Identifying and understanding risk to their data
Better visibility into user access with Own Secure
Over the last couple of years, Pihlajalinna has added new users and developed new processes in Salesforce that are more critical than ever to their organization. As a result, Development Manager Lauri Hakanpää has been involved in ensuring that their stored data is highly secure.
GDRP has been top of mind for Pihlajalinnna. Over the last two years, Lauri has been working to document what data they’re storing, how they are storing it, and where this data is located– especially with HIPAA or other sensitive data, and Europe’s strict regulations on how data can be treated in a regulated industry like Healthcare.
With all eyes on data security and the changes to their org, Pihlajalinna added Own Secure to their suite of products.
Challenges
- The biggest driver to purchase Own Secure was to ensure the data in Salesforce was properly encrypted. Lauri discussed the company’s goals with Salesforce, to which they proposed their platform encryption feature.
- But that would only solve part of the problem. How would platform encryption help to ensure user access and permissions are also regulated?
- This wasn’t something Salesforce could solve for. While they continue to make platform enhancements, they weren’t providing the tools the team needed to secure the stored data.
- “Manually identifying what kind of permissions our users have is very time consuming. Are they seeing something they shouldn’t? Or should they be seeing something they don’t? There was no visibility within the Salesforce platform with this kind of information.”
- Lauri has been working with Salesforce for over ten years. In his experience, when he has had different profiles for different user roles, he had to maintain those profiles manually.
- Setting configurations at the profile level can be quite the arduous process. If you have one user who has many responsibilities, and needs access to different fields and reporting types in Salesforce, you can’t grant this access by user role. Compounded with the extra secure step of signing in via SSO, and the user either needs all or no permissions assigned to that user’s profile.
- Creating a variety of permission sets based on user use case enables more flexibility to customize permissions for a user–without the all or nothing limitations set at the profile level.
- For this reason, needing a dozen or so permission sets makes a tool like Own Secure essential for permitting the right access to the right people.
Solutions
- When Own Secure came on the market, it was exactly what Lauri was looking for.
- Lauri booked a demo and quickly discovered that there was, in fact, a lack of information on what their users are doing in Salesforce.
- “We trust our users, and we want to increase our security one step further with access controls. I don’t mean we need to police everything everyone does, but we need to be able to create permission sets based on what role someone has and then track whether or not users have the access they need to get their job done.”
- It is also important for Lauri to see what was set accidentally by the admins versus what was set intentionally based on a user’s role, and make the necessary adjustments accordingly.
- Own Secure provides Lauri the ability to search a specific user and see what they can access in Salesforce. With the Who Sees What Explorer, Lauri can easily search their Salesforce data across object, records, and users lenses to understand precisely why particular Salesforce users have read, edit, deletion, or export permissions.
- “Before the Who Sees What Explorer, we were not really able to see which users had access to which fields. We’d have to go through all the permissions and monitor it in an excel sheet. But now, we can click directly into the Secure interface and search on a specific user. It's an amazing tool.”
- An additional benefit of Own Secure is the ability to better maintain their environment. By knowing what fields are being used, they can make changes to a process, update the use case of a specific field or delete fields all together, freeing up storage space.
- Creating a more secure Salesforce environment wasn’t a hard sell to Lauri’s leadership team. When it came down to contract duration, Lauri and team opted for a three year commitment because he couldn’t imagine doing his job without Own Secure.
Let’s say you have a user who is part of the sales team, who needs to create opportunities and track sales. But, at the same time, that same user is also a member of the call center team and needs to be able to manage tickets and update call records. This user has the basic profile and then is assigned the permission sets that pertain to their roles. This becomes much easier with Own Secure because I can search for a user, see what their role assignments are, and toggle on the permission sets they need access to. It has saved us hours per month.
Lauri Hakanpää, Development Manager
Partnering for Success
After purchasing Own Secure, Lauri and team went through a Security Risk Assessment (SRA) exercise.
Lauri was partially attuned to the fact that this exercise wasn’t just a checklist of things to do but included a discussion on the reasons behind doing something. Prior to having visibility into permission sets in Salesforce, Lauri didn’t have much understanding of what was happening on the platform from the security vantage point.
Once he completed the SRA exercise, Lauri had an improved understanding of what needed to be done. This didn’t mean that they were ready for every disastrous situation, but it was a good starting point. The SRA exercise did highlight that their Salesforce environment was well configured, which was a high point to show leadership that this is a system they need to continue investing in– especially now that they have the supporting tools needed to ensure it’s secure.
ENSURING CONTINUITY AND ACCELERATING ON-PLATFORM DEVELOPMENT
Pihlajalinna says goodbye to manual work with Own Recover and Own Accelerate
Challenges
- More operational data moving to the cloud prompted the need to backup the data and ensure it can be recovered.
- Business Continuity plan that was in place put the company at high risk due to no backup or restore in place.
- Custom objects and key sales data; accounts, leads, contact and opps, losing the data would be mean losing everything.
- Users were very shy to make changes to data in the fear they would make mistakes, create issues or worse, lose data they really need.
- Manual work with CSV files and data loader was cumbersome and time consuming.
- Need to meet strict compliance regulations with GDPR and HIPAA.
Solutions
- With Own, no matter what happens with their data in Salesforce they are able to ensure continuity quickly and easily.
- Helped the developers to work faster and smarter.
- With Enhanced Sandbox Seeding the dev team is able to populate sandboxes easily just with a few clicks and get not only certain records but also relations between records.
- Bye bye manual work with CSV files and dataloader
- Anonymization option is mandatory to avoid using sensitive data in development environments–making adhering to regulations more streamlined and avoiding costly fines.
- Data is the most important thing in the system–and now it’s protected and safe.
- When complex issues arise, Customer Support from Own is fast and issues are resolved quickly.
About Pihlajalinna
Pihlajalinna is one of Finland’s leading providers of social and healthcare services. We offer high quality social, health and wellbeing services at our private clinics, hospitals, dental clinics, fitness centers and housing services across Finland. We build services that focus on keeping people healthy. It is easier, more inexpensive and lighter for the body to keep a person healthy rather than cure an ill person.
Our aim is to challenge habitual patterns and continuously provide our customers with better service. We want to be a responsible industry pioneer that provides rapid and easy care. Our aim is to ensure that you feel better at every stage of your life. Long live life!
*Retrieved from pihlajalinna.fi