Salesforce Shared Responsibility Model: What It Means for Salesforce Admins

Salesforce Admins already wear a lot of hats. We’re part business analyst, part support desk, part automation expert, and we’re now also expected to be security champions. One area that often gets overlooked (but absolutely shouldn’t) is understanding our role in Salesforce’s Shared Responsibility Model.

In our latest Salesforce Administrator Survey, a staggering 73.5% of respondents said they didn’t know what the Shared Responsibility Model was. That’s a problem because it directly affects how we protect our orgs, our users, and our data. Whether you’re a solo admin or part of a large team, this needs to be on your radar.

What Is the Salesforce Shared Responsibility Model?

The Shared Responsibility Model is a framework used by most cloud providers, including Salesforce. It outlines which parts of the security puzzle Salesforce is responsible for, and which parts you, the customer, are responsible for.

Salesforce handles the “cloud” part. That means the physical infrastructure, like servers, data centers, and the global network that keeps Salesforce up and running. They ensure the platform is resilient, reliable, and available, and they do a great job at that.

But here’s the kicker: once you start building on Salesforce – storing data, creating users, adding automation – that’s your responsibility. You’re the one in charge of keeping your org’s data secure.

What Are Admins Responsible For?

As an admin, your responsibilities include:

• User Access Management: Are the right people accessing the right data? Tools like role hierarchies, sharing rules, and permission sets are essential, but only if they’re implemented correctly.
• Data Protection: This includes backing up your data, having a plan for restoring it in case of loss, and using tools like field-level encryption when appropriate.
• Security Settings: Enabling features like Multi-Factor Authentication (MFA), login IP restrictions, and session timeouts.
• Custom Configurations: Flows, Apex code, and third-party integrations all need to be built securely and maintained regularly.

If your Salesforce data gets deleted, corrupted, or exposed because of a misconfiguration or a lack of backup, that’s on you, not Salesforce.

Tools

There are several tools that can help you protect your data, including backup, restore, and archiving tools.

According to our survey, nearly 30% of admins say their organization doesn’t use any form of backup solution. And an even higher 65.5% don’t have an archiving tool in place. That’s a risky position to be in, especially if your company is storing sensitive data like personal information, financial records, or health data in Salesforce. 

Final Thoughts 

The Salesforce Shared Responsibility Model isn’t just a concept – it’s a call to action. Salesforce takes care of the platform, but you are responsible for your data, users, and custom configurations. If something goes wrong in those areas, the buck stops with you.

Admins have always been superheroes in the Salesforce ecosystem, and security is just another cape to wear. If you’re not already thinking about backup, user access, and data protection, now’s the time to start. In a shared responsibility model, your vigilance is the key to keeping your org safe.

For more admin insights, check out our SF Ben Salesforce Administrator survey here.