The Summer ‘16 release included a number of Salesforce security-related updates that provide enhancements to existing security measures, better encryption of data, and improvements to login security. Encryption and security measures were also extended to Lightning, which is good news considering the focus that Salesforce will place on Lightning from here on out. See the Summer ‘16 Release Notes for all of the information on these new features. One particularly interesting feature that was rolled out in Summer ‘16 is the Salesforce Security Health Check tool.
An Overview of the Salesforce Security Health Check
With the Summer ‘16 release of Salesforce, administrators now have the ability to run a “Security Health Check” in order to identify any critical security gaps in their company’s Salesforce org. This Salesforce Security Health Check tool calculates a score based on the number of settings that are determined to be in the high- and medium-risk categories when compared against Salesforce baseline standards for security. This baseline standard consists of recommended values for settings in the Login Access Policies, Network Access, Password Policies, Remote Site Settings, and Session Settings groups. When settings are changed to be less restrictive than what the baseline standard outlines, the score can automatically decrease as a result. Settings that meet the baseline standards are listed below the medium- and high-risk items.
Using the Security Health Check Tool
To access the Salesforce Security Health Check tool, follow these 2 simple steps:
- From Setup, enter the words “Health Check” in the quick find box.
- Select “Health Check” from the listed options.
The Health Check automatically runs and a percentage-based score is calculated and displayed front-and-center on the page. To better understand how the score was calculated, click “How did we calculate this score?” This link will open a Salesforce Success Community help topic that provides information about the calculation method and what each percentage-based score range means.
Both the high-risk and medium-risk sections on the page display the follow columns:
- Status: risk level of each item
- Setting: factor that is analyzed in order to determine the risk/status level
- Group: category in which the setting is included
- Your Value: value of the setting in your org
- Standard Value: recommended value for that setting
- Actions: edit button that links to the page (so you can easily make setting updates)
The Salesforce Security Health Check gives administrators a quick, high-level view of at-risk security settings in the orgs they manage. While it doesn’t cover absolutely every metric of security in great detail, it is a solid place to start addressing overall security concerns and to gain an understanding of what settings to update.
As expected, there are circumstances when organizations will want to go beyond the minimum requirement of Salesforce compliance, so the fact that something isn’t labeled as “at risk” doesn’t necessarily mean it will meet each organization’s own unique standards. However, this report can be a useful tool in promoting good org auditing practices. It could also be a valuable resource for administrators who have inherited an org and are becoming more familiar with managing it. Finally, the Health Check tool is a great addition for third-party consultants–like Red Argyle–to include in our overall org health assessments for clients. Security can be a complex subject for many organizations, and providing admins with a snapshot of overall org security is a great move on Salesforce’s part. Have you tried the Security Health Check tool yet? If so, leave us a note below or on Twitter, and let us know what you think about this new feature from Salesforce.