What is Salesforce Health Check?

Tag Salesforce

Surely you have heard the expression “if it works, don’t touch it”. It is a rule of thumb that is very present in the world of computing, however, it should not be applied 100%. Most system administrators and Salesforce administrators are not exempt, they live each workday saturated with requests awaiting to be satisfied. Through multiple configurations, Salesforce administrators manage to adapt organizations to the particularities of each company. It often happens that, moved by the urgency of daily completion of critical demands, security recommendations are ignored during these customizations. It is then that the system can be exposed to vulnerabilities.

How often do you stop to wonder how your organization’s security is doing? Maybe a lot less than you should. Regardless of whether you are a project manager, consultant or administrator, the Health Check of your organization offers you an overview of everything that, even working, you could touch and improve.

In this article we will bring you closer to Health Check and its importance for your organization.

What is the Salesforce Health Check?

Health Check is a native Salesforce functionality through which you can view a detailed assessment of the security of your Salesforce implementation. It runs to identify problems, risks, and vulnerabilities in your configurations and customizations. In addition, it provides you with elements and suggestions to improve the general protection of your organization.

Salesforce is a very flexible platform and customizations are very common. Users often deploy applications and make adjustments to make the system as responsive as possible to the way their business works. For this reason, both the platform and the users are responsible for guaranteeing the security of the work environment. Health Check is a tool that provides the information necessary to identify inactive security mechanisms or configurations that may constitute vulnerabilities. This information is very useful to prevent security breaches when applications and personalization codes are added to the organization.

With just one click, through Health Check , you can run a deep assessment of all your security settings. The configuration parameters will be compared with those of the baseline (by default, standard values recommended by Salesforce).

At the end of the analysis, a panel will show a percentage score that indicates the security status of your organization. This score is expressed on a scale of 0 to 100, where 100 is the optimal setting.

Security status of your organization

On this same screen you can view the list of all the configurations examined, with their status and the option to be edited. In the case where you have full control over the impact that each value of your configuration has, on customizations, integrations, users, etc. you’ll be able to click the Fix Risks button and adjust all risk settings at once to the baseline values. You should be very careful with this option, because you may get unexpected results.

Recommendations according to score

As we mentioned earlier, all of an organization’s security checks are performed against baseline values. In industries like medical and financial, legal security requirements are generally more stringent than what Salesforce sets by default. In these cases, the application allows importing a personalized baseline in XML format.

Why is it important to consult the Health Check ?

On the Internet, no software is free from threats. Saas like Salesforce are especially sensitive because of the amount of business-critical information they contain and can be accessed by many users from almost any device. Consulting the Health Check allows you to know how exposed or protected your organization is against common security threats such as online password hacking or malicious code injection.

Among the safety aspects that are evaluated by a Health Check are included:

  • Protection at the session level in parameters such as the maximum number of login attempts, closing when the timeout expires, restricting sessions to a certain domain and a source IP.
  • Protection at the connection level is achieved in two ways. In the first instance by requiring HttpOnly, to mitigate the risk in client-side code, which is executed by means of a cookie. Second, by checking the update status of all certificates.
  • Security policies for passwords such as length, expiration, and complexity (the use of the combination of letters, numbers, and special characters).
  • Content security policies, which protect your organization from XSS (Cross-site scripting) attacks.
  • Code execution protection for both Apex and Visualforce pages against CSRF (Cross-Site Request Forgery), XSS, and clickjacking.

Some of the benefits of Salesforce Health Check are:

  • Identifies non-optimal settings that may affect security.
  • Detects potential vulnerabilities.
  • Provides recommendations for improving security implementation.
  • Reviews the best practices app for using Salesforce.

It is important that you consult the Health Check after every customization and configuration change you make. It is recommended that, every time you implement changes in your security policies, you run a status report before and after. It is a good practice to keep it as part of the documentation of your environment, the reports that you obtain on each occasion. So you can significantly improve your level of security.

In short, Salesforce Health Check is a useful tool to easily visualize and fix vulnerabilities in your Salesforce organization. Remember that even when it works, optimization and continuous improvement of your implementation should be a management goal. Contact us at hello@theskyplanner.com if you need a diagnosis of the security status of your Salesforce implementation.

PinLinkedInPrint

Trusted by great companies.

From start-ups to Fortune 500s, we help businesses of all sizes get the most out of their Salesforce experience.

sp-client-Sony
sp-client-GBI
sp-client-Sabadell
sp-client-Boats
sp-client-DHL
sp-client-Norwegian
sp-client-Larkin
sp-client-Bupa
sp-client-Discovery
sp-client-Bacardi

What people are saying

Five starts

Five stars on customer satisfaction and Salesforce appexchange ratings.

"Excellent Consultants. During the training I received by the SkyPlanner team, I was lucky to better understand the powerful capabilities of Salesforce.com. They were very effective, straight-to-the-point, and with a solid knowledge of the CRM and the Force.com platform. Definitively they showed us how to streamline the business process within our company. Great group of people spreading valuable knowledge to make businesses grow. I highly recommend them."

Ramiro Allen — Chief Software Engineer @ TurboPay Limited

"Excellent partner! We have been working with SkyPlanner for almost one year now. It has been a pleasure working with their team. If it wasn't for them we would have not been able to go-live with our platform when we did. They understood our needs and were not only able to execute but guide us in our decisions. We continue using them for our on-going projects. They have a deep understanding of the overall platform. Their team is always ready, willing and able to help."

Ivan de Moya — VP Innovation Technology @ SunStreet

"SkyPlanner was professional, creative, reliable and extremely accommodating. From the onset of the project, it was clear that we had found the right partner. Our project was complex and every time we hit a roadblock, SkyPlanner was helpful in identifying and implementing a solution. Jorge Fernandez [SkyPlanner's Co-Founder & Managing Director] was our primary contact and we cannot say enough about what an asset he was in bringing our project to resolution."

Ryan Borcherds — Marketing @ Deliver Lean

"On time, on budget, great quality on every project. Whenever I get asked to recommend a Salesforce.com partner, I do not hesitate on my reply: Go with SkyPlanner. I had the privilege to have worked with many teams over the years, none have brought to the table the enthusiasm the SkyPlanner team has. This combined with their professionalism and expertise are the reasons I ONLY recommend one partner: SkyPlanner. In every project (and we have done many) they have consistently delivered on time and on budget with significantly superior quality."

Juan Meza — Strategic Business Development Director @ Sony Electronics Inc.

"Outstanding Service! Happy to have them as our partner! SkyPlanner is by far the most experienced and reliable Salesforce partner. We almost gave up on Salesforce thanks to our previous partner, fortunately we found SkyPlanner and they came to the rescue! They took their time to understand our needs and complexity of our organization. Highly talented, professional and dedicated team. I cannot stress enough how happy we are to have them as our partner and we look forward to continue building our relationship."

Nolan Pereira — Project Manager @ BLU Products

Let's get started
Go to top