
security
asked 14 hours ago
user58709
263
add a comment |
up vote
5
down vote
favorite
Salesforce protects our data. But does it protect the data from Salesforce itself ? Is my data always visible/accessible to Salesforce?
security
asked 14 hours ago
user58709
263
add a comment |
up vote
5
down vote
favorite
up vote
5
down vote
favorite
Salesforce protects our data. But does it protect the data from Salesforce itself ? Is my data always visible/accessible to Salesforce?
security
asked 14 hours ago
user58709
263
Salesforce protects our data. But does it protect the data from Salesforce itself ? Is my data always visible/accessible to Salesforce?
security
security
asked 14 hours ago
user58709
263
asked 14 hours ago
user58709
263
asked 14 hours ago
user58709
263
asked 14 hours ago
user58709
263
asked 14 hours ago
user58709
263
263
add a comment |
add a comment |
2 Answers
2
active
oldest
votes
up vote
10
down vote
The data you store in any cloud service is, ultimately, accessible to that cloud service, saving only the circumstance that the data is encrypted on your local machine prior to transmission to the cloud and you and only you hold the encryption key - i.e., it's never transmitted to the service itself, and all data is decrypted only on your local machine.
There are relatively few cloud services that meet that definition, because it imposes very substantial limitations upon what the service can do. Most services that fall into this category are things like password managers and bulk data stores. Even in those cases, of course, you're vulnerable to manipulation of the client software (supply chain attacks, in essence), suborning of your local machine, and all of the other vulnerabilities that come with handling key storage - right down to the subpoena or the broken fingers, depending on what your threat model actually looks like.
Salesforce shifts a lot of those concerns from you to them. They provide a highly sophisticated security architecture, protected data centers, and a staff of trained security engineers. There are various tools you can use to protect your Salesforce data against different types of threats. The highly sophisticated platform security mechanisms offer protection against your own users, and help prevent the creation of vulnerabilities like CSRF and SOQL injections that your developers might create inadvertently. If you purchase the Shield Platform Encryption add-on, you can even encrypt your data (well, much of your data) while at rest on Salesforce's servers, to meet your compliance needs. Even with Shield, though, the keys reside with Salesforce and in theory could be accessed by the company.
The landscape of data security is very, very complex. In the context of a major enterprise cloud service like Salesforce, it's generally more useful to ask yourself, and your vendors, questions like "What safeguards do you put in place to protect my data from internal threats?" or "Who at $VENDOR able to access my keys?", or "What verification challenges do you require before you discuss my account with a caller?" rather than "Is it possible for you to access my data?"
The answer to that last question is almost always "yes", given enough time, legal compulsion, or money.
answered 13 hours ago
David Reed
25.9k51645
1
For the last question, "Salesforce" the platform obviously has access, but salesforce.com employees? Not without losing their job and facing jail time. It can be done, in the same sense that robbing a bank can be done. It's not recommended.
– sfdcfox
11 hours ago
don't forget 'grant login access to salesforce.com support` - a rogue support agent could see what you, the sysad could see when you file a case against PROD
– cropredy
6 hours ago
add a comment |
up vote
2
down vote
Your chats are visible to Facebook, WhatsApp so does your emails and search history to Google. In the end, everything is saved on hard drive(Cloud also have harddrive) so it can always be accessed... Same happened to bitcoin hack couple of months back when someone got access to the private key of bitcoin enterprise.
Coming to your question, Can Salesforce can access your data? Ofc their data engineers and bots can and thats how the Einstien analytics reads analyzes and gives your predection. No AI can be achived without data content and type study. So yes salesforce is reading and accessing your data. But it's for improving the salesforce AI and not for selling to competeitor.
Should you be worried? No,
When you read security document for salesforce they have written,
Your data is secure with salesforce.com. Your data will be completely
inaccessible to your competitors.
src : https://help.salesforce.com/articleView?id=000004986&type=1
Trust is the number one priority of Salesforce, if they break it for one customer, they would just stop getting business from others. So they would never dream to do that.
Can any salesforce employee see my data?
No, Only some set of data engineers can access your data as they are at data centres where it is stored, but every access is logged.
Also, if you Grant login access to Salesforce Support agent, they can also see and view your data, its also monitored and recorded.
https://help.salesforce.com/articleView?id=000003910&r=https%3A%2F%2Fwww.google.co.uk%2F&type=1
answered 12 hours ago
Pranay Jaiswal
10.8k31950
1
+1 but even R&D doesn't get "free" access to customer data. They are still required to get login access to view customer data. Company policy terminates anyone who accesses the raw databases directly to get at information, or uses any support feature (e.g. changing a user's email address) without proper documentation. It cannot be overstated how seriously salesforce.com treats customer data.
– sfdcfox
11 hours ago
add a comment |
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
10
down vote
The data you store in any cloud service is, ultimately, accessible to that cloud service, saving only the circumstance that the data is encrypted on your local machine prior to transmission to the cloud and you and only you hold the encryption key - i.e., it's never transmitted to the service itself, and all data is decrypted only on your local machine.
There are relatively few cloud services that meet that definition, because it imposes very substantial limitations upon what the service can do. Most services that fall into this category are things like password managers and bulk data stores. Even in those cases, of course, you're vulnerable to manipulation of the client software (supply chain attacks, in essence), suborning of your local machine, and all of the other vulnerabilities that come with handling key storage - right down to the subpoena or the broken fingers, depending on what your threat model actually looks like.
Salesforce shifts a lot of those concerns from you to them. They provide a highly sophisticated security architecture, protected data centers, and a staff of trained security engineers. There are various tools you can use to protect your Salesforce data against different types of threats. The highly sophisticated platform security mechanisms offer protection against your own users, and help prevent the creation of vulnerabilities like CSRF and SOQL injections that your developers might create inadvertently. If you purchase the Shield Platform Encryption add-on, you can even encrypt your data (well, much of your data) while at rest on Salesforce's servers, to meet your compliance needs. Even with Shield, though, the keys reside with Salesforce and in theory could be accessed by the company.
The landscape of data security is very, very complex. In the context of a major enterprise cloud service like Salesforce, it's generally more useful to ask yourself, and your vendors, questions like "What safeguards do you put in place to protect my data from internal threats?" or "Who at $VENDOR able to access my keys?", or "What verification challenges do you require before you discuss my account with a caller?" rather than "Is it possible for you to access my data?"
The answer to that last question is almost always "yes", given enough time, legal compulsion, or money.
answered 13 hours ago
David Reed
25.9k51645
1
For the last question, "Salesforce" the platform obviously has access, but salesforce.com employees? Not without losing their job and facing jail time. It can be done, in the same sense that robbing a bank can be done. It's not recommended.
– sfdcfox
11 hours ago
don't forget 'grant login access to salesforce.com support` - a rogue support agent could see what you, the sysad could see when you file a case against PROD
– cropredy
6 hours ago
add a comment |
up vote
10
down vote
The data you store in any cloud service is, ultimately, accessible to that cloud service, saving only the circumstance that the data is encrypted on your local machine prior to transmission to the cloud and you and only you hold the encryption key - i.e., it's never transmitted to the service itself, and all data is decrypted only on your local machine.
There are relatively few cloud services that meet that definition, because it imposes very substantial limitations upon what the service can do. Most services that fall into this category are things like password managers and bulk data stores. Even in those cases, of course, you're vulnerable to manipulation of the client software (supply chain attacks, in essence), suborning of your local machine, and all of the other vulnerabilities that come with handling key storage - right down to the subpoena or the broken fingers, depending on what your threat model actually looks like.
Salesforce shifts a lot of those concerns from you to them. They provide a highly sophisticated security architecture, protected data centers, and a staff of trained security engineers. There are various tools you can use to protect your Salesforce data against different types of threats. The highly sophisticated platform security mechanisms offer protection against your own users, and help prevent the creation of vulnerabilities like CSRF and SOQL injections that your developers might create inadvertently. If you purchase the Shield Platform Encryption add-on, you can even encrypt your data (well, much of your data) while at rest on Salesforce's servers, to meet your compliance needs. Even with Shield, though, the keys reside with Salesforce and in theory could be accessed by the company.
The landscape of data security is very, very complex. In the context of a major enterprise cloud service like Salesforce, it's generally more useful to ask yourself, and your vendors, questions like "What safeguards do you put in place to protect my data from internal threats?" or "Who at $VENDOR able to access my keys?", or "What verification challenges do you require before you discuss my account with a caller?" rather than "Is it possible for you to access my data?"
The answer to that last question is almost always "yes", given enough time, legal compulsion, or money.
answered 13 hours ago
David Reed
25.9k51645
1
For the last question, "Salesforce" the platform obviously has access, but salesforce.com employees? Not without losing their job and facing jail time. It can be done, in the same sense that robbing a bank can be done. It's not recommended.
– sfdcfox
11 hours ago
don't forget 'grant login access to salesforce.com support` - a rogue support agent could see what you, the sysad could see when you file a case against PROD
– cropredy
6 hours ago
add a comment |
up vote
10
down vote
up vote
10
down vote
The data you store in any cloud service is, ultimately, accessible to that cloud service, saving only the circumstance that the data is encrypted on your local machine prior to transmission to the cloud and you and only you hold the encryption key - i.e., it's never transmitted to the service itself, and all data is decrypted only on your local machine.
There are relatively few cloud services that meet that definition, because it imposes very substantial limitations upon what the service can do. Most services that fall into this category are things like password managers and bulk data stores. Even in those cases, of course, you're vulnerable to manipulation of the client software (supply chain attacks, in essence), suborning of your local machine, and all of the other vulnerabilities that come with handling key storage - right down to the subpoena or the broken fingers, depending on what your threat model actually looks like.
Salesforce shifts a lot of those concerns from you to them. They provide a highly sophisticated security architecture, protected data centers, and a staff of trained security engineers. There are various tools you can use to protect your Salesforce data against different types of threats. The highly sophisticated platform security mechanisms offer protection against your own users, and help prevent the creation of vulnerabilities like CSRF and SOQL injections that your developers might create inadvertently. If you purchase the Shield Platform Encryption add-on, you can even encrypt your data (well, much of your data) while at rest on Salesforce's servers, to meet your compliance needs. Even with Shield, though, the keys reside with Salesforce and in theory could be accessed by the company.
The landscape of data security is very, very complex. In the context of a major enterprise cloud service like Salesforce, it's generally more useful to ask yourself, and your vendors, questions like "What safeguards do you put in place to protect my data from internal threats?" or "Who at $VENDOR able to access my keys?", or "What verification challenges do you require before you discuss my account with a caller?" rather than "Is it possible for you to access my data?"
The answer to that last question is almost always "yes", given enough time, legal compulsion, or money.
answered 13 hours ago
David Reed
25.9k51645
The data you store in any cloud service is, ultimately, accessible to that cloud service, saving only the circumstance that the data is encrypted on your local machine prior to transmission to the cloud and you and only you hold the encryption key - i.e., it's never transmitted to the service itself, and all data is decrypted only on your local machine.
There are relatively few cloud services that meet that definition, because it imposes very substantial limitations upon what the service can do. Most services that fall into this category are things like password managers and bulk data stores. Even in those cases, of course, you're vulnerable to manipulation of the client software (supply chain attacks, in essence), suborning of your local machine, and all of the other vulnerabilities that come with handling key storage - right down to the subpoena or the broken fingers, depending on what your threat model actually looks like.
Salesforce shifts a lot of those concerns from you to them. They provide a highly sophisticated security architecture, protected data centers, and a staff of trained security engineers. There are various tools you can use to protect your Salesforce data against different types of threats. The highly sophisticated platform security mechanisms offer protection against your own users, and help prevent the creation of vulnerabilities like CSRF and SOQL injections that your developers might create inadvertently. If you purchase the Shield Platform Encryption add-on, you can even encrypt your data (well, much of your data) while at rest on Salesforce's servers, to meet your compliance needs. Even with Shield, though, the keys reside with Salesforce and in theory could be accessed by the company.
The landscape of data security is very, very complex. In the context of a major enterprise cloud service like Salesforce, it's generally more useful to ask yourself, and your vendors, questions like "What safeguards do you put in place to protect my data from internal threats?" or "Who at $VENDOR able to access my keys?", or "What verification challenges do you require before you discuss my account with a caller?" rather than "Is it possible for you to access my data?"
The answer to that last question is almost always "yes", given enough time, legal compulsion, or money.
answered 13 hours ago
David Reed
25.9k51645
edited 12 hours ago
answered 13 hours ago
David Reed
25.9k51645
answered 13 hours ago
David Reed
25.9k51645
answered 13 hours ago
David Reed
25.9k51645
25.9k51645
1
For the last question, "Salesforce" the platform obviously has access, but salesforce.com employees? Not without losing their job and facing jail time. It can be done, in the same sense that robbing a bank can be done. It's not recommended.
– sfdcfox
11 hours ago
don't forget 'grant login access to salesforce.com support` - a rogue support agent could see what you, the sysad could see when you file a case against PROD
– cropredy
6 hours ago
add a comment |
1
For the last question, "Salesforce" the platform obviously has access, but salesforce.com employees? Not without losing their job and facing jail time. It can be done, in the same sense that robbing a bank can be done. It's not recommended.
– sfdcfox
11 hours ago
don't forget 'grant login access to salesforce.com support` - a rogue support agent could see what you, the sysad could see when you file a case against PROD
– cropredy
6 hours ago
1
1
For the last question, "Salesforce" the platform obviously has access, but salesforce.com employees? Not without losing their job and facing jail time. It can be done, in the same sense that robbing a bank can be done. It's not recommended.
– sfdcfox
11 hours ago
For the last question, "Salesforce" the platform obviously has access, but salesforce.com employees? Not without losing their job and facing jail time. It can be done, in the same sense that robbing a bank can be done. It's not recommended.
– sfdcfox
11 hours ago
don't forget 'grant login access to salesforce.com support` - a rogue support agent could see what you, the sysad could see when you file a case against PROD
– cropredy
6 hours ago
don't forget 'grant login access to salesforce.com support` - a rogue support agent could see what you, the sysad could see when you file a case against PROD
– cropredy
6 hours ago
add a comment |
up vote
2
down vote
Your chats are visible to Facebook, WhatsApp so does your emails and search history to Google. In the end, everything is saved on hard drive(Cloud also have harddrive) so it can always be accessed... Same happened to bitcoin hack couple of months back when someone got access to the private key of bitcoin enterprise.
Coming to your question, Can Salesforce can access your data? Ofc their data engineers and bots can and thats how the Einstien analytics reads analyzes and gives your predection. No AI can be achived without data content and type study. So yes salesforce is reading and accessing your data. But it's for improving the salesforce AI and not for selling to competeitor.
Should you be worried? No,
When you read security document for salesforce they have written,
Your data is secure with salesforce.com. Your data will be completely
inaccessible to your competitors.
src : https://help.salesforce.com/articleView?id=000004986&type=1
Trust is the number one priority of Salesforce, if they break it for one customer, they would just stop getting business from others. So they would never dream to do that.
Can any salesforce employee see my data?
No, Only some set of data engineers can access your data as they are at data centres where it is stored, but every access is logged.
Also, if you Grant login access to Salesforce Support agent, they can also see and view your data, its also monitored and recorded.
https://help.salesforce.com/articleView?id=000003910&r=https%3A%2F%2Fwww.google.co.uk%2F&type=1
answered 12 hours ago
Pranay Jaiswal
10.8k31950
1
+1 but even R&D doesn't get "free" access to customer data. They are still required to get login access to view customer data. Company policy terminates anyone who accesses the raw databases directly to get at information, or uses any support feature (e.g. changing a user's email address) without proper documentation. It cannot be overstated how seriously salesforce.com treats customer data.
– sfdcfox
11 hours ago
add a comment |
up vote
2
down vote
Your chats are visible to Facebook, WhatsApp so does your emails and search history to Google. In the end, everything is saved on hard drive(Cloud also have harddrive) so it can always be accessed... Same happened to bitcoin hack couple of months back when someone got access to the private key of bitcoin enterprise.
Coming to your question, Can Salesforce can access your data? Ofc their data engineers and bots can and thats how the Einstien analytics reads analyzes and gives your predection. No AI can be achived without data content and type study. So yes salesforce is reading and accessing your data. But it's for improving the salesforce AI and not for selling to competeitor.
Should you be worried? No,
When you read security document for salesforce they have written,
Your data is secure with salesforce.com. Your data will be completely
inaccessible to your competitors.
src : https://help.salesforce.com/articleView?id=000004986&type=1
Trust is the number one priority of Salesforce, if they break it for one customer, they would just stop getting business from others. So they would never dream to do that.
Can any salesforce employee see my data?
No, Only some set of data engineers can access your data as they are at data centres where it is stored, but every access is logged.
Also, if you Grant login access to Salesforce Support agent, they can also see and view your data, its also monitored and recorded.
https://help.salesforce.com/articleView?id=000003910&r=https%3A%2F%2Fwww.google.co.uk%2F&type=1
answered 12 hours ago
Pranay Jaiswal
10.8k31950
1
+1 but even R&D doesn't get "free" access to customer data. They are still required to get login access to view customer data. Company policy terminates anyone who accesses the raw databases directly to get at information, or uses any support feature (e.g. changing a user's email address) without proper documentation. It cannot be overstated how seriously salesforce.com treats customer data.
– sfdcfox
11 hours ago
add a comment |
up vote
2
down vote
up vote
2
down vote
Your chats are visible to Facebook, WhatsApp so does your emails and search history to Google. In the end, everything is saved on hard drive(Cloud also have harddrive) so it can always be accessed... Same happened to bitcoin hack couple of months back when someone got access to the private key of bitcoin enterprise.
Coming to your question, Can Salesforce can access your data? Ofc their data engineers and bots can and thats how the Einstien analytics reads analyzes and gives your predection. No AI can be achived without data content and type study. So yes salesforce is reading and accessing your data. But it's for improving the salesforce AI and not for selling to competeitor.
Should you be worried? No,
When you read security document for salesforce they have written,
Your data is secure with salesforce.com. Your data will be completely
inaccessible to your competitors.
src : https://help.salesforce.com/articleView?id=000004986&type=1
Trust is the number one priority of Salesforce, if they break it for one customer, they would just stop getting business from others. So they would never dream to do that.
Can any salesforce employee see my data?
No, Only some set of data engineers can access your data as they are at data centres where it is stored, but every access is logged.
Also, if you Grant login access to Salesforce Support agent, they can also see and view your data, its also monitored and recorded.
https://help.salesforce.com/articleView?id=000003910&r=https%3A%2F%2Fwww.google.co.uk%2F&type=1
answered 12 hours ago
Pranay Jaiswal
10.8k31950
Your chats are visible to Facebook, WhatsApp so does your emails and search history to Google. In the end, everything is saved on hard drive(Cloud also have harddrive) so it can always be accessed... Same happened to bitcoin hack couple of months back when someone got access to the private key of bitcoin enterprise.
Coming to your question, Can Salesforce can access your data? Ofc their data engineers and bots can and thats how the Einstien analytics reads analyzes and gives your predection. No AI can be achived without data content and type study. So yes salesforce is reading and accessing your data. But it's for improving the salesforce AI and not for selling to competeitor.
Should you be worried? No,
When you read security document for salesforce they have written,
Your data is secure with salesforce.com. Your data will be completely
inaccessible to your competitors.
src : https://help.salesforce.com/articleView?id=000004986&type=1
Trust is the number one priority of Salesforce, if they break it for one customer, they would just stop getting business from others. So they would never dream to do that.
Can any salesforce employee see my data?
No, Only some set of data engineers can access your data as they are at data centres where it is stored, but every access is logged.
Also, if you Grant login access to Salesforce Support agent, they can also see and view your data, its also monitored and recorded.
https://help.salesforce.com/articleView?id=000003910&r=https%3A%2F%2Fwww.google.co.uk%2F&type=1
answered 12 hours ago
Pranay Jaiswal
10.8k31950
answered 12 hours ago
Pranay Jaiswal
10.8k31950
answered 12 hours ago
Pranay Jaiswal
10.8k31950
answered 12 hours ago
Pranay Jaiswal
10.8k31950
10.8k31950
1
+1 but even R&D doesn't get "free" access to customer data. They are still required to get login access to view customer data. Company policy terminates anyone who accesses the raw databases directly to get at information, or uses any support feature (e.g. changing a user's email address) without proper documentation. It cannot be overstated how seriously salesforce.com treats customer data.
– sfdcfox
11 hours ago
add a comment |
1
+1 but even R&D doesn't get "free" access to customer data. They are still required to get login access to view customer data. Company policy terminates anyone who accesses the raw databases directly to get at information, or uses any support feature (e.g. changing a user's email address) without proper documentation. It cannot be overstated how seriously salesforce.com treats customer data.
– sfdcfox
11 hours ago
1
1
+1 but even R&D doesn't get "free" access to customer data. They are still required to get login access to view customer data. Company policy terminates anyone who accesses the raw databases directly to get at information, or uses any support feature (e.g. changing a user's email address) without proper documentation. It cannot be overstated how seriously salesforce.com treats customer data.
– sfdcfox
11 hours ago
+1 but even R&D doesn't get "free" access to customer data. They are still required to get login access to view customer data. Company policy terminates anyone who accesses the raw databases directly to get at information, or uses any support feature (e.g. changing a user's email address) without proper documentation. It cannot be overstated how seriously salesforce.com treats customer data.
– sfdcfox
11 hours ago
add a comment |
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsalesforce.stackexchange.com%2fquestions%2f240137%2fis-my-orgs-data-accessible-to-salesforce%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
