Experience cloud is a powerful feature on the Salesforce platform where you can expose a subset of data and capabilities for external users as well as some capabilities for unauthenticated public users. This extremely powerful capability comes with huge responsibility, which is setting up the right security.
Let me clarify, Salesforce is not leaking the information, but the bad implementation is.
Coincidently, beginning this year, I did a health check for one of my customers, and the biggest flag I raised was in experience cloud security. That analysis is still fresh, and I would like to jot it down in this blog post.
1. Org Wide Default settings for external users
This is no brainer for anyone in the Salesforce ecosystem, The OWD for external users should be set to the most restrictive setting possible to minimize the risk of unauthorized access to sensitive information.
2. Open up Security using standard & recommended way
Take the help of Role to open security for external authenticated users followed by sharing rules or sharing sets. Do not forget each experience cloud site has its dedicated guest user that can be used in Sharing rule, an extremely powerful feature for security.
3. Choosing the Right License
Depending on license type like High Volume Customer Community, Customer Community Plus & Partner Community object access is decided. Therefore profile can be used to control access to objects, fields, etc. Always go with the mindset of least access and then open up the field, record type, etc, access as needed, do not follow the principle of the benefit of the doubt in security.
4. Avoid Saving License Costs Using Customizations
This is the most common reason for security breaches in the experience cloud. Just to save the license cost, developers end up creating custom LWC, Aura, or Visualforce and exposing them publicly. Using this approach, wonders can happen. Like updating an Account without login, however, with some play with the parameter, it could very easily expose data to the external world. Make sure every Apex class that is written follows all security best practices like using with sharing keyword, stripInaccessible method , avoiding dynamic SOQL, enforcing user mode for database operations, filter SOQL queries WITH SECURITY_ENFORCED.
5. Regularly Run Security Scans
Use tools like Salesforce event monitoring, Transaction policy, CheckMarx, IBM Qradar, etc, to regularly scan code, user behavior, etc., to identify potential vulnerabilities and take appropriate action to address them. Monitoring unauthenticated user behavior is extremely complicated, but tools like Google Analytics can help in profiling user patterns and behavior.
Run Portal Health Check frequently and act as per Salesforce recommendations (sample report below).
6. Session Time Out
Setting an appropriate user timeout in Salesforce session settings is an important aspect of securing Salesforce Experience Cloud. By setting a user timeout, you can automatically log users out of the system after a specified period of inactivity, helping to protect against unauthorized access.
7. Enable Multi-Factor Authentication
Multi-factor authentication (MFA) is an important aspect of securing Salesforce Experience Cloud, as it adds an additional layer of security to the login process. MFA requires users to provide two or more forms of authentication, such as a password and a security token, to access the system.
It is important to ensure that every user in the Salesforce org, both internal and external, is using MFA, even if they are using single sign-on (SSO). While SSO provides a convenient way for users to access multiple systems with a single login, it does not provide the same level of security as MFA.
Security breaches don’t announce themselves, but the damage they cause will be loud and clear an could result in the demise of the whole organization.
If you have anything else to add, please feel free to post in the comment below.