Last year we launched Salesforce Shield, a powerful set of App Cloud services, to empower customers with complex governance and compliance requirements to build trusted apps fast--with clicks, not code. Shield is already enabling companies and institutions like the Australian Security Exchange, LendingPoint and the University of California, San Francisco (UCSF) to build new levels of compliance and governance directly into their apps. Today, we are expanding on Shield services with Transaction Security, a flexible, customizable security policy engine within Shield’s Event Monitoring capability that gives IT leaders the power to identify and prevent potentially malicious user actions in real-time. Transaction Security lets customers address even greater governance and compliance needs while also delivering a great experience for end-users and IT.
Traditionally, Chief Information Security Officers (CISOs) would protect sensitive data by building large moats around their data and limiting access with static rules. These rules only factored in very basic user information and did not change if there was something that caused additional concern, such as unusual login activity or movements of large amounts of data. But in the digital era, when customers, partners and employees can work from anywhere, on any device, and on any network, these static rules often break down, creating risk for businesses and a poor experience for end users. Transaction Security provides CISOs and CIOs with the ability to dynamically manage users’ access to data at a specific moment in time, given the right context.
Transaction Security comes with a set of standard policies to address issues IT organizations commonly face, such as compromised user accounts or devices. It also allows companies to define custom policies specific to their businesses. The magic of Transaction Security is that user actions, whether they involve logging into Salesforce from a second device or attempting to export a number of records, can be evaluated in real-time based on predefined rules, allowing IT to detect unusual behavior and take immediate action. IT can move from a reactive to a proactive stance.
For example, if a company views its account records as intellectual property and wants to take an action when a user attempts to export a large number of records, IT could define a security policy to either block the action, end the session or, depending on the user’s profile, alert the administrator--all in real-time. If an organization has confidential data in its reports and dashboards, IT could define a policy to request two-factor authentication when users attempt to view the reports, rather than compromising user experience by simply blocking access and requiring them to file a ticket with the IT help desk.
According to Matthew Doughty, general manager of Corporate Technology at The Australian Security Exchange, “as a leading financial services company operating in Australia, we chose Salesforce to transform how we interact with our customers. With Salesforce Shield, we’ve been able to move our sensitive, regulated data to the cloud quickly without compromising our user experience. With Transaction Security, we’ll be able take real-time action on user behavior to further bolster our compliance and governance.”
Because Transaction Security is an App Cloud service, all natively developed App Cloud apps can tap into its capabilities. For example, partners can build apps that detect specific terms being entered into Salesforce Community Cloud and block them in real-time, or create a security solution that is used across multiple apps and detects suspicious patterns in a user’s behavior and automatically route his or her next login through an additional level of security.
Transaction Security empowers CISOs with the ability to leverage the entire Salesforce ecosystem and take their compliance and governance to an entirely new level.