Locks, Alarms, and Cameras: A 3-Step Framework for a Stronger Data Loss Prevention Strategy

At Salesforce, trust is our number one value, and protecting your data is our top priority. The digital landscape, however, is constantly changing. Building a strong data loss prevention (DLP) strategy starts with understanding shared responsibility. There are security measures Salesforce provides for you, and actions you need take yourself based on your business needs.

Shared responsibility is represented in our security architecture as well. We have the invisibles (our responsibility), as well as the configurables and enhanceables (your responsibility). The invisibles are things like our secure infrastructure and providing reliable access to your data and systems. The configurables are built-in security controls like single sign-on (SSO) and authentication, and are where your part in building a strong DLP strategy starts. So, it’s important to ensure these are set up correctly for your business and to review them regularly as your business’s Salesforce environment changes.

Finally, there’s the enhanceables. These are the advanced security and privacy products that we offer to help you manage your responsibilities related to data security, resilience, and compliance. Think of our add-on capabilities as helping you more effectively use locks, alarms, and cameras to secure what’s valuable (in this case, your data). Let’s have a closer look at these enhanceables and how they can help you up-level your data loss prevention strategy.

Strengthen your security posture with stronger locks 

Let’s start with “locks”. The first step in any DLP strategy is to fortify your defenses. This means ensuring your foundational security settings are correctly configured to prevent unauthorized access from the start.

• Know your data: You can’t protect what you don’t know you have. The cornerstone of a strong posture is data classification. By identifying and labeling sensitive data like Personally Identifiable Information (PII) or confidential information, you can prioritize your security efforts. Products like Security Center help you quickly classify thousands of fields, so you know exactly where your most valuable data lives.
• Secure your sandboxes: Sandboxes are essential for development and testing, but they often contain copies of production data. This exposes real PII to a broader audience, including third-party developers. With Data Mask & Seed, you can easily anonymize or delete sensitive data in your sandboxes, closing a commonly overlooked security gap.
• Enforce least privilege: Powerful permissions like “Modify All Data” should be assigned with caution. Using Security Center, you can easily review who has access to sensitive data and identify overly permissive profiles and permission sets that require remediation.

Flag new risks with smarter alarms 

Once your locks are in place, you need an alarm system to notify you of suspicious activity. A proactive alerting strategy allows you to detect and respond to threats before they can cause significant damage.

• Automate your watchdog: You can’t monitor everything manually. Set up real-time alerts for high-risk events. For example, you can create a policy to immediately notify your security team whenever a new connected app is installed or a user is assigned a powerful permission set.
• Block threats automatically: Go beyond simple alerts by actively blocking unwanted behavior. Transaction Security Policies act like an alarm that automatically locks the door. For example, you can configure policies to:
  • Block large data exports, preventing a user from running a report with 100,000 customer records and exporting it.
  • Prevent risky permission assignments, stopping an admin from granting “Modify All Data” access.
  • Block API calls from unknown IP ranges, a key defense against credential theft.

Investigate exposure with clear cameras 

If a security incident does occur, you need the ability to see exactly what happened. This visibility is critical for understanding the scope of the incident, remediating the damage, and preventing it from happening again.

• Get the full story: Shield Event Monitoring provides detailed, forensic-level logs of everything happening in your org. If a user’s credentials are compromised, you can trace the bad actor’s every step: What time they logged in, what IP address they used, which records they accessed, and what reports they ran.
• Rewind the clock: In a worst-case scenario where data is deleted or corrupted, having a clear “video” of the event isn’t enough. With Backup & Recover, you can compare the state of your data before and after the incident and restore the affected records to their original state with just a few clicks.

Take the next step

Building a DLP strategy is an ongoing journey, not a one-time project. By focusing on strengthening your locks, setting up smart alarms, and ensuring you have clear cameras, you can effectively manage your side of the shared responsibility model.