Expands to Lead Education and Awareness of Security Best Practices to discuss security best practices at Dreamforce 2007

SAN FRANCISCO - Dreamforce Conference - September 17, 2007 - [NYSE: CRM], the market and technology leader in on-demand business services, today announced the expansion of to include security best practices. As more companies adopt on-demand technology, the goal of is to educate companies on security best practices for multi-tenant Software-as-a-Service applications. 

"As the leader in on demand, we must also take a leadership role in security education, which is why we are offering this resource to help customers to raise their security awareness," said Parker Harris, executive vice president, technology, "Our 'trust' site has been a hit with customers, so adding security was a natural extension for us as part our ongoing effort to educate and respond to our customers' needs." is's dedicated site for live performance data and service history. It provides system status per server, number of transactions and speed per transaction. Designed to keep customers informed of up to the minute service availability and help users increase productivity, the site alerts users to any performance issues on any of its servers, as well as any scheduled maintenance. The new security section of the site is dedicated to providing customers with educational content on security best practices, including information on email fraud, what to look for on the log in page, and password protection. The site will be regularly updated with the latest security best practices.

An example of a topic featured on is email fraud. Email fraud is an increasingly common danger for unsuspecting online consumers and business users today. One of the most popular scams are "phishing" attacks, which use social engineering to steal consumers' personal identity data and financial account credentials using 'spoofed' emails, and leading them to counterfeit websites designed to trick recipients into divulging financial data such as credit card numbers, account user names, passwords and social security numbers. According to the latest report by the Anti-Phishing Work Group (AFWG), the number of phishing sites rose to 14,191 in July, an 18 percent increase over May, the previous all-time high.  Most major ecommerce companies, financial institutions, and service providers have seen their users targeted by phishing attempts.

End-user awareness and education is the key to avoiding security issues caused by phishing and other security threats. recommends that customers take the following steps to enhance the security of their organizations:
  • "White list" IP addresses in email filters
  • Include IP restrictions as part of profiles in the Salesforce application
  • Require two-factor identification for users
  • Regularly update and reinforce security and education with end-users

At Dreamforce 2007 taking place this week, will offer a session on security best practices covering the latest Internet risks, what security measures has taken, and advice on how to educate end users on security. 

Trust.salesforce/security is live now. encourages customers to email if they receive any suspicious emails. For more information about phishing and how to prevent it, see

About Salesforce

Salesforce, the global CRM leader, empowers companies to connect with their customers in a whole new way. For more information about Salesforce (NYSE: CRM), visit:

Any unreleased services or features referenced in this or other press releases or public statements are not currently available and may not be delivered on time or at all. Customers who purchase Salesforce applications should make their purchase decisions based upon features that are currently available. Salesforce has headquarters in San Francisco, with offices in Europe and Asia, and trades on the New York Stock Exchange under the ticker symbol “CRM.” For more information please visit, or call 1-800-NO-SOFTWARE.