Improved Apps – Inside your Salesforce Circle of Trust

The interactive diagram below is based on the ‘Protect’ category of the NIST Cybersecurity Framework. It reveals how Improved Apps works within your Salesforce environment and so, shares key information security and compliance control mechanisms – and by contrast, the key security due diligence questions needed to help you mitigate the risks involved with using non-native solutions.

Navigation options

  • Show/hide details in the interactive diagram by clicking labels
  • Focus-in on specific cybersecurity risk ‘Hot-spots’ topics using the following tags…
    AppExchange Authentication Availability Bring Your Own Browser Bring Your Own Device Browser extensions BYOB BYOD CDN Change Compliance Critical Infrastructure Content Security Policy Cross-site scripting CSP Data protection Data validation Encryption Licensing Lightning Locker Service Native Patch Release Performance Permission Sets Releases Salesforce1 Mobile Salesforce Shield Sandbox Security Review Testing Upgrade User Profile XSS
  • Search by keyword:

Information Security Circle of Trust
Non-Salesforce platforms: Cybersecurity checklist for venturing into the fog of unknown clouds

Salesforce Platform
Salesforce Org

Access Control (PR.AC)
PR.AC-1: Identities and credentials are managed for authorised devices and users
As Improved Apps run within the Salesforce Org, access for all devices and users are subject to standard Salesforce platform security controls, such as user authentication.

PR.AC-2: Physical Access to resources is managed and secure
All Improved Apps resources are informational and therefore non-physical. Access to Improved Apps resources from physical devices is controlled by standard Salesforce platform mechanisms.

PR.AC-3: Remote Access is managed
PR.AC-3: Inbound Access
Inbound access: to the Improved Apps functionality and data is managed as for all ISVForce applications on the Salesforce platform – via user credentials, together with network-level controls, such as IP restrictions

Browser access: is managed by standard Salesforce platform features – Improved Apps support the same browser versions supported by Salesforce for BYOB (Bring Your Own Browser).

Browser extensions: are not required for standard Improved Apps deployment. Customers can choose to deploy Improved Apps browser extensions to extend reach to white-listed non-native pages and/or extend support for certain classic page / portal use cases.

Mobile device: access is managed through Improved Apps being Salesforce1 Mobile-ready applications for equivalent BYOD (Bring Your Own Device) support as Salesforce.

API access: access is managed through standard Salesforce platform mechanisms.

PR.AC-3: Outbound access
No External Services: All Improved Apps functionality is on the Salesforce platform

No API calls: or web services required for Improved Apps functionality.

External Help Resources: Where customers choose to access remote site content as Help Resources, Standard Salesforce Remote Site polices control access.

PR.AC-4: Access permissions are managed
Authentication: Standard Salesforce authentication mechanisms are used for access to Improved Apps licenses and functionality, which routinely checks for a valid session token as part of any procedure. Application-level access is granted via standard Salesforce org-wide or named-user licensing arrangements, depending on the purchased subscription type. Where appropriate, named-user licensing may also require additional setting of application user-types.

‘CRUD/CRED’ rights: As all Improved Apps operational data is stored in the form of Salesforce records, the right to Create, Read, Update/Edit and or Delete records is managed by standard Salesforce Platform mechanisms – User Profiles and Permissions. All Improved Apps solutions package Permission Sets for end-users and specialist roles – controlling Object permissions and Field-Level Security – which can be deployed as-is or cloned & customised for local policy compliance. Permissions can also be set through custom User Profiles.

Visibility: All Improved Apps operational data is stored as Salesforce records and visibility is controlled by standard Salesforce Platform mechanisms – Roles and Data Sharing Rules. Furthermore, visibility of records is restricted to specialist users (i.e. Help Authors and Notice Publishers) based on specific lifecycle milestones, as record status and/or record ‘Active’ flags.

PR.AC-5: Network Integrity is protected
As Improved Apps solutions are native to the Salesforce platform, standard platform mechanisms to protect network integrity are ever present.

Data Security (PR.DS)
PR.DS-1: Data-at-rest is protected
Improved Apps data: is stored in the form of Salesforce records and therefore subject to and controlled by platform-level security mechanisms.

PR.DS-2: Data-in-motion is secured
Improved Apps data doesn’t leave the Org: Improved Apps data is stored in the form of Salesforce records and never leaves the hosting Salesforce Org – unless an Org System Administrator chooses to use standard platform data management tools or Improved Apps export utilities to migrate records between their Salesforce Orgs.

Other data: Improved Apps functionality affects only Improved Apps data records. No other datasets are affected by the use of Improved Apps solutions – unless the customer chooses to use standard platform integration techniques, such as workflows, to have Improved Apps data drive changes elsewhere.

PR.DS-3: Assets are formally managed, through removal, transfers and disposal
Improved Apps data is stored in the form of Salesforce records and is therefore controlled by the hosting Salesforce Org’s System Administrators in accordance with local policies.

PR.DS-4: Adequate capacity to ensure availability is maintained
Availability: If your Salesforce Org is available so are your Improved Apps. It’s easy to check the status of your domain – and your Improved Apps – at status.salesforce.com
‘Aloha’ status – no impact on key Org limits: Improved Apps are installed as managed packages and therefore do not contribute to key Salesforce Org limits see Salesforce Developer Limits Quick Reference for more details.

No Web service API calls: Improved Apps do not use web service API calls – and so do not contribute to the hosting Salesforce Org’s limits.

PR.DS-5: Protection against data leaks
Data doesn’t leave the Salesforce Org: Any risks of data leak are confined to the hosting Salesforce Org as no data leaves this environment to use Improved Apps functionality.

Application code compliance: Improved Apps scripts comply with Salesforce security policies – audited via the Salesforce Security Review process for maintaining our ISVForce Partner status.

Salesforce Locker Service
Improved Apps solutions comply with industry best-practice security principles, including CSP (Content Security Policy) and the Salesforce Locker Service, which tightens CSP to control what scripts and resources can be loaded into pages, to minimise the possibility of cross-site scripting attacks.
Content Security Policy (CSP) compliance: As a certified ISV Innovation Partner, Improved Apps code complies with Content Security Policy as implemented by Salesforce, including those enforced via the ‘Locker Service’ that was introduced during 2016/2017 releases, alongside the Lightning Experience to enforce privacy and security policies.

Component Isolation: prevents component access to other component’s rendered data without any restrictions. This prevents potential vulnerabilities such as access to data outside of any encryption mechanisms otherwise enforrced.

No ‘XSS’ (cross-site scripting): Locker Service prevents access to external scripts, including CDN repositories to mitigate risks of cross-site scripting and similar security issues.

No Undocumented / Private APIs: Locker Service curates application scripts and prevents the use of private APIs.

Script libraries: Improved Apps make use of industry standard javascript libraries, such as jQuery. These are implemented either as release-specific static resources stored within the installation package or as Salesforce-curated versions.

PR.DS-6: Integrity checking mechanisms are used to verify software, firmware, and information integrity.
Software Integrity: is protected by functionality being delivered through managed packages that have passed Salesforce Security Review. All software releases are curated via the AppExchange and Improved Apps policy is to not force upgrades, to enable Customers to manage local app upgrade cycles. Patch releases are used – and affected customers informed – to address any bug-fixes between major releases. Obsolete features are deprecated at appropriate releases, in accordance with AppExchange procedures.

Information Integrity: is protected as no data leaves the hosting Salesforce Org to access Improved Apps functionality. All Improved Apps operational application data is stored in the form of local Salesforce records and is therefore archived or removed by the hosting Salesforce Org’s System Administrators in accordance with local policies.

PR.DS-7: Separate development and testing environments
Sandbox support: As Improved Apps are delivered as standard AppExchange managed packages, Customers are free to install into any Developer and/or Sandbox Orgs that they have licensed direct from Salesforce.com, for development and/or testing purposes.

Improved Apps Early Adopters: Improved Apps customers can consider joining our early adopter programme, to gain insights and influence our roadmap and access Improved Apps beta/non-beta releases for testing purposes.

Privacy of individuals and personally identifiable information (PII) is protected
Improved Apps Data abstracted from individuals: Improved Apps data is stored in the form of Salesforce records and any reference to Salesforce users or CRM records is purely in the form of Salesforce record IDs specific to the hosting Org. So, no individuals are identifiable from Improved Apps data alone, outside of the hosting Org context.

No User details outside hosting Salesforce Org.: Improved Apps License assignments are managed inside the hosting Salesforce Org, so no user data leaves the Org.

Awareness and Training (PR.AT)
PR.AT-1: All Users are informed and trained
Embedded help and training content: A primary use case for Improved Apps is support for embedding context-sensitive help and training content at the user’s point of need for the task in hand. Content is aligned by user type and Improved Help for Improved Help content packs are available for customer adoption / adaptation.

PR.AT-2: Privileged users understand roles and responsibilities
Embedded help and training content: A primary use case for Improved Apps is support for embedding context-sensitive help and training content at the user’s point of need for the task in hand. This includes support for specialist users and/or project teams – and Improved Help for Improved Help content packs are available for customer adoption / adaptation.

Training services: Where customers require training services over and above self-education, Improved Apps can provide structured training for specialist users and/or project teams.

PR.AT-3: Third-party stakeholders (suppliers, customers, partners) understand roles and responsibilities
Embedded help and training content: A primary use case for Improved Apps is support for embedding context-sensitive help and training content at the user’s point of need for the task in hand. This includes support for Community users – and Improved Help for Improved Help content packs are available for customer adoption / adaptation.

PR.AT-4: Senior executives understand roles and responsibilities
Embedded help and training content: A primary use case for Improved Apps is support for embedding context-sensitive help and training content at the user’s point of need for the task in hand. This includes support for specialist users, project teams, business process owners, stakeholders and executives – and Improved Help for Improved Help content packs are available for customer adoption / adaptation.

PR.AT-5: Physical and information security personnel understand roles and responsibilities
Embedded help and training content: A primary use case for Improved Apps is support for embedding context-sensitive help and training content at the user’s point of need for the task in hand. This includes support for specialist users in functions such as compliance, quality and security – and Improved Help for Improved Help content packs are available for customer adoption / adaptation.

Information Protection (PR.IP)
PR.IP-1: A baseline configuration of information technology/operational technology systems is created
Systems Documentation / Data-Dictionary: Improved Apps can be used by system administrators to document the host Salesforce Org and communicate changes to users and application / process stakeholders.

Standard Operating Procedures: Improved Apps can be used to document standard operating procedures and communicate changes to users and stakeholders.

PR.IP-2: A System Development Life Cycle (SDLC) to manage systems is implemented.
Systems Requirements, Tickets and Sprints: Please speak to us about how Improved Apps can be used to manage Requirements for New Features/Feature Enhancements, together with Tickets managing feature changes and bug-fixes by Milestone/Sprint

PR.IP-3: Configuration change control processes are in place
Change Control: Please speak to us about how Improved Apps can be used to manage Requirements for New Features/Feature Enhancements, together with Tickets managing feature changes and bug-fixes by Milestone/Sprint.
Change Management Procedures: Improved Apps are designed to support documentation of change management policies and procedures and associated stakeholder communication.

PR.IP-4: Backups of information are conducted, maintained and tested periodically
Standard Operating Procedures: Improved Apps are designed to support documentation of standard operating procedures and stakeholder communications.

PR.IP-5: Policy and regulation regarding the physical operating environment for organisational assets are met
Standard Operating Procedures: Improved Apps are designed to support documentation of standard operating procedures and stakeholder communications.

PR.IP-6: Information is destroyed according to policy and requirements
Archival Policy and Procedures: Improved Apps are designed to support documentation of standard operating procedures and stakeholder communications.

PR.IP-7: Protection processes are continuously improved
Continuous Improvement: Improved Apps are designed to support continuous improvement processes, associated documentation and stakeholder communications.

PR.IP-8: Information sharing occurs with appropriate parties
Standard Operating Procedures: Improved Apps are designed to support documentation of standard operating procedures and stakeholder communications.

PR.IP-9: Response plans (Business Continuity Plans, Disaster Recovery Plans, Incident Handling Plans) are in place and managed
Standard Operating Procedures: Improved Apps are designed to support documentation of standard operating procedures and stakeholder communications.

PR.IP-10: Response plans are exercised
Standard Operating Procedures: Improved Apps are designed to support documentation of standard operating procedures and stakeholder communications.

PR.IP-11: Cybersecurity is included in human resources practices (screening, departure, etc)
Standard Operating Procedures: Improved Apps are designed to support documentation of standard operating procedures and stakeholder communications.

PR.IP-12: A vulnerability management plan is developed and implemented
Standard Operating Procedures: Improved Apps are designed to support documentation of standard operating procedures and stakeholder communications.

Maintenance (PR.MA)
PR.MA-1: Maintenance and repair of organisational assets is performed and logged in a timely manner, with approved and controlled tools.
Standard Operating Procedures: Improved Apps can be used to document standard operating procedures and alert stakeholders

PR.MA-2: Remote maintenance and repair of organisational assets is approved, logged and performed in a manner that prevents unauthorised access and supports availability requirements for important operational and information systems.
Standard Operating Procedures: Improved Apps can be used to document standard operating procedures and alert stakeholders, including Community users.

Protective Technology (PR.PT)
PR.PT-1: Audit/log records are determined, documented, implemented, and reviewed in accordance with policy
Standard Operating Procedures: Improved Apps can be used to document standard operating procedures and alert stakeholders.

PR.PT-2: Removable media is protected and its use restricted according to policy
Standard Operating Procedures: Improved Apps can be used to document standard operating procedures and alert stakeholders.

PR.PT-3: Access to systems and assets is controlled, incorporating the principle of least functionality
Encryption services: As Improved Apps run natively on the Salesforce platform – and data is stored in the form of Salesforce records – Improved Apps can be used alongside encryption services that are compatible with the Salesforce platform.
Standard Operating Procedures: Improved Apps can be used to document standard operating procedures and alert stakeholders.

PR.PT-4: Communications and control networks are protected
Encryption services: As Improved Apps run natively on the Salesforce platform, any network security mechanisms compatible with the Salesforce platform are compatible with Improved Apps.

Standard Operating Procedures: Improved Apps can be used to document standard operating procedures and alert stakeholders.