Salesforce is a cornerstone of enterprise operations, central to customer relationship management (CRM), sales automation, and critical business processes. However, its complex identity management, user access controls, extensive third-party integrations, and intricate sharing configurations make it a prime target for security threats. Typically managed by RevOps or Sales team admins, IT and security teams struggle to maintain visibility into misconfigurations, over-permissioned accounts, and external data exposure. Valence Security delivers a proactive approach to securing Salesforce, offering deep visibility, risk prioritization, and comprehensive remediation capabilities to reduce risks without disrupting business operations.
Challenges of Salesforce Security
Salesforce's robust functionality makes it a powerful tool but also expands the attack surface. Organizations must navigate complex permission structures, secure integrations, and prevent data exposure. Key security challenges include:
Real-World Example: Salesforce Misconfigurations Leading to Data Exposure
Numerous misconfigured Salesforce Community websites allowed unauthenticated users to access private records. In one example, Vermont and Washington D.C. government sites leaked sensitive information, including names, SSNs, and bank account details, due to improper guest user access settings. Similarly, the Irish Health Service Executive’s (HSE) COVID-19 vaccination portal, built on Salesforce Health Cloud, exposed personal data of over 1 million residents due to improper access controls. These cases highlight the need for continuous monitoring and automated remediation to prevent data exposure and unauthorized access.
How Valence Security Helps Protect Your Salesforce Environment
Valence empowers security teams with the tools to identify, remediate, and continuously manage risks in Salesforce, ensuring a secure environment without disrupting business operations.
SaaS Security Posture Management (SSPM)
Valence utilizes SaaS Security Posture Management (SSPM) capabilities to provide deep visibility into Salesforce security configurations and user access:
- Identify overprivileged user accounts, inactive accounts, and shadow IAM risks
- Audit and monitor Salesforce settings to detect misconfigurations and security gaps
Map findings to security frameworks like NIST and ISO 27001 for compliance
Non-Human Identity (NHI) Risk Management
Valence helps organizations manage and secure non-human identities in Salesforce by:
- Providing a full inventory of SaaS-to-SaaS integrations, OAuth tokens, and service accounts
- Identifying inactive or dormant integrations for removal
- Ensuring all NHIs adhere to the principle of least privilege
SaaS Risk Remediation
Through a "Remediation by Choice" framework, Valence enables security teams to:
- Perform one-click fixes directly from the Valence platform or guided steps within Salesforce
- Apply customizable automated workflows to enforce security policies at scale
- Engage business users via Slack, Teams, or email to contextualize and address risks
SaaS Identity Threat Detection and Response (ITDR)
Valence secures Salesforce by detecting and responding to identity threats:
- Monitor and analyze user and NHI activities to detect suspicious behaviors.
- Identify privilege escalations, ‘mass download’ attempts, and risky org-wide integrations
- Protect against account takeovers and other threats
