Is my org's data accessible to Salesforce?
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty{ margin-bottom:0;
}
up vote
5
down vote
favorite
Salesforce protects our data. But does it protect the data from Salesforce itself ? Is my data always visible/accessible to Salesforce?
security
add a comment |
up vote
5
down vote
favorite
Salesforce protects our data. But does it protect the data from Salesforce itself ? Is my data always visible/accessible to Salesforce?
security
add a comment |
up vote
5
down vote
favorite
up vote
5
down vote
favorite
Salesforce protects our data. But does it protect the data from Salesforce itself ? Is my data always visible/accessible to Salesforce?
security
Salesforce protects our data. But does it protect the data from Salesforce itself ? Is my data always visible/accessible to Salesforce?
security
security
asked Nov 21 at 15:32
user58709
263
263
add a comment |
add a comment |
2 Answers
2
active
oldest
votes
up vote
10
down vote
The data you store in any cloud service is, ultimately, accessible to that cloud service, saving only the circumstance that the data is encrypted on your local machine prior to transmission to the cloud and you and only you hold the encryption key - i.e., it's never transmitted to the service itself, and all data is decrypted only on your local machine.
There are relatively few cloud services that meet that definition, because it imposes very substantial limitations upon what the service can do. Most services that fall into this category are things like password managers and bulk data stores. Even in those cases, of course, you're vulnerable to manipulation of the client software (supply chain attacks, in essence), suborning of your local machine, and all of the other vulnerabilities that come with handling key storage - right down to the subpoena or the broken fingers, depending on what your threat model actually looks like.
Salesforce shifts a lot of those concerns from you to them. They provide a highly sophisticated security architecture, protected data centers, and a staff of trained security engineers. There are various tools you can use to protect your Salesforce data against different types of threats. The highly sophisticated platform security mechanisms offer protection against your own users, and help prevent the creation of vulnerabilities like CSRF and SOQL injections that your developers might create inadvertently. If you purchase the Shield Platform Encryption add-on, you can even encrypt your data (well, much of your data) while at rest on Salesforce's servers, to meet your compliance needs. Even with Shield, though, the keys reside with Salesforce and in theory could be accessed by the company.
The landscape of data security is very, very complex. In the context of a major enterprise cloud service like Salesforce, it's generally more useful to ask yourself, and your vendors, questions like "What safeguards do you put in place to protect my data from internal threats?" or "Who at $VENDOR able to access my keys?", or "What verification challenges do you require before you discuss my account with a caller?" rather than "Is it possible for you to access my data?"
The answer to that last question is almost always "yes", given enough time, legal compulsion, or money.
1
For the last question, "Salesforce" the platform obviously has access, but salesforce.com employees? Not without losing their job and facing jail time. It can be done, in the same sense that robbing a bank can be done. It's not recommended.
– sfdcfox
Nov 21 at 18:36
don't forget 'grant login access to salesforce.com support` - a rogue support agent could see what you, the sysad could see when you file a case against PROD
– cropredy
Nov 21 at 22:53
add a comment |
up vote
2
down vote
Your chats are visible to Facebook, WhatsApp so does your emails and search history to Google. In the end, everything is saved on hard drive(Cloud also have harddrive) so it can always be accessed... Same happened to bitcoin hack couple of months back when someone got access to the private key of bitcoin enterprise.
Coming to your question, Can Salesforce can access your data? Ofc their data engineers and bots can and thats how the Einstien analytics reads analyzes and gives your predection. No AI can be achived without data content and type study. So yes salesforce is reading and accessing your data. But it's for improving the salesforce AI and not for selling to competeitor.
Should you be worried? No,
When you read security document for salesforce they have written,
Your data is secure with salesforce.com. Your data will be completely
inaccessible to your competitors.
src : https://help.salesforce.com/articleView?id=000004986&type=1
Trust is the number one priority of Salesforce, if they break it for one customer, they would just stop getting business from others. So they would never dream to do that.
Can any salesforce employee see my data?
No, Only some set of data engineers can access your data as they are at data centres where it is stored, but every access is logged.
Also, if you Grant login access to Salesforce Support agent, they can also see and view your data, its also monitored and recorded.
https://help.salesforce.com/articleView?id=000003910&r=https%3A%2F%2Fwww.google.co.uk%2F&type=1
1
+1 but even R&D doesn't get "free" access to customer data. They are still required to get login access to view customer data. Company policy terminates anyone who accesses the raw databases directly to get at information, or uses any support feature (e.g. changing a user's email address) without proper documentation. It cannot be overstated how seriously salesforce.com treats customer data.
– sfdcfox
Nov 21 at 18:34
add a comment |
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
10
down vote
The data you store in any cloud service is, ultimately, accessible to that cloud service, saving only the circumstance that the data is encrypted on your local machine prior to transmission to the cloud and you and only you hold the encryption key - i.e., it's never transmitted to the service itself, and all data is decrypted only on your local machine.
There are relatively few cloud services that meet that definition, because it imposes very substantial limitations upon what the service can do. Most services that fall into this category are things like password managers and bulk data stores. Even in those cases, of course, you're vulnerable to manipulation of the client software (supply chain attacks, in essence), suborning of your local machine, and all of the other vulnerabilities that come with handling key storage - right down to the subpoena or the broken fingers, depending on what your threat model actually looks like.
Salesforce shifts a lot of those concerns from you to them. They provide a highly sophisticated security architecture, protected data centers, and a staff of trained security engineers. There are various tools you can use to protect your Salesforce data against different types of threats. The highly sophisticated platform security mechanisms offer protection against your own users, and help prevent the creation of vulnerabilities like CSRF and SOQL injections that your developers might create inadvertently. If you purchase the Shield Platform Encryption add-on, you can even encrypt your data (well, much of your data) while at rest on Salesforce's servers, to meet your compliance needs. Even with Shield, though, the keys reside with Salesforce and in theory could be accessed by the company.
The landscape of data security is very, very complex. In the context of a major enterprise cloud service like Salesforce, it's generally more useful to ask yourself, and your vendors, questions like "What safeguards do you put in place to protect my data from internal threats?" or "Who at $VENDOR able to access my keys?", or "What verification challenges do you require before you discuss my account with a caller?" rather than "Is it possible for you to access my data?"
The answer to that last question is almost always "yes", given enough time, legal compulsion, or money.
1
For the last question, "Salesforce" the platform obviously has access, but salesforce.com employees? Not without losing their job and facing jail time. It can be done, in the same sense that robbing a bank can be done. It's not recommended.
– sfdcfox
Nov 21 at 18:36
don't forget 'grant login access to salesforce.com support` - a rogue support agent could see what you, the sysad could see when you file a case against PROD
– cropredy
Nov 21 at 22:53
add a comment |
up vote
10
down vote
The data you store in any cloud service is, ultimately, accessible to that cloud service, saving only the circumstance that the data is encrypted on your local machine prior to transmission to the cloud and you and only you hold the encryption key - i.e., it's never transmitted to the service itself, and all data is decrypted only on your local machine.
There are relatively few cloud services that meet that definition, because it imposes very substantial limitations upon what the service can do. Most services that fall into this category are things like password managers and bulk data stores. Even in those cases, of course, you're vulnerable to manipulation of the client software (supply chain attacks, in essence), suborning of your local machine, and all of the other vulnerabilities that come with handling key storage - right down to the subpoena or the broken fingers, depending on what your threat model actually looks like.
Salesforce shifts a lot of those concerns from you to them. They provide a highly sophisticated security architecture, protected data centers, and a staff of trained security engineers. There are various tools you can use to protect your Salesforce data against different types of threats. The highly sophisticated platform security mechanisms offer protection against your own users, and help prevent the creation of vulnerabilities like CSRF and SOQL injections that your developers might create inadvertently. If you purchase the Shield Platform Encryption add-on, you can even encrypt your data (well, much of your data) while at rest on Salesforce's servers, to meet your compliance needs. Even with Shield, though, the keys reside with Salesforce and in theory could be accessed by the company.
The landscape of data security is very, very complex. In the context of a major enterprise cloud service like Salesforce, it's generally more useful to ask yourself, and your vendors, questions like "What safeguards do you put in place to protect my data from internal threats?" or "Who at $VENDOR able to access my keys?", or "What verification challenges do you require before you discuss my account with a caller?" rather than "Is it possible for you to access my data?"
The answer to that last question is almost always "yes", given enough time, legal compulsion, or money.
1
For the last question, "Salesforce" the platform obviously has access, but salesforce.com employees? Not without losing their job and facing jail time. It can be done, in the same sense that robbing a bank can be done. It's not recommended.
– sfdcfox
Nov 21 at 18:36
don't forget 'grant login access to salesforce.com support` - a rogue support agent could see what you, the sysad could see when you file a case against PROD
– cropredy
Nov 21 at 22:53
add a comment |
up vote
10
down vote
up vote
10
down vote
The data you store in any cloud service is, ultimately, accessible to that cloud service, saving only the circumstance that the data is encrypted on your local machine prior to transmission to the cloud and you and only you hold the encryption key - i.e., it's never transmitted to the service itself, and all data is decrypted only on your local machine.
There are relatively few cloud services that meet that definition, because it imposes very substantial limitations upon what the service can do. Most services that fall into this category are things like password managers and bulk data stores. Even in those cases, of course, you're vulnerable to manipulation of the client software (supply chain attacks, in essence), suborning of your local machine, and all of the other vulnerabilities that come with handling key storage - right down to the subpoena or the broken fingers, depending on what your threat model actually looks like.
Salesforce shifts a lot of those concerns from you to them. They provide a highly sophisticated security architecture, protected data centers, and a staff of trained security engineers. There are various tools you can use to protect your Salesforce data against different types of threats. The highly sophisticated platform security mechanisms offer protection against your own users, and help prevent the creation of vulnerabilities like CSRF and SOQL injections that your developers might create inadvertently. If you purchase the Shield Platform Encryption add-on, you can even encrypt your data (well, much of your data) while at rest on Salesforce's servers, to meet your compliance needs. Even with Shield, though, the keys reside with Salesforce and in theory could be accessed by the company.
The landscape of data security is very, very complex. In the context of a major enterprise cloud service like Salesforce, it's generally more useful to ask yourself, and your vendors, questions like "What safeguards do you put in place to protect my data from internal threats?" or "Who at $VENDOR able to access my keys?", or "What verification challenges do you require before you discuss my account with a caller?" rather than "Is it possible for you to access my data?"
The answer to that last question is almost always "yes", given enough time, legal compulsion, or money.
The data you store in any cloud service is, ultimately, accessible to that cloud service, saving only the circumstance that the data is encrypted on your local machine prior to transmission to the cloud and you and only you hold the encryption key - i.e., it's never transmitted to the service itself, and all data is decrypted only on your local machine.
There are relatively few cloud services that meet that definition, because it imposes very substantial limitations upon what the service can do. Most services that fall into this category are things like password managers and bulk data stores. Even in those cases, of course, you're vulnerable to manipulation of the client software (supply chain attacks, in essence), suborning of your local machine, and all of the other vulnerabilities that come with handling key storage - right down to the subpoena or the broken fingers, depending on what your threat model actually looks like.
Salesforce shifts a lot of those concerns from you to them. They provide a highly sophisticated security architecture, protected data centers, and a staff of trained security engineers. There are various tools you can use to protect your Salesforce data against different types of threats. The highly sophisticated platform security mechanisms offer protection against your own users, and help prevent the creation of vulnerabilities like CSRF and SOQL injections that your developers might create inadvertently. If you purchase the Shield Platform Encryption add-on, you can even encrypt your data (well, much of your data) while at rest on Salesforce's servers, to meet your compliance needs. Even with Shield, though, the keys reside with Salesforce and in theory could be accessed by the company.
The landscape of data security is very, very complex. In the context of a major enterprise cloud service like Salesforce, it's generally more useful to ask yourself, and your vendors, questions like "What safeguards do you put in place to protect my data from internal threats?" or "Who at $VENDOR able to access my keys?", or "What verification challenges do you require before you discuss my account with a caller?" rather than "Is it possible for you to access my data?"
The answer to that last question is almost always "yes", given enough time, legal compulsion, or money.
edited Nov 21 at 17:20
answered Nov 21 at 16:24
David Reed
27.5k61746
27.5k61746
1
For the last question, "Salesforce" the platform obviously has access, but salesforce.com employees? Not without losing their job and facing jail time. It can be done, in the same sense that robbing a bank can be done. It's not recommended.
– sfdcfox
Nov 21 at 18:36
don't forget 'grant login access to salesforce.com support` - a rogue support agent could see what you, the sysad could see when you file a case against PROD
– cropredy
Nov 21 at 22:53
add a comment |
1
For the last question, "Salesforce" the platform obviously has access, but salesforce.com employees? Not without losing their job and facing jail time. It can be done, in the same sense that robbing a bank can be done. It's not recommended.
– sfdcfox
Nov 21 at 18:36
don't forget 'grant login access to salesforce.com support` - a rogue support agent could see what you, the sysad could see when you file a case against PROD
– cropredy
Nov 21 at 22:53
1
1
For the last question, "Salesforce" the platform obviously has access, but salesforce.com employees? Not without losing their job and facing jail time. It can be done, in the same sense that robbing a bank can be done. It's not recommended.
– sfdcfox
Nov 21 at 18:36
For the last question, "Salesforce" the platform obviously has access, but salesforce.com employees? Not without losing their job and facing jail time. It can be done, in the same sense that robbing a bank can be done. It's not recommended.
– sfdcfox
Nov 21 at 18:36
don't forget 'grant login access to salesforce.com support` - a rogue support agent could see what you, the sysad could see when you file a case against PROD
– cropredy
Nov 21 at 22:53
don't forget 'grant login access to salesforce.com support` - a rogue support agent could see what you, the sysad could see when you file a case against PROD
– cropredy
Nov 21 at 22:53
add a comment |
up vote
2
down vote
Your chats are visible to Facebook, WhatsApp so does your emails and search history to Google. In the end, everything is saved on hard drive(Cloud also have harddrive) so it can always be accessed... Same happened to bitcoin hack couple of months back when someone got access to the private key of bitcoin enterprise.
Coming to your question, Can Salesforce can access your data? Ofc their data engineers and bots can and thats how the Einstien analytics reads analyzes and gives your predection. No AI can be achived without data content and type study. So yes salesforce is reading and accessing your data. But it's for improving the salesforce AI and not for selling to competeitor.
Should you be worried? No,
When you read security document for salesforce they have written,
Your data is secure with salesforce.com. Your data will be completely
inaccessible to your competitors.
src : https://help.salesforce.com/articleView?id=000004986&type=1
Trust is the number one priority of Salesforce, if they break it for one customer, they would just stop getting business from others. So they would never dream to do that.
Can any salesforce employee see my data?
No, Only some set of data engineers can access your data as they are at data centres where it is stored, but every access is logged.
Also, if you Grant login access to Salesforce Support agent, they can also see and view your data, its also monitored and recorded.
https://help.salesforce.com/articleView?id=000003910&r=https%3A%2F%2Fwww.google.co.uk%2F&type=1
1
+1 but even R&D doesn't get "free" access to customer data. They are still required to get login access to view customer data. Company policy terminates anyone who accesses the raw databases directly to get at information, or uses any support feature (e.g. changing a user's email address) without proper documentation. It cannot be overstated how seriously salesforce.com treats customer data.
– sfdcfox
Nov 21 at 18:34
add a comment |
up vote
2
down vote
Your chats are visible to Facebook, WhatsApp so does your emails and search history to Google. In the end, everything is saved on hard drive(Cloud also have harddrive) so it can always be accessed... Same happened to bitcoin hack couple of months back when someone got access to the private key of bitcoin enterprise.
Coming to your question, Can Salesforce can access your data? Ofc their data engineers and bots can and thats how the Einstien analytics reads analyzes and gives your predection. No AI can be achived without data content and type study. So yes salesforce is reading and accessing your data. But it's for improving the salesforce AI and not for selling to competeitor.
Should you be worried? No,
When you read security document for salesforce they have written,
Your data is secure with salesforce.com. Your data will be completely
inaccessible to your competitors.
src : https://help.salesforce.com/articleView?id=000004986&type=1
Trust is the number one priority of Salesforce, if they break it for one customer, they would just stop getting business from others. So they would never dream to do that.
Can any salesforce employee see my data?
No, Only some set of data engineers can access your data as they are at data centres where it is stored, but every access is logged.
Also, if you Grant login access to Salesforce Support agent, they can also see and view your data, its also monitored and recorded.
https://help.salesforce.com/articleView?id=000003910&r=https%3A%2F%2Fwww.google.co.uk%2F&type=1
1
+1 but even R&D doesn't get "free" access to customer data. They are still required to get login access to view customer data. Company policy terminates anyone who accesses the raw databases directly to get at information, or uses any support feature (e.g. changing a user's email address) without proper documentation. It cannot be overstated how seriously salesforce.com treats customer data.
– sfdcfox
Nov 21 at 18:34
add a comment |
up vote
2
down vote
up vote
2
down vote
Your chats are visible to Facebook, WhatsApp so does your emails and search history to Google. In the end, everything is saved on hard drive(Cloud also have harddrive) so it can always be accessed... Same happened to bitcoin hack couple of months back when someone got access to the private key of bitcoin enterprise.
Coming to your question, Can Salesforce can access your data? Ofc their data engineers and bots can and thats how the Einstien analytics reads analyzes and gives your predection. No AI can be achived without data content and type study. So yes salesforce is reading and accessing your data. But it's for improving the salesforce AI and not for selling to competeitor.
Should you be worried? No,
When you read security document for salesforce they have written,
Your data is secure with salesforce.com. Your data will be completely
inaccessible to your competitors.
src : https://help.salesforce.com/articleView?id=000004986&type=1
Trust is the number one priority of Salesforce, if they break it for one customer, they would just stop getting business from others. So they would never dream to do that.
Can any salesforce employee see my data?
No, Only some set of data engineers can access your data as they are at data centres where it is stored, but every access is logged.
Also, if you Grant login access to Salesforce Support agent, they can also see and view your data, its also monitored and recorded.
https://help.salesforce.com/articleView?id=000003910&r=https%3A%2F%2Fwww.google.co.uk%2F&type=1
Your chats are visible to Facebook, WhatsApp so does your emails and search history to Google. In the end, everything is saved on hard drive(Cloud also have harddrive) so it can always be accessed... Same happened to bitcoin hack couple of months back when someone got access to the private key of bitcoin enterprise.
Coming to your question, Can Salesforce can access your data? Ofc their data engineers and bots can and thats how the Einstien analytics reads analyzes and gives your predection. No AI can be achived without data content and type study. So yes salesforce is reading and accessing your data. But it's for improving the salesforce AI and not for selling to competeitor.
Should you be worried? No,
When you read security document for salesforce they have written,
Your data is secure with salesforce.com. Your data will be completely
inaccessible to your competitors.
src : https://help.salesforce.com/articleView?id=000004986&type=1
Trust is the number one priority of Salesforce, if they break it for one customer, they would just stop getting business from others. So they would never dream to do that.
Can any salesforce employee see my data?
No, Only some set of data engineers can access your data as they are at data centres where it is stored, but every access is logged.
Also, if you Grant login access to Salesforce Support agent, they can also see and view your data, its also monitored and recorded.
https://help.salesforce.com/articleView?id=000003910&r=https%3A%2F%2Fwww.google.co.uk%2F&type=1
answered Nov 21 at 17:20
Pranay Jaiswal
12.2k32251
12.2k32251
1
+1 but even R&D doesn't get "free" access to customer data. They are still required to get login access to view customer data. Company policy terminates anyone who accesses the raw databases directly to get at information, or uses any support feature (e.g. changing a user's email address) without proper documentation. It cannot be overstated how seriously salesforce.com treats customer data.
– sfdcfox
Nov 21 at 18:34
add a comment |
1
+1 but even R&D doesn't get "free" access to customer data. They are still required to get login access to view customer data. Company policy terminates anyone who accesses the raw databases directly to get at information, or uses any support feature (e.g. changing a user's email address) without proper documentation. It cannot be overstated how seriously salesforce.com treats customer data.
– sfdcfox
Nov 21 at 18:34
1
1
+1 but even R&D doesn't get "free" access to customer data. They are still required to get login access to view customer data. Company policy terminates anyone who accesses the raw databases directly to get at information, or uses any support feature (e.g. changing a user's email address) without proper documentation. It cannot be overstated how seriously salesforce.com treats customer data.
– sfdcfox
Nov 21 at 18:34
+1 but even R&D doesn't get "free" access to customer data. They are still required to get login access to view customer data. Company policy terminates anyone who accesses the raw databases directly to get at information, or uses any support feature (e.g. changing a user's email address) without proper documentation. It cannot be overstated how seriously salesforce.com treats customer data.
– sfdcfox
Nov 21 at 18:34
add a comment |
Thanks for contributing an answer to Salesforce Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Some of your past answers have not been well-received, and you're in danger of being blocked from answering.
Please pay close attention to the following guidance:
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsalesforce.stackexchange.com%2fquestions%2f240137%2fis-my-orgs-data-accessible-to-salesforce%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown