About Cloud App Security for Salesforce

Cloud App Security provides a separate license to integrate cloud to cloud with Salesforce to protect your Salesforce Sandbox and Salesforce Production environments. Salesforce is a web-based customer relationship management (CRM) platform that provides database services, applications, and application programming interfaces (APIs). It helps you manage relationships with prospects and customers, collaborate and engage with employees and partners, and store your data securely in the cloud.

Cloud App Security installs its app to your Salesforce environment, provisions a service account to obtain limited access, and adds Apex triggers to objects it protects. When an update to an object record occurs, Cloud App Security scans the update and takes action against the content as configured if it triggers a policy.

Cloud App Security applies Advanced Threat Protection policies to protect Salesforce Chatter, Community, Cases, and Attachments from malicious URLs and files, and Data Loss Prevention policies to safeguard all Salesforce objects against accidental or deliberate leakage of sensitive data in text and files.

The following guides you through Salesforce specific features and settings in the Online Help:

  • System requirements

    Salesforce categorizes its CRM apps into Sales Cloud, Community Cloud, Service Cloud, Marketing Cloud, and so on. For more information on the apps and their editions that Cloud App Security supports, see System Requirements.

  • Dashboard

    Monitor web activities in your network with the dashboard:

  • Provision

    Provision a service account for Salesforce Sandbox and Salesforce Production on the management console, respectively. With this account, Cloud App Security obtains limited access to your organization's Salesforce environment and run advanced threat protection and data loss prevention scanning on object records. For details, see Provisioning Salesforce.

    Cloud App Security automatically deprovisions the service account and frees up the resources by your Salesforce environment if your license expires. You can also manually deprovision the service account. For details, see Deprovisioning a Service Account for Salesforce.

  • Advanced Threat Protection policies

    Configure General, Malware Scanning, and Web Reputation in Advanced Threat Protection policies to scan updates to object records in Chatter, Community, Cases, and Attachments of selected profiles, and take actions to protect against malware threats and prevent unwanted URLs. For details, see Adding ATP Policies.

    Cloud App Security performs real-time scanning when object records are created or updated.

    Note:

    Manual scan is not supported.

  • Data Loss Prevention policies

    Configure Data Loss Prevention policies to scan updates to all object records of selected profiles, and take actions to protect confidential data. For details, see Adding Data Loss Prevention Policies.

    Cloud App Security performs real-time scanning when object records are created or updated.

    Note:

    Manual scan is not supported.

  • Logs

    Query logs and generate reports by type and supporting log facet. For details, see Logs and Reports.

  • Quarantine

    Query, view, and manage the quarantined items violating Advanced Threat Protection and Data Loss Prevention policies. For details, see Quarantine.

  • Administration

    Configure Service Account, Administrator and Role, Single Sign-On, Notification Sender List, Notification Email Signature, and Predictive Machine Learning Exception List, and view License under Administration. For details, see Administration.