There is a common misconception that insider threats are mostly malicious or negligent. In fact, insider threats are predominantly accidental, not malicious, with human mistakes accounting for 75% of these incidents.
According to the Ponemon Institute’s 2023 Cost of Insider Risks Global Report, “Non-malicious insiders accounted for 75% of incidents, from either: negligent or mistaken insiders (55%), or outsmarted insiders who were exploited by an external attack or adversary (20%).” Cloud environments have it worse, with Gartner reporting that misconfigurations cause 80% of all security incidents. Again, you can chalk that up to human mistakes, as Own has been reporting for many years in SaaS environments.
Most organizations fall short in proactively strengthening Salesforce data by only allocating a tenth of their IT security budget to insider risk management. This under investment is made worse when organizations don’t understand the Shared Responsibility Model that cloud providers operate under. Even when organizations realize they are responsible for securing their Salesforce Org, they lack the necessary expertise and tools. Their mitigation efforts are scattered, reactive, time consuming, and ultimately miss the highest risks, leaving their Orgs vulnerable and non-compliant. These blindspots leave gaps in security compliance and can result in exposure of sensitive information, disruption of mission-critical operations, and substantial costs.
Boosting Your Salesforce Security Maturity and Capability
Own customers benefit from the decades of specialized Salesforce security expertise encoded into Secure, a comprehensive data-centric risk management toolset to significantly cut costs and speed up identifying what data is highest risk, assessing how well sensitive data is protected, who has access to it, and computing risk scoring to help prioritize what to fix first.
Own Secure boosts your data security maturity, giving you visibility of how your security/risk is mapped out and prioritizing the highest risks. Gaining insight into the high risks in your Salesforce Org can be overwhelming, effectively illuminating problems that you did not realize needed to be fixed. To remedy this, Own Secure also streamlines remediation and reduces manual security tasks, speeding up security and compliance implementation in Salesforce.
Know your data and know your users
Effective insider threat mitigation requires the combination of knowing your data and knowing your users, emphasizing the importance of classifying data and managing least privilege access to protect against accidental exposure, including in production, development, and test orgs.
An added value of Own Secure is that it enables you to customize risk scoring to your unique operating context. Own provides defaults based on our extensive experience and expertise, then you can tune specific parameters as needed.
Conduct ongoing Insider Risk management
As Salesforce Orgs grow and evolve overtime, data and users change, and configurations and policies drift from established baselines. Therefore, it is essential to continuously monitor evolving Salesforce environments for emerging and shifting risks. Security best practice, and regulatory compliance, require annual Security Risk Assessments (SRA). Own also recommends using Secure automation in-between annual security risk assessments to continuously track emergent risks to your Salesforce data, and provide documentary evidence for audit compliance.
Development and test Orgs
It’s important to keep in mind that the insider threat doesn’t stop with production data. Development environments are a key extension of your organization and can be a major point of exposure because they typically have lower security protections. How are we managing access for developers who might have access to all sensitive information?
These development environments often don’t receive the same level of oversight as production systems, even though they contain similar sensitive data. And, in many cases, the developers might be contractors, so we must remain vigilant about limiting their access to your valuable data with both role-based access control and data anonymization.
That’s another reason "Know Your Data" is so important and why customers are using Own Accelerate, our sandbox seeding solution, to anonymize sensitive fields, limiting exposure even for developers with elevated access.
How Own’s Salesforce Security Solutions Can Help
At Own, we have observed a steady increase in security incidents, mostly caused by insiders making mistakes, resulting in thousands of customers using our rapid recovery solution to restore Salesforce data. Own also provides specialized security solutions to prevent insider threats in Salesforce. With Secure, you can ensure that sensitive data is properly protected and users have only the permissions they require. Own Accelerate secures developer environments by implementing data masking, so sensitive information remains protected even in non-production settings. It is also advisable to offload any inactive/deprecated data routinely and automatically to a secure archive to reduce the amount of data accessible in production environments, which is accomplished with Own Archive.
Together, these tools work to secure access and ensure compliance, allowing you to manage risk effectively and keep your Salesforce org safe.
