Is my org's data accessible to Salesforce?





.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty{ margin-bottom:0;
}






up vote
5
down vote

favorite












Salesforce protects our data. But does it protect the data from Salesforce itself ? Is my data always visible/accessible to Salesforce?










share|improve this question




























    up vote
    5
    down vote

    favorite












    Salesforce protects our data. But does it protect the data from Salesforce itself ? Is my data always visible/accessible to Salesforce?










    share|improve this question
























      up vote
      5
      down vote

      favorite









      up vote
      5
      down vote

      favorite











      Salesforce protects our data. But does it protect the data from Salesforce itself ? Is my data always visible/accessible to Salesforce?










      share|improve this question













      Salesforce protects our data. But does it protect the data from Salesforce itself ? Is my data always visible/accessible to Salesforce?







      security






      share|improve this question













      share|improve this question











      share|improve this question




      share|improve this question










      asked Nov 21 at 15:32









      user58709

      263




      263






















          2 Answers
          2






          active

          oldest

          votes

















          up vote
          10
          down vote













          The data you store in any cloud service is, ultimately, accessible to that cloud service, saving only the circumstance that the data is encrypted on your local machine prior to transmission to the cloud and you and only you hold the encryption key - i.e., it's never transmitted to the service itself, and all data is decrypted only on your local machine.



          There are relatively few cloud services that meet that definition, because it imposes very substantial limitations upon what the service can do. Most services that fall into this category are things like password managers and bulk data stores. Even in those cases, of course, you're vulnerable to manipulation of the client software (supply chain attacks, in essence), suborning of your local machine, and all of the other vulnerabilities that come with handling key storage - right down to the subpoena or the broken fingers, depending on what your threat model actually looks like.



          Salesforce shifts a lot of those concerns from you to them. They provide a highly sophisticated security architecture, protected data centers, and a staff of trained security engineers. There are various tools you can use to protect your Salesforce data against different types of threats. The highly sophisticated platform security mechanisms offer protection against your own users, and help prevent the creation of vulnerabilities like CSRF and SOQL injections that your developers might create inadvertently. If you purchase the Shield Platform Encryption add-on, you can even encrypt your data (well, much of your data) while at rest on Salesforce's servers, to meet your compliance needs. Even with Shield, though, the keys reside with Salesforce and in theory could be accessed by the company.



          The landscape of data security is very, very complex. In the context of a major enterprise cloud service like Salesforce, it's generally more useful to ask yourself, and your vendors, questions like "What safeguards do you put in place to protect my data from internal threats?" or "Who at $VENDOR able to access my keys?", or "What verification challenges do you require before you discuss my account with a caller?" rather than "Is it possible for you to access my data?"



          The answer to that last question is almost always "yes", given enough time, legal compulsion, or money.






          share|improve this answer



















          • 1




            For the last question, "Salesforce" the platform obviously has access, but salesforce.com employees? Not without losing their job and facing jail time. It can be done, in the same sense that robbing a bank can be done. It's not recommended.
            – sfdcfox
            Nov 21 at 18:36












          • don't forget 'grant login access to salesforce.com support` - a rogue support agent could see what you, the sysad could see when you file a case against PROD
            – cropredy
            Nov 21 at 22:53


















          up vote
          2
          down vote













          Your chats are visible to Facebook, WhatsApp so does your emails and search history to Google. In the end, everything is saved on hard drive(Cloud also have harddrive) so it can always be accessed... Same happened to bitcoin hack couple of months back when someone got access to the private key of bitcoin enterprise.



          Coming to your question, Can Salesforce can access your data? Ofc their data engineers and bots can and thats how the Einstien analytics reads analyzes and gives your predection. No AI can be achived without data content and type study. So yes salesforce is reading and accessing your data. But it's for improving the salesforce AI and not for selling to competeitor.



          Should you be worried? No,



          When you read security document for salesforce they have written,




          Your data is secure with salesforce.com. Your data will be completely
          inaccessible to your competitors.




          src : https://help.salesforce.com/articleView?id=000004986&type=1



          Trust is the number one priority of Salesforce, if they break it for one customer, they would just stop getting business from others. So they would never dream to do that.



          Can any salesforce employee see my data?
          No, Only some set of data engineers can access your data as they are at data centres where it is stored, but every access is logged.



          Also, if you Grant login access to Salesforce Support agent, they can also see and view your data, its also monitored and recorded.



          https://help.salesforce.com/articleView?id=000003910&r=https%3A%2F%2Fwww.google.co.uk%2F&type=1






          share|improve this answer

















          • 1




            +1 but even R&D doesn't get "free" access to customer data. They are still required to get login access to view customer data. Company policy terminates anyone who accesses the raw databases directly to get at information, or uses any support feature (e.g. changing a user's email address) without proper documentation. It cannot be overstated how seriously salesforce.com treats customer data.
            – sfdcfox
            Nov 21 at 18:34













          Your Answer








          StackExchange.ready(function() {
          var channelOptions = {
          tags: "".split(" "),
          id: "459"
          };
          initTagRenderer("".split(" "), "".split(" "), channelOptions);

          StackExchange.using("externalEditor", function() {
          // Have to fire editor after snippets, if snippets enabled
          if (StackExchange.settings.snippets.snippetsEnabled) {
          StackExchange.using("snippets", function() {
          createEditor();
          });
          }
          else {
          createEditor();
          }
          });

          function createEditor() {
          StackExchange.prepareEditor({
          heartbeatType: 'answer',
          convertImagesToLinks: false,
          noModals: true,
          showLowRepImageUploadWarning: true,
          reputationToPostImages: null,
          bindNavPrevention: true,
          postfix: "",
          imageUploader: {
          brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
          contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
          allowUrls: true
          },
          onDemand: true,
          discardSelector: ".discard-answer"
          ,immediatelyShowMarkdownHelp:true
          });


          }
          });














          draft saved

          draft discarded


















          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsalesforce.stackexchange.com%2fquestions%2f240137%2fis-my-orgs-data-accessible-to-salesforce%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown

























          2 Answers
          2






          active

          oldest

          votes








          2 Answers
          2






          active

          oldest

          votes









          active

          oldest

          votes






          active

          oldest

          votes








          up vote
          10
          down vote













          The data you store in any cloud service is, ultimately, accessible to that cloud service, saving only the circumstance that the data is encrypted on your local machine prior to transmission to the cloud and you and only you hold the encryption key - i.e., it's never transmitted to the service itself, and all data is decrypted only on your local machine.



          There are relatively few cloud services that meet that definition, because it imposes very substantial limitations upon what the service can do. Most services that fall into this category are things like password managers and bulk data stores. Even in those cases, of course, you're vulnerable to manipulation of the client software (supply chain attacks, in essence), suborning of your local machine, and all of the other vulnerabilities that come with handling key storage - right down to the subpoena or the broken fingers, depending on what your threat model actually looks like.



          Salesforce shifts a lot of those concerns from you to them. They provide a highly sophisticated security architecture, protected data centers, and a staff of trained security engineers. There are various tools you can use to protect your Salesforce data against different types of threats. The highly sophisticated platform security mechanisms offer protection against your own users, and help prevent the creation of vulnerabilities like CSRF and SOQL injections that your developers might create inadvertently. If you purchase the Shield Platform Encryption add-on, you can even encrypt your data (well, much of your data) while at rest on Salesforce's servers, to meet your compliance needs. Even with Shield, though, the keys reside with Salesforce and in theory could be accessed by the company.



          The landscape of data security is very, very complex. In the context of a major enterprise cloud service like Salesforce, it's generally more useful to ask yourself, and your vendors, questions like "What safeguards do you put in place to protect my data from internal threats?" or "Who at $VENDOR able to access my keys?", or "What verification challenges do you require before you discuss my account with a caller?" rather than "Is it possible for you to access my data?"



          The answer to that last question is almost always "yes", given enough time, legal compulsion, or money.






          share|improve this answer



















          • 1




            For the last question, "Salesforce" the platform obviously has access, but salesforce.com employees? Not without losing their job and facing jail time. It can be done, in the same sense that robbing a bank can be done. It's not recommended.
            – sfdcfox
            Nov 21 at 18:36












          • don't forget 'grant login access to salesforce.com support` - a rogue support agent could see what you, the sysad could see when you file a case against PROD
            – cropredy
            Nov 21 at 22:53















          up vote
          10
          down vote













          The data you store in any cloud service is, ultimately, accessible to that cloud service, saving only the circumstance that the data is encrypted on your local machine prior to transmission to the cloud and you and only you hold the encryption key - i.e., it's never transmitted to the service itself, and all data is decrypted only on your local machine.



          There are relatively few cloud services that meet that definition, because it imposes very substantial limitations upon what the service can do. Most services that fall into this category are things like password managers and bulk data stores. Even in those cases, of course, you're vulnerable to manipulation of the client software (supply chain attacks, in essence), suborning of your local machine, and all of the other vulnerabilities that come with handling key storage - right down to the subpoena or the broken fingers, depending on what your threat model actually looks like.



          Salesforce shifts a lot of those concerns from you to them. They provide a highly sophisticated security architecture, protected data centers, and a staff of trained security engineers. There are various tools you can use to protect your Salesforce data against different types of threats. The highly sophisticated platform security mechanisms offer protection against your own users, and help prevent the creation of vulnerabilities like CSRF and SOQL injections that your developers might create inadvertently. If you purchase the Shield Platform Encryption add-on, you can even encrypt your data (well, much of your data) while at rest on Salesforce's servers, to meet your compliance needs. Even with Shield, though, the keys reside with Salesforce and in theory could be accessed by the company.



          The landscape of data security is very, very complex. In the context of a major enterprise cloud service like Salesforce, it's generally more useful to ask yourself, and your vendors, questions like "What safeguards do you put in place to protect my data from internal threats?" or "Who at $VENDOR able to access my keys?", or "What verification challenges do you require before you discuss my account with a caller?" rather than "Is it possible for you to access my data?"



          The answer to that last question is almost always "yes", given enough time, legal compulsion, or money.






          share|improve this answer



















          • 1




            For the last question, "Salesforce" the platform obviously has access, but salesforce.com employees? Not without losing their job and facing jail time. It can be done, in the same sense that robbing a bank can be done. It's not recommended.
            – sfdcfox
            Nov 21 at 18:36












          • don't forget 'grant login access to salesforce.com support` - a rogue support agent could see what you, the sysad could see when you file a case against PROD
            – cropredy
            Nov 21 at 22:53













          up vote
          10
          down vote










          up vote
          10
          down vote









          The data you store in any cloud service is, ultimately, accessible to that cloud service, saving only the circumstance that the data is encrypted on your local machine prior to transmission to the cloud and you and only you hold the encryption key - i.e., it's never transmitted to the service itself, and all data is decrypted only on your local machine.



          There are relatively few cloud services that meet that definition, because it imposes very substantial limitations upon what the service can do. Most services that fall into this category are things like password managers and bulk data stores. Even in those cases, of course, you're vulnerable to manipulation of the client software (supply chain attacks, in essence), suborning of your local machine, and all of the other vulnerabilities that come with handling key storage - right down to the subpoena or the broken fingers, depending on what your threat model actually looks like.



          Salesforce shifts a lot of those concerns from you to them. They provide a highly sophisticated security architecture, protected data centers, and a staff of trained security engineers. There are various tools you can use to protect your Salesforce data against different types of threats. The highly sophisticated platform security mechanisms offer protection against your own users, and help prevent the creation of vulnerabilities like CSRF and SOQL injections that your developers might create inadvertently. If you purchase the Shield Platform Encryption add-on, you can even encrypt your data (well, much of your data) while at rest on Salesforce's servers, to meet your compliance needs. Even with Shield, though, the keys reside with Salesforce and in theory could be accessed by the company.



          The landscape of data security is very, very complex. In the context of a major enterprise cloud service like Salesforce, it's generally more useful to ask yourself, and your vendors, questions like "What safeguards do you put in place to protect my data from internal threats?" or "Who at $VENDOR able to access my keys?", or "What verification challenges do you require before you discuss my account with a caller?" rather than "Is it possible for you to access my data?"



          The answer to that last question is almost always "yes", given enough time, legal compulsion, or money.






          share|improve this answer














          The data you store in any cloud service is, ultimately, accessible to that cloud service, saving only the circumstance that the data is encrypted on your local machine prior to transmission to the cloud and you and only you hold the encryption key - i.e., it's never transmitted to the service itself, and all data is decrypted only on your local machine.



          There are relatively few cloud services that meet that definition, because it imposes very substantial limitations upon what the service can do. Most services that fall into this category are things like password managers and bulk data stores. Even in those cases, of course, you're vulnerable to manipulation of the client software (supply chain attacks, in essence), suborning of your local machine, and all of the other vulnerabilities that come with handling key storage - right down to the subpoena or the broken fingers, depending on what your threat model actually looks like.



          Salesforce shifts a lot of those concerns from you to them. They provide a highly sophisticated security architecture, protected data centers, and a staff of trained security engineers. There are various tools you can use to protect your Salesforce data against different types of threats. The highly sophisticated platform security mechanisms offer protection against your own users, and help prevent the creation of vulnerabilities like CSRF and SOQL injections that your developers might create inadvertently. If you purchase the Shield Platform Encryption add-on, you can even encrypt your data (well, much of your data) while at rest on Salesforce's servers, to meet your compliance needs. Even with Shield, though, the keys reside with Salesforce and in theory could be accessed by the company.



          The landscape of data security is very, very complex. In the context of a major enterprise cloud service like Salesforce, it's generally more useful to ask yourself, and your vendors, questions like "What safeguards do you put in place to protect my data from internal threats?" or "Who at $VENDOR able to access my keys?", or "What verification challenges do you require before you discuss my account with a caller?" rather than "Is it possible for you to access my data?"



          The answer to that last question is almost always "yes", given enough time, legal compulsion, or money.







          share|improve this answer














          share|improve this answer



          share|improve this answer








          edited Nov 21 at 17:20

























          answered Nov 21 at 16:24









          David Reed

          27.5k61746




          27.5k61746








          • 1




            For the last question, "Salesforce" the platform obviously has access, but salesforce.com employees? Not without losing their job and facing jail time. It can be done, in the same sense that robbing a bank can be done. It's not recommended.
            – sfdcfox
            Nov 21 at 18:36












          • don't forget 'grant login access to salesforce.com support` - a rogue support agent could see what you, the sysad could see when you file a case against PROD
            – cropredy
            Nov 21 at 22:53














          • 1




            For the last question, "Salesforce" the platform obviously has access, but salesforce.com employees? Not without losing their job and facing jail time. It can be done, in the same sense that robbing a bank can be done. It's not recommended.
            – sfdcfox
            Nov 21 at 18:36












          • don't forget 'grant login access to salesforce.com support` - a rogue support agent could see what you, the sysad could see when you file a case against PROD
            – cropredy
            Nov 21 at 22:53








          1




          1




          For the last question, "Salesforce" the platform obviously has access, but salesforce.com employees? Not without losing their job and facing jail time. It can be done, in the same sense that robbing a bank can be done. It's not recommended.
          – sfdcfox
          Nov 21 at 18:36






          For the last question, "Salesforce" the platform obviously has access, but salesforce.com employees? Not without losing their job and facing jail time. It can be done, in the same sense that robbing a bank can be done. It's not recommended.
          – sfdcfox
          Nov 21 at 18:36














          don't forget 'grant login access to salesforce.com support` - a rogue support agent could see what you, the sysad could see when you file a case against PROD
          – cropredy
          Nov 21 at 22:53




          don't forget 'grant login access to salesforce.com support` - a rogue support agent could see what you, the sysad could see when you file a case against PROD
          – cropredy
          Nov 21 at 22:53












          up vote
          2
          down vote













          Your chats are visible to Facebook, WhatsApp so does your emails and search history to Google. In the end, everything is saved on hard drive(Cloud also have harddrive) so it can always be accessed... Same happened to bitcoin hack couple of months back when someone got access to the private key of bitcoin enterprise.



          Coming to your question, Can Salesforce can access your data? Ofc their data engineers and bots can and thats how the Einstien analytics reads analyzes and gives your predection. No AI can be achived without data content and type study. So yes salesforce is reading and accessing your data. But it's for improving the salesforce AI and not for selling to competeitor.



          Should you be worried? No,



          When you read security document for salesforce they have written,




          Your data is secure with salesforce.com. Your data will be completely
          inaccessible to your competitors.




          src : https://help.salesforce.com/articleView?id=000004986&type=1



          Trust is the number one priority of Salesforce, if they break it for one customer, they would just stop getting business from others. So they would never dream to do that.



          Can any salesforce employee see my data?
          No, Only some set of data engineers can access your data as they are at data centres where it is stored, but every access is logged.



          Also, if you Grant login access to Salesforce Support agent, they can also see and view your data, its also monitored and recorded.



          https://help.salesforce.com/articleView?id=000003910&r=https%3A%2F%2Fwww.google.co.uk%2F&type=1






          share|improve this answer

















          • 1




            +1 but even R&D doesn't get "free" access to customer data. They are still required to get login access to view customer data. Company policy terminates anyone who accesses the raw databases directly to get at information, or uses any support feature (e.g. changing a user's email address) without proper documentation. It cannot be overstated how seriously salesforce.com treats customer data.
            – sfdcfox
            Nov 21 at 18:34

















          up vote
          2
          down vote













          Your chats are visible to Facebook, WhatsApp so does your emails and search history to Google. In the end, everything is saved on hard drive(Cloud also have harddrive) so it can always be accessed... Same happened to bitcoin hack couple of months back when someone got access to the private key of bitcoin enterprise.



          Coming to your question, Can Salesforce can access your data? Ofc their data engineers and bots can and thats how the Einstien analytics reads analyzes and gives your predection. No AI can be achived without data content and type study. So yes salesforce is reading and accessing your data. But it's for improving the salesforce AI and not for selling to competeitor.



          Should you be worried? No,



          When you read security document for salesforce they have written,




          Your data is secure with salesforce.com. Your data will be completely
          inaccessible to your competitors.




          src : https://help.salesforce.com/articleView?id=000004986&type=1



          Trust is the number one priority of Salesforce, if they break it for one customer, they would just stop getting business from others. So they would never dream to do that.



          Can any salesforce employee see my data?
          No, Only some set of data engineers can access your data as they are at data centres where it is stored, but every access is logged.



          Also, if you Grant login access to Salesforce Support agent, they can also see and view your data, its also monitored and recorded.



          https://help.salesforce.com/articleView?id=000003910&r=https%3A%2F%2Fwww.google.co.uk%2F&type=1






          share|improve this answer

















          • 1




            +1 but even R&D doesn't get "free" access to customer data. They are still required to get login access to view customer data. Company policy terminates anyone who accesses the raw databases directly to get at information, or uses any support feature (e.g. changing a user's email address) without proper documentation. It cannot be overstated how seriously salesforce.com treats customer data.
            – sfdcfox
            Nov 21 at 18:34















          up vote
          2
          down vote










          up vote
          2
          down vote









          Your chats are visible to Facebook, WhatsApp so does your emails and search history to Google. In the end, everything is saved on hard drive(Cloud also have harddrive) so it can always be accessed... Same happened to bitcoin hack couple of months back when someone got access to the private key of bitcoin enterprise.



          Coming to your question, Can Salesforce can access your data? Ofc their data engineers and bots can and thats how the Einstien analytics reads analyzes and gives your predection. No AI can be achived without data content and type study. So yes salesforce is reading and accessing your data. But it's for improving the salesforce AI and not for selling to competeitor.



          Should you be worried? No,



          When you read security document for salesforce they have written,




          Your data is secure with salesforce.com. Your data will be completely
          inaccessible to your competitors.




          src : https://help.salesforce.com/articleView?id=000004986&type=1



          Trust is the number one priority of Salesforce, if they break it for one customer, they would just stop getting business from others. So they would never dream to do that.



          Can any salesforce employee see my data?
          No, Only some set of data engineers can access your data as they are at data centres where it is stored, but every access is logged.



          Also, if you Grant login access to Salesforce Support agent, they can also see and view your data, its also monitored and recorded.



          https://help.salesforce.com/articleView?id=000003910&r=https%3A%2F%2Fwww.google.co.uk%2F&type=1






          share|improve this answer












          Your chats are visible to Facebook, WhatsApp so does your emails and search history to Google. In the end, everything is saved on hard drive(Cloud also have harddrive) so it can always be accessed... Same happened to bitcoin hack couple of months back when someone got access to the private key of bitcoin enterprise.



          Coming to your question, Can Salesforce can access your data? Ofc their data engineers and bots can and thats how the Einstien analytics reads analyzes and gives your predection. No AI can be achived without data content and type study. So yes salesforce is reading and accessing your data. But it's for improving the salesforce AI and not for selling to competeitor.



          Should you be worried? No,



          When you read security document for salesforce they have written,




          Your data is secure with salesforce.com. Your data will be completely
          inaccessible to your competitors.




          src : https://help.salesforce.com/articleView?id=000004986&type=1



          Trust is the number one priority of Salesforce, if they break it for one customer, they would just stop getting business from others. So they would never dream to do that.



          Can any salesforce employee see my data?
          No, Only some set of data engineers can access your data as they are at data centres where it is stored, but every access is logged.



          Also, if you Grant login access to Salesforce Support agent, they can also see and view your data, its also monitored and recorded.



          https://help.salesforce.com/articleView?id=000003910&r=https%3A%2F%2Fwww.google.co.uk%2F&type=1







          share|improve this answer












          share|improve this answer



          share|improve this answer










          answered Nov 21 at 17:20









          Pranay Jaiswal

          12.2k32251




          12.2k32251








          • 1




            +1 but even R&D doesn't get "free" access to customer data. They are still required to get login access to view customer data. Company policy terminates anyone who accesses the raw databases directly to get at information, or uses any support feature (e.g. changing a user's email address) without proper documentation. It cannot be overstated how seriously salesforce.com treats customer data.
            – sfdcfox
            Nov 21 at 18:34
















          • 1




            +1 but even R&D doesn't get "free" access to customer data. They are still required to get login access to view customer data. Company policy terminates anyone who accesses the raw databases directly to get at information, or uses any support feature (e.g. changing a user's email address) without proper documentation. It cannot be overstated how seriously salesforce.com treats customer data.
            – sfdcfox
            Nov 21 at 18:34










          1




          1




          +1 but even R&D doesn't get "free" access to customer data. They are still required to get login access to view customer data. Company policy terminates anyone who accesses the raw databases directly to get at information, or uses any support feature (e.g. changing a user's email address) without proper documentation. It cannot be overstated how seriously salesforce.com treats customer data.
          – sfdcfox
          Nov 21 at 18:34






          +1 but even R&D doesn't get "free" access to customer data. They are still required to get login access to view customer data. Company policy terminates anyone who accesses the raw databases directly to get at information, or uses any support feature (e.g. changing a user's email address) without proper documentation. It cannot be overstated how seriously salesforce.com treats customer data.
          – sfdcfox
          Nov 21 at 18:34




















          draft saved

          draft discarded




















































          Thanks for contributing an answer to Salesforce Stack Exchange!


          • Please be sure to answer the question. Provide details and share your research!

          But avoid



          • Asking for help, clarification, or responding to other answers.

          • Making statements based on opinion; back them up with references or personal experience.


          To learn more, see our tips on writing great answers.





          Some of your past answers have not been well-received, and you're in danger of being blocked from answering.


          Please pay close attention to the following guidance:


          • Please be sure to answer the question. Provide details and share your research!

          But avoid



          • Asking for help, clarification, or responding to other answers.

          • Making statements based on opinion; back them up with references or personal experience.


          To learn more, see our tips on writing great answers.




          draft saved


          draft discarded














          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsalesforce.stackexchange.com%2fquestions%2f240137%2fis-my-orgs-data-accessible-to-salesforce%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown





















































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown

































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown







          Popular posts from this blog

          Сан-Квентин

          8-я гвардейская общевойсковая армия

          Алькесар