As an Information Security Analyst at Freedom Financial Network, Alyx Pearce’s top priorities are ensuring that data in Salesforce is properly secured while educating employees on how to prevent data loss. Making sure employees at Freedom Financial know how to handle data securely at rest is of the utmost importance.
Because the topic of security can be a scary thing, Alyx and team strive to empower their employees to be the heroes of their own security.
“Security can be intimidating to people—you think of this guy in a dark hoodie hovering over a computer or big red warning signs. So we don’t want to scare people and immobilize them from taking action.”
Alyx and team are also responsible for meeting compliance requirements like SOCII or PCI. In a regulated industry like banking, the vendors they work with require them to be certified in security. But being compliant doesn’t always mean being secure.
“We need to go beyond just checking the box that we’re compliant. We need to be integrating security into our day-to-day jobs.”
When it comes to Salesforce, in order to educate the team on securing data, they first need to know what fields are being used and how the team uses them.
Despite using so many different applications, Alyx and team realized they’d never gone through a risk assessment of Salesforce. They started with an exercise to identify areas of risk and any vulnerabilities they may have.
“We’re in the financial services industry. We know there is sensitive data in our Salesforce environment. So we know we're going to be looking for data that falls under PII specifically.”
At Freedom Financial Network, there are over 12,000 fields in just one of their Salesforce orgs, so they use event monitoring to track trends in near real time during events to swiftly identify abnormal behavior. While event monitoring gave Alyx insight into where to look, she needed a way to take action on those raw files and interpret what they were seeing.
That’s when the team implemented a solution to give them a closer look into users and activities at a more granular level. Now with the ability to drill down and quickly analyze the raw data, Alyx and team understand which of those risks need their immediate attention and classify this data for quick action.
“I saw these reports being exported with X, Y, Z fields and couldn’t easily tell what fields I really need to be paying attention to. So we decided we need to classify the data if we want to know whether we're exporting confidential information and somehow need to classify that in Salesforce.”
Alyx wanted to understand what fields contain sensitive data and who has access to them.
Data classification was a significant driver in their decision to go with Own. Classifying their information is essential to understand the information they have, where it is stored, how critical it is, and how to protect it.
What stood out for Alyx and team compared to other solutions on the market was the security assessment Own provides each customer.
“We never had to guess where to start. They walked us through all of our single sign-on (SSO) settings, data classification process, field encryption, and so on. It was extremely valuable to kick things off this way.”
With Salesforce Shield, the team didn’t have an understanding of the different field types that Salesforce supports for encryption, or why certain encryption attempts fail. Own Secure was able to break everything down for them and help them understand how many fields were eligible for encryption. Using Secure, they could then take steps to remediate certain encryptions that were blocked by configurations.
“With Own’s help, I was able to rank each one of those fields as high, medium, or low. Overnight, we were able to see what risks we need to focus on first based on their priority.”
Encryption checklist and remediation steps
Data classification capabilities
SSO/MFA security insights
With improved visibility into data security, classification exercises, and better communication between teams, the entire technology team at Freedom Financial now knows what sensitive data they have in Salesforce and the risks associated with it. With Own Secure, Salesforce admins can quickly see what fields are secure and where there are areas of vulnerability, enabling them to take the initiative to go remediate where necessary.
Another invaluable piece of functionality that accelerates security remediation for Freedom Financial Network is Own Secure’s Who Sees What Explorer feature.
With the Who Sees What Explorer tab, users are able to understand data exposure at the most granular level and view access by the object, record, user, and system permissions level.
“Using the Who Sees What Explorer shows us what permissions a person has and what that permission gives them access to. That information is hard to pull with Salesforce reports alone, so having this capability is very valuable.”
With functionality like the Who Sees What Explorer and the ability to create real-time alerts, Alyx and team can rest easy knowing their data is protected—without having to check it regularly.
“We have certain teams who can export reports from Salesforce and certain teams who should under no circumstances export any data out of the org. Without Own Secure, it would be less clear who should have certain permissions, making it easy for an SIS admin to accidentally update a profile with access that person shouldn’t have.”
Freedom Financial Network is a leading digital personal finance company, built to help people. By leveraging their proprietary data and analytics and artificial intelligence, they offer solutions tailored for each step of a consumer's financial journey, including personal loans, home equity loans, debt consolidation, and even financial tools and education.
Share your details and we’ll contact you shortly to schedule a custom 25-minute demo.
Share your details and we’ll contact you shortly to schedule a custom 25-minute demo.
By clicking “Accept”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Privacy Policy for more information.