Maintaining Org Security with the Salesforce Health Check

You likely fell in love with Salesforce because of its flexibility. With its 'no-code' customizability and extensive range of third-party apps, the platform is endlessly configurable — and while that make it possible to set up your Org in any number of ways, it also makes it difficult to tighten broad security controls. With the loads of custom applications, licenses and unique features that Salesforce provides, regular reviews of security settings are essential.

Luckily, Salesforce provides a way to do this natively without completely overhauling your system. It’s called the Salesforce Health Check.

What is a Salesforce Health Check? 

The Salesforce Health Check is a tool that rates the overall security health of your Org, allowing users to identify vulnerabilities and monitor the effectiveness of their security settings — either against Salesforce’s out-of-the-box standard or a custom baseline. The tool scans all of your Org’s settings and notifies you of any security risks that might be affecting the performance or well-being of your Org. Then, it provides a score based on overall system health.

How does the Salesforce Health Check work?

There are four categories to the health check score: High-Risk, Medium-Risk, Low-Risk and Informational. Your settings are rated on a scale of 100 — the higher the number, the more secure your Org. Since Salesforce is used for a variety of purposes in multiple industries with different requirements, the baseline standard can be adjusted to best fit your organization's needs.  Either way, after running the scan, Salesforce will provide you with a number of recommendations for improving your score.

Some common areas the Health Check scans are password policy settings, session settings and file uploaded/download settings. For instance, suppose you changed your minimum password length from the default value of 8 to something less restrictive, like 5, making your users’ passwords more vulnerable to cyber attacks — in this case, your overall score would decrease, and your password minimum length setting would be listed as a risk.

Other settings that might be listed in your Health Check scan:
  • Maximum invalid login attempts
  • Password complexity requirement
  • Letting users verify their identity via text (SMS)
  • Enable clickjack protection for Setup pages
  • Lockout effective period

Of course, almost any setting within your Org can be at risk — the ones listed above are usually more common as they are usually more susceptible to security breaches. If your settings have been identified as being at risk after you’ve run the Health Check, you will see them in an itemized list — starting with ones that are High-Risk, and so on. To make it easier for users, Salesforce gives you the option to click Fix Risks to quickly reconfigure the recommended settings.

Benefits of the Salesforce Health Check

As an organization grows, their Salesforce Org and the data it stores are likely to grow in complexity — creating more potential for errors and health vulnerabilities. Running regular Health Checks will help you

  • Keep track of changing security needs
  • Fix system errors for overall system performance
  • Maintain compliance with SOX, HIPAA and related standards
  • Improve ROI and user adoption
  • Increase productivity across all departments
  • Streamline new deployments

Ultimately, your Salesforce Org should evolve alongside your business — and the Health Check is one more tool that will ensure that security and performance aren't compromised as that happens. For more tips on improving data security and overall system health, check out Netwrix — a leader in cybersecurity and compliance.

Have you heard of data classification? It’s an important security tactic that helps to organize and store your data into defined categories according to its sensitivity level. Learn more about this security tactic here.