Security as a Shared Responsibility Between Provider and Customer

Salesforce secures the infrastructure, while customers are responsible for protecting their own data, configurations, and access rights.
Security is organized into “Invisibles” (built-in protection), “Configurables” (user-managed settings), and “Enhanceables” (advanced add-on security products).
Customers should utilize built-in features like Multi-Factor Authentication and the Security Health Check to maintain a strong defense.

Trust is the #1 value at Salesforce, and nowhere is that more evident than in how we protect customer data. As the technology landscape evolves to a new era defined by artificial intelligence (AI), the way we approach security must evolve with it. However, one constant remains: keeping data secure is a team sport. It requires a clear understanding of who’s responsible for what to ensure that innovation never comes at the cost of security.

What is a shared responsibility model?

According to cybersecurity company CrowdStrike, “The Shared Responsibility Model is a security and compliance framework that outlines the responsibilities of cloud service providers (CSPs) and customers for securing every aspect of the cloud environment, including hardware, infrastructure, endpoints, data, configurations, settings, operating system (OS), network controls and access rights.”

It’s a widely-used model by cloud providers where the provider is in charge of security related to the cloud itself and its underlying infrastructure, while its customers or end users are responsible for protecting data stored in the cloud environment. With the shared responsibility model, there’s an implied ownership of security of the platform by the provider, but that leaves the platform flexible enough for customers to configure it to meet their individual needs.

Salesforce, along with other top cloud providers such as Amazon Web Services, Microsoft Azure, and Google Cloud, follows this model. While each company has a slightly different interpretation of which responsibilities are owned by which party.

The Salesforce security architecture

Protecting data is a partnership. At Salesforce, our security is built on a shared responsibility model, which clearly defines the roles we both play in protecting your data.

This partnership comes to life in our Security Architecture. To help visualize how Salesforce keeps your data secure and where your controls fit in, we categorize our security framework into three simple layers: the Invisibles, the Configurables, and the Enhanceables.

1. The Invisibles (Salesforce’s Responsibility)

Salesforce has built security into our products at every stage. We create a trusted foundation so that our customers can innovate knowing their data is available and protected.

With the evolution of data and complex privacy regulations, trust and security are more important than ever. That’s why we’ve built a secure-by-design architecture with layers designed to protect customer data. The foundational layer of this architecture, the “Invisibles,” is comprised of protections that are built into our infrastructure and our platform, and are always working in the background. These are powerful security tools that Salesforce manages for you, meaning customers don’t need to lift a finger to enable them.

2. The Configurables (Customized by You)

However, security doesn’t start and end with Salesforce. In terms of our customers’ responsibilities, we provide configurable tools that are included as part of every org. These are security features built into the Agentforce 360 Platform, ready to use, that are enabled by each customer based on their preferences and the internal practices they employ.

Features like Multi-Factor Authentication (MFA) and Single Sign-On (SSO) are available to ensure secure identity and access management.
Permission Sets are available to define what a user does and doesn’t have access to.
Admins can run Login History reports to see who is logging in from where, ensuring authorized users are accessing Salesforce from trusted locations.
To help protect your Salesforce data from unauthorized access, you can enforce login IP restrictions on profiles so if a user tries to log in from an untrusted IP address, they’re challenged to verify their identity.

In fact, there are dozens of configurable security settings available to customers in a Salesforce org. To make this easier, we created a Security Health Check dashboard that surfaces critical session settings, password policies, identity settings (like MFA and SSO configurations), and more. It’s available out of the box, at no cost, and ready to use.

3. The Enhanceables (Advanced Security)

Customers also have the option to take their security to an advanced level with our add-on products, which make up the “Enhanceables” layer.

These purpose-built solutions have helped thousands of customers over the years stay audit-ready, offboard or onboard tens of thousands of employees while keeping their data safe, and protect their data while building state-of-the-art custom apps and agents. Enhanceables are also known as Trusted Services, and include products such as Shield, Security Center, Privacy Center, Data Mask & Seed, Archive, and Backup & Recover.

Enhance your Salesforce security

Salesforce strives to build strong products and infrastructure to securely house our customers’ data. We also assume the role of a trusted security advisor by providing customers with the tools, programs, and resources to succeed from a security perspective, by offering customer support in addition to the solutions available to you. To help you get started, we’ve created these resources to ensure you’re secure from day one: