SALESFORCE SECURITY UPDATE

Introduction

Salesforce has announced that they will be upgrading their systems and will no longer support certain legacy encryption standards. This means that applications which interact and communicate with Salesforce may need to be upgraded to support this change.

CASE Partners  explain how the upcoming security changes to the Salesforce platform may affect your business and how to proactively avoid any negative impact.

Background of Security Protocols

Transport Layer Security (TLS) is an industry standard security protocol that ensures privacy between applications and/or users as they communicate over the Internet. TLS ensures that no external party can read or modify messages during transmission via accepted methods of data encryption. TLS is governed by a working group of an independent agency, specifically the Internet Engineering Task Force (IETF).

TLS standards were originally released in 1999 and have undergone several updates over the years. Software vendors independently decide on when they will support a new version of TLS and, more importantly, when they will no longer support older versions of the protocol. Two platforms wishing to communicate using the TLS security protocol must support the same minimal level of TLS or that communication will fail.

Impact of Salesforce Security Changes

There are three categories of “applications” that need to be considered, including:

  1. Web browsers used to access com
  2. Custom developed web applications that save data to and/or retrieve data from Salesforce
  3. Other applications that interact with Salesforce including Salesforce Data Loader and apps installed from the AppExchange

Web Browsers

Most modern web browsers already support the new protocol. The simplest way to confirm that your organization will not have issues is to attempt to access this Salesforce test site. If you are routed to a page that indicates TLS 1.0 Deactivation Test Passed, your current browser should not have any issues accessing Salesforce once the Salesforce security upgrade is in place. If you use multiple browsers, you will want to test each of them.

Custom Developed Web Applications

If you or your customers currently utilize any applications developed by CASE Partners or another internal/external development team, there may be changes required to those applications and the servers on which they are running to accommodate this upgrade from Salesforce. These include, for example, customer web portals and server batch processes. For existing CASE Partners‘ clients, we have been pro-active and have already determined the changes needed to your environments.

Other Applications

If you utilize applications that you’ve downloaded from the AppExchange, salesforce.com, or other locations, you’ll want to make sure these applications are compliant with the new security changes. Of particular note is the Salesforce provided Salesforce Data Loader. A new version of the Data Loader was released by Salesforce with the Spring ’16 release which is designed to support the change. This new version does require that the machines using it are running a specific version of the Java Framework (8.0).

Action Required

If you are an existing CASE Partners’ client, you will be contacted by your Account Executive to discuss the options for having us assist in ensuring that this Salesforce change will not impact your business operations or your clients’ experiences on your web sites.

For others interested in learning more, please feel free to contact us at salesforce@casepartners.com or give us a call 860-527-0436.