Security & the salesforce platform

1. register to platform keynote

1.1. wed 2pm

2. human factor

2.1. security is as strong as the weakest link

2.1.1. people

2.2. solutions

2.2.1. larger visibility & event notifications

2.2.2. recovery

2.2.3. anomaly detection

2.2.3.1. trace sequence of events that indicate something potentially being a security breach

2.2.4. transaction security

2.2.4.1. consumes the stream of logged events & applies policies on it

2.2.4.2. built directly into the platform

2.2.5. new API providing access to forensics data

2.2.5.1. clickstream

2.2.5.2. report export

2.2.5.3. API

2.2.5.4. login

3. access control

3.1. very granular

4. 2-factor auth

4.1. on by default

4.2. see stoy of Matt from Wired who got seriously hacked & could have prevented it had he had 2fa in his google account

4.3. you can control for which resource you always need to secure the session using 2fa

4.4. view & manage activated devices

5. Identity

5.1. IDaaS

5.2. centralized access mgmt & provisioning

6. security & the salesforce platform

6.1. secure by default

6.2. security services

6.2.1. underlying any app in the platform

6.2.2. see list in the secutity settings page

6.3. data encryption & protection

7. how can you trust developers working under pressure to do everything right, irt the many existing security vulnerabilities

8. pattern

8.1. threats are lurking

8.2. controls set in place

8.3. repeat until complacement sets in

9. about

9.1. eric leach, sr dir pm platform security

10. "security is like the weather"

10.1. you don't think about it until something goes wrong

10.2. security follows similar patterns

10.3. even if you see it in advance you still get caught

10.3.1. because

10.3.1.1. organizational inertia

10.3.1.2. the human factor