By design, Salesforce is an environment where customer PII and other sensitive information must be shared and stored. However, compliance regulations like PCI DSS, HIPAA, GDPR, CCPA, and others limit this storage and usage of customer data to only what’s justifiably required for an organization to carry out its duties. Even then, there are requirements for how this data should be stored – like whether it should be encrypted, for example. As such, there’s a genuine need for security admins, compliance officers, and even marketing operations teams to understand what data they’re ingesting and what data their employees are generating and sharing within Salesforce. Without the proper tools, this task would very much be like trying to find a needle in a haystack.
By default, Salesforce maintains PCI DSS certification at Compliance Level 1, as a platform. However, with custom implementations or automated workflows such as web-to-case, email-to-case or files with confidential information, organizations need additional sensitive data discovery and protection capabilities to be compliant with regimes such as PCI DSS, HIPAA or other internal security requirements.
An Overview of Nightfall for Salesforce
Nightfall for Salesforce provides many of the same great features Nightfall users enjoy across our other integrations and services, including:
- Install with ease: Like all other integrations, Nightfall for Salesforce can be installed in a matter of minutes with two simple steps - package installation and authorizing access to your Salesforce organization. Once the package installation and authorization steps are complete, Nightfall is ready to scan and secure your Salesforce org.
Classify sensitive data in files, standard or custom objects or any records in real-time
- Prevent sensitive data exposure Once Nightfall discovers content that violates data security and compliance policies, you have the option of deleting content, redacting it, and/or notifying employees who made the violation so that they can be educated about proper policy and remediate the violation themselves.
- Rich analytics: Audits and other compliance review exercises can be very time-consuming, which is why Nightfall provides detailed analytics, going back as far as a year. See your risk trend lines over time, from our console. Including which employees are most frequently violating policy, which Nightfall detectors are triggered most, and more. Data like this will be useful in setting informed compliance goals, in addition to demonstrating and proving compliance.
Frictionless integration with existing security review processes: Choose how you receive alerts – via email, Slack, or export alerts and analytics to a SIEM platform of your choosing via webhooks.
- Single pane of glass: Should you choose to adopt Nightfall across other services, you can rest easy knowing that you’ll have the same data visibility across your entire SaaS surface.
Operationalizing data compliance at scale
Nightfall is the only product in the market with machine learning-based detection capabilities that can inspect any standard or custom object, or any files within Salesforce to discover sensitive data in real-time. As with Nightfall’s other integrations, Nightfall for Salesforce leverages the Nightfall Detection Engine’s individually trained machine learning detectors to identify over 50+ types of sensitive data – from names and addresses to ICD 9/10 codes, PHI identifiers, financial information like credit cards, secrets and credentials and more. Additionally, users can add their own patterns via regex. Users can then create their own workflows to scan for specific types of sensitive data within specific locations in Salesforce, including within file attachments like images, PDFs, and over 100+ other file types.
While native Salesforce features can help you classify certain fields as sensitive, Nightfall can complement those capabilities and help you auto-classify any field as sensitive instantaneously as any updates are made to those records in Salesforce. As an example, customers are using Nightfall to scan all attachments uploaded across any object, chatter comments, or case comments to discover exposure of PII, PCI or secrets and credentials. For example, if you want Salesforce feed to be free of customer information like credit cards. You can create a workflow for this. In addition to being notified when this happens, you have the option of automating remediation. You could choose to automatically redact this content as well as have a message go out to the employee who violated policy, educating them about when and where it’s appropriate to share such information (if at all). These options can be taken manually as well, if you choose.
Nightfall’s high accuracy detectors scan more than 8 million items a month, helping identify and remove sensitive data, without creating additional overhead or excessive time commitments for our users. Nightfall users rely on our platform to automate nearly 65% of their remediation actions, meaning that Nightfall is relatively low maintenance and can be managed by a small team. Organizations that have deployed Nightfall have freed up security teams to focus on more foundational security work.
Available in AppExchange, Nightfall Data Security for Salesforce is capable of scanning Salesforce objects and fields in real-time for the PII, PHI, PCI, and other sensitive data types you deem to be inappropriately shared within your Salesforce sandbox and production environments. To learn more about Nightfall for Salesforce, come see us at Dreamforce 2022! If you’re not attending Dreamforce, feel free to schedule a demo with us here.