Salesforce Security Implementation Guide

Protecting your data is a joint responsibility between you and Salesforce. Salesforce security helps you empower your users to do their jobs safely and efficiently.

Security Overview: Salesforce security features help protect your data and applications out of the box. You can also implement your own security scheme to reflect the structure and needs of your organization.
User Authentication: Authentication is the process of confirming the truth of each logged in user’s identity to prevent unauthorized access to your organization or its data. Salesforce provides each user in your organization with a unique username and password that must be entered each time a user logs in.
User Authorization: Choosing the data set that each user or group of users can see is one of the key decisions that affects data security. You need to find a balance between limiting access to data, thereby limiting risk of stolen or misused data, versus the convenience of data access for your users. Ensure that each user only has access to the data and tools that you specify.
Data Sharing Tools: Give specific object or field access to selected groups or profiles.
Monitoring Your Organization's Security: Track login and field history and monitor setup changes.
Platform Encryption: Platform Encryptiongives your data a whole new layer of security while preserving critical platform functionality. The data you select is encrypted at rest using an advanced key derivation system. You can protect data at a more granular level than ever before, so that your company can confidently comply with privacy policies, regulatory requirements, and contractual obligations for handling private data.
Security Tips for Apex and Visualforce Development: Understand and guard against vulnerabilities as you develop custom applications.