Securing non-human identities in Salesforce

Tal Skverer July 17, 2023

Salesforce environments across the world are connected to 11,225,724 AppExchange services, as well as countless other non-exchange services that can be integrated into Salesforce environments via API keys, OAuth tokens, service accounts and more. All these non-human connections accessing sensitive Salesforce environments significantly expand the attack surface, exposing companies to supply chain attacks, data breaches and compliance violations.

Salesforce is one of your organization’s most critical core environments, holding crucial business processes and sensitive information. To automate processes and increase productivity, employees regularly connect third-party apps and services to their corporate Salesforce, often without the knowledge of the security team. 

The risks of unmonitored non-human identities to Salesforce environments

Anyone within the organization can connect third-party apps and tools to the corporate Salesforce environment without any vetting from the security teams. While not all Salesforce users can use the app exchange, every single one is able to connect non-marketplace apps in multiple ways such as webhooks, OAuth tokens and more. 

Everything from the Salesforce interface to accounts, contacts, calendars, Salesforce Flow, documents and more can be breached through third party non-human identities. All it takes is just one of your connected apps or services to be breached, and your organization’s most closely guarded assets, along with vital customer information, could be stolen or leaked.

For example, in recent years, sales intelligence solution Apollo fell victim to a breach that exposed some 9 billion data points. Salesforce users were affected by the breach because Apollo is a widespread third-party Salesforce integration, and the hackers who infiltrated Apollo were able to score some 7 million pieces of internal data regarding customers within Salesforce environments.

Your Salesforce environment could be more exposed than you think

Using the Astrix Security platform, we discovered that Salesforce environments are far more exposed to non-human identities than originally thought. 

From our research we discovered: 

  • Hundreds of connections to third-party applications and cloud services 
  • New connections are seen on a weekly basis
  • Access granted between Salesforce and other apps was no longer used. 
  • Connections with common cloud services were configured with complete (and unnecessary) admin permissions. 
  • The majority of these connections are applications originating from non-marketplace sources which are not vetted
  • Many of the connections were with third-party apps and services of low-reputation publishers.

How Astrix helps secure your Salesforce environment

  1. Get a full inventory of all non-human identities accessing your Salesforce environment and understand the risks associated with them.
  2. Get granular visibility into the OAuth permissions of your Salesforce environment. Salesforce OAuth tokens are usually very privileged and there is no easy way of knowing what access these tokens have without Astrix. 
  3. Ensure all non-human identities accessing your Salesforce environment have least privileged access, and remove unused connections.
  4. Detect anomalous activity and remediate risks – Astrix’s behavioral analysis looks into the app’s access parameters such as geolocation, IP and user agent as well as advanced behavioral parameters such unusual usage, to detect misbehaving services and apps. 
  5. Get alerts only on risks that expose you to supply chain attacks, data breaches, and compliance violations, and easily remediate them through automated workflows.

Book a live demo of Astrix now

Learn more

How Astrix Will Use Series B Funding to Transform Identity Security

How Astrix Will Use Series B Funding to Transform Identity Security

10 Predictions for Non-Human Identity Security in 2025

10 Predictions for Non-Human Identity Security in 2025

The Service Accounts Guide Part 2: Challenges, Compliance and Best Practices

The Service Accounts Guide Part 2: Challenges, Compliance and Best Practices