Salesforce Mobility & Security – When the user’s PIN is simply not enough
Many of us love and prefer using Salesforce and working with Salesforce data in remote locations, on mobile devices.
With an ever-increasing popularity and high-speed adoption of phones & tablets questions about privacy and data protection arise. Volumes of sensitive information we carry in our hands & pockets nowadays are growing, and ultimately, we want to keep ourselves and our data safe. Protection against losing business and user data is now a part of every mature enterprise strategy.
Enterprises deem to strengthen mobile security and safeguarding essential information only by the user’s PIN is simply not enough anymore.
As you evaluate your enterprise mobile strategy and deploy Salesforce data into field users’ mobile devices, here is a summary of considerations about security:
Fortify your data with Device Security Management
Accessing vital business information on the go can only be 100% risk-free with the combination of advanced features and mobile application management capabilities. Device Security Management integrated within the app that carries and handles your Salesforce data will let you have it under control every step of the way.
How do you protect Salesforce data while on the go – when local storage on iOS and Android is only secured by the user’s PIN code? Well, the standard application databases on mobile devices are NOT protected, and there is no secure storage APIs. However, user login and application configuration need to be protected. Again, this is not handled in a secure way on any mobile platform’s APIs.
Yet, there is a way to handle device security on any mobile platform APIs. However, user session (automatic log out after 10 minutes) and app-password protection APIs are missing or on a very low level, it all must be developed from the ground up. This requires complex engineering with a high risk attached to even the smallest oversight.
Integrate MDM & MAM capabilities into your Salesforce mobile solution
Resco Mobile CRM – an all-in-one business application that lets you use and limitlessly manage Salesforce data in the field gives a whole new perspective on Salesforce mobile security.
There’s no need to implement external Mobile Application Management and Mobile Device Management tools to secure your data. With Resco Mobile CRM, these are incorporated natively within the application. You can see a detailed overview of each device the app is running on, sort them into groups and apply various security rules, or remotely lock & wipe the entire app.
Resco is not built on Salesforce (force.com platform). It is a native mobile app connecting to Salesforce via its API. Easy to implement and use, once you deploy Resco with all Salesforce data to mobile devices, you won’t need to integrate any other app. You will have an all-under-one-roof business tool with hundreds of capabilities to choose from.
Data security is at the top of the list of Resco’s priorities – meaning, it has had zero issues with client data.
How to handle Data Encryption?
Being able to work without ‘technical’ disruptions and interruptions is an essential requirement of every company, every field rep. When there is no WIFI, no or bad connection – offline mode in Resco for Salesforce comes into play. Users can access, create, modify or delete Salesforce data even without internet connection. The data stored locally on the device – for offline functionality and faster performance of the app – is always securely encrypted by default. The encryption is based on an application key, which is randomly generated when the database is created and protected by a password. The key is stored in an encrypted form in the device’s file system and decrypted when required.
There is more you can do to make the app ‘bulletproof’
- Predefine security profiles for users (e.g. wipe application data when an incorrect password is entered three times).
- Take advantage of fingerprint login and multi-factor authentication using the OAuth2 authentication protocol.
- With the Resco LoginTag technology, you can use advanced sign-in via NFC tags or QR codes
- Enable geo-fencing – allow certain actions only in certain areas and respond to the user’s actions in real-time.
To confirm that our mobile app is secure and that there aren’t any hidden threats, you can provide the source code of our application to an independent security authority for audit and certification.
Want to hear in detail about how big of a role should security play when setting an enterprise mobile strategy? Check out the solution for Salesforce mobile security or contact the mobility experts from Resco at [email protected].