AppAssessor / Admins / Security

Secure Your Salesforce for the Agentforce Era

By Timo Kovala

January 07, 2025
Branded content with Arovy

Fortify your Salesforce system architecture with a holistic solution that combines data security, data usage, and a data dictionary. 

Highlights

  • Identify newly connected third-party applications and revoke unauthorized access. 
  • Detect changes to integration and user access configurations that could put Salesforce data at risk. 
  • Monitor system uptime and integration-level API performance to proactively detect potential threats and expedite the investigation of anomalies.
  • Classify Salesforce fields storing sensitive information in bulk.
  • Accelerate Salesforce Shield adoption and utilization for your business.

Security is a fundamental requirement when using a platform like Salesforce. All the versatility, customization, and extensibility Salesforce offers is counterbalanced with robust security features. Locking down your data, encrypting it, restricting access to it, and monitoring how it is used should be everyday tasks for Salesforce Admins. But as your Salesforce environment matures and grows in complexity, securing it becomes ever more difficult. Salesforce is very much a living system that is constantly changing, making security a challenge for even the most battle-hardened professionals.

Arovy (previously Sonar) is a suite of security solutions built to help Salesforce Architects, Admins, and Developers secure ever-changing Salesforce environments. It extends security oversight beyond event monitoring and reacting to incidents, to proactively highlighting security risks and enabling security best practices. Arovy uses predictive analytics and generative AI to detect anomalies and fix them – providing something most security platforms are unable to do: boosted productivity and efficiency by acting on security insights.

Features

When it comes to securing a Salesforce instance, there are two kinds of solutions available: broad, platform-agnostic security providers, and best-of-breed, tailored solutions offering end-to-end coverage. Arovy is built ground up specifically for Salesforce, placing it clearly in the latter category. Multi-platform security providers may offer centralized management of security incidents, but they rarely go deep enough to capture all critical aspects of information security. 

With a dedicated security solution, you gain holistic oversight to run security operations throughout your Salesforce system. Let’s explore some of the security features Arovy offers Salesforce orgs.

Data Loss Prevention

For most companies, Salesforce is a central hub for customer and business insights that powers a wide range of both internal and external applications. This gives Salesforce a position of power to drive decisions but may also lead to vulnerabilities. For instance, if an integrated platform erroneously updates, creates, or deletes Salesforce data, this can easily snowball into a systemic incident that impacts several core systems. This is why integration security is key to achieving a robust Salesforce system architecture.

Arovy provides several Salesforce data loss prevention features to mitigate the risk of major data-related incidents. One of these is access and incident logging. With this feature, Arovy provides parsed event monitoring API access logs that users can filter by field, object, user, and classification. This allows them to easily see how sensitive data is being accessed and used, and by which user. The tool also logs incidents along with impacted applications, duration, and actions in an exportable format.

Another key data loss prevention feature is data classification. While Salesforce offers data classification as a native feature, it has some notable limitations. For one, the user experience of classifying data in Salesforce is not exactly intuitive; you need to set it up one by one for each field, and navigating to the right settings takes several clicks. Once set up, the closest you get to an overview of data classifications is a CSV export. 

Arovy presents a sleek, graphical interface for easy access to data classifications – a key feature that Salesforce Admins and Security Specialists will definitely appreciate.

Data Dictionary

The word “dictionary” might not shout game-changer, but that’s really what it is. A data dictionary is a collection of attributes, classes, types, descriptions, ownership, and other characteristics associated with data within a system. Arovy’s take on the data dictionary goes beyond simply stating what already exists. It surfaces classifications and other metadata on a single view and allows you to do inline editing without leaving the platform. As icing on the cake, with the two higher license tiers, Arovy provides a generative AI tool to pre-generate definitions, descriptions, and help write text on your behalf.

Arovy’s Data Dictionary for Salesforce Metadata powered by generative AI.
READ MORE: 5 Reasons Why You Need a Salesforce Data Dictionary

Integration Performance and Uptime Monitoring

Integrations don’t typically make a loud bang when they break down. Most API incidents occur quietly and, if left unnoticed, continue to harm your business for a long time. Let’s say an integrated app responsible for populating a field used as a trigger for several flows stops working. No flow errors get flagged and no alert is issued in Salesforce; the process simply grinds to a halt. To make things worse, system breakdowns can compromise sensitive or mission-critical data, causing cascade effects on core processes. 

As they say: there’s no point crying over spilled milk. Once the business notices the issue, the damage is already done, and then it’s only a matter of damage control rather than pre-emptive fixes. This is why API performance monitoring is critical in ensuring architectural integrity.

Arovy has comprehensive API monitoring tools that enable you to keep track of integrations in real-time and react to incidents before business is impacted. The API volume monitoring tool shows spikes in API activity and highlights abnormalities, allowing you to detect possible malicious activities and data leaks. Arovy’s access statistics let you drill down on API activity by fields, Salesforce objects, and integrated applications. It is equally important to know when expected API activity is not happening. 

Arovy’s uptime monitoring flags these situations and alerts owners and stakeholders via email. When combined, these tools allow you to keep your integrations secure and hold service providers accountable for outages and errors.

Arovy’s API monitoring dashboard shows real-time information on API access and calls.

Connected App Monitoring

Salesforce Shield does a good job by itself of securing your Salesforce org. One of its key features is real-time event monitoring. With this, you can monitor the performance, security, and usage of your Salesforce apps. Arovy’s connected app monitoring builds upon Salesforce’s own event monitoring, displaying insights on an interactive graphical interface. Instead of having to build the event monitoring visualizations yourself, Arovy provides these key insights out of the box, saving significant time and effort.

However, you may now be asking: “I can see all my connected apps in Salesforce setup, so what’s the big deal?”. For one, not all integrations use a connected app for authentication; for example, if you use user login for authentication, the integration won’t show up in the list. Secondly, Salesforce doesn’t natively provide automated alerts or guidance when a new integration is added. Both are functionalities included in Arovy’s connected app monitoring.

Arovy allows you to manage your Salesforce integrations from a single dashboard. It displays all the integrated applications along with the Salesforce data they interact with. You can drill down further for interaction details, and you can revoke access with a single click if needed. Arovy also provides concrete action plans for new undocumented applications based on best practice guidelines.

Arovy’s integration dashboard provides an overview of connected apps.
READ MORE: Event Monitoring in Salesforce: How to Effectively Manage Your Integrations

Integration Configuration Management

There is a reason why the principle of least privilege is the gold standard when it comes to Salesforce access and visibility configuration. In principle, neither standard nor integration users should have access to functionalities or data their job doesn’t require. This way, if nothing is changed in user access rights, the scope of potential security incidents is confined to those areas. However, as change is a constant in Salesforce, there is a risk that a seemingly unrelated permission set or sharing rule may create a critical security threat when applied to a user used for authenticating an integrated application.

Arovy provides a visual interface for monitoring object and field access for all integrated applications. With it, you can easily see which integrations have read-only permissions and which ones also modify data within Salesforce. Changes in access rights are detected and logged by Arovy automatically. Access logs can be filtered to display integrations accessing classified Salesforce data, making it easier to protect sensitive and mission-critical data.

Arovy’s application overview shows key statistics and descriptions for each connected app.

Arovy provides an Integration Blueprint for easy documentation of the integration user, business need, and stakeholder details for each integrated app. Newly created integrations are automatically added, and their access metadata and references are included in the blueprint. The Integration Blueprint is your one-stop shop for understanding how different integrated apps have been set up, what they are used for, and who is responsible for them.

Use Cases

Even without a dedicated security solution, Salesforce offers several features to keep your data, metadata, digital assets, users, and integrations secure. Tools like Shield encryption, event monitoring, audit trail, and security health check offer admins and architects means to pinpoint security incidents and handle potential threats. 

The problem is that these features are limited in scope, and all operate independently, making it difficult to get a holistic overview of Salesforce security. This is where Arovy excels: it builds upon the already existing Salesforce features, adding additional layers of protection, enhanced threat detection, productivity-enhancing features powered by GenAI, and more. The key use cases of Arovy are as follows…

Mitigate Risk Across Salesforce Integrations

The best way to increase Salesforce security is to improve documentation. When data is properly classified, descriptions and help texts are used consistently, and use cases and access rights are thoroughly documented, it is easier to pinpoint potential threats and understand the impact of security incidents. Arovy makes an admin’s life easier by simplifying data classification and documentation. It highlights gaps in the data dictionary, provides actionable insights, and even prefills description fields with the help of generative AI.

In addition to documentation, it is important to keep track of changes and anomalies in integration access levels. Arovy automatically detects and notifies you when new integrated apps gain access to Salesforce data. You also receive alerts when those access levels change, giving you the possibility to act pre-emptively if unnecessarily broad accesses are granted to an integrated application. Furthermore, Arovy’s anomaly detection flags potential fraudulent behavior, service degradations, and data loss incidents.

Keep Track of the Salesforce Architecture Landscape

One great aspect of Arovy is that its usefulness is not limited to Salesforce security. Arovy systematically connects the dots between integrated apps and Salesforce into a clear visual format, making it easier for architects to get the lay of the land. This can be an invaluable asset when architecting business process changes. 

When updating a business process, it is important to understand the dependencies and integrations that are connected to the affected Salesforce objects and fields. Arovy’s visual integration dashboard helps you to identify key stakeholders to sync with, and integrations to check during regression testing.

Get the Most Out of Shield With Improved Event Monitoring

Arovy is a tool that is built upon Salesforce’s event monitoring allowing you to maximize the value you get from Salesforce Shield, Salesforce’s solution for data and access monitoring and end-to-end encryption. Where Shield is a reactive tool for identifying and alerting on incidents as they happen, Arovy adds visualizations, analyses, interpretations, and recommendations for future improvements. 

Together, Shield and Arovy offer a holistic way of responding to and pre-emptively mitigating the impact of integration breakages. In addition, Arovy flags abandoned and duplicate integrations to further ensure that unnecessary security risks are averted.

Impact

In the age of generative AI and Agentforce, the emphasis on security has gone into overdrive. AI agents are now able to autonomously access, analyze, modify, and act upon data. This places hard requirements on not only the quality but also the security and integrity of data within the system. 

Salesforce provides native tools like guardrails and the Einstein Trust Layer to mitigate this “AI security challenge”, but at the end of the day, the responsibility of securing your Salesforce data falls on you. Arovy is there to support when Salesforce’s native security features don’t offer the full coverage you need.

Increased Security Operations Speed and Efficiency

One of the key benefits of Arovy is combining different security layers under an interactive visual interface. Security operations teams no longer have to build custom reporting with Tableau or PowerBI, but instead can access pre-analyzed insights from Arovy’s purpose-built dashboards. 

A key time-saver is the ability to act upon security incidents and potential issues without leaving the Arovy platform. On top of this, Arovy offers other productivity boosters like automated alerts, targeted action plans, AI-generated data dictionary fields, and more. Combined, these features can lead to significant cost savings and efficiency boosts for Salesforce DevSecOps teams.

Access changes are easily tracked in Arovy from a single list view.

Risk Mitigation Related to Integration Breakages

As Salesforce instances mature, the number of integrations increases, and along with it, the risk of something breaking down grows exponentially. Unintended breakages lead to both direct and indirect costs, e.g. by causing service outages, process failures, sharing and visibility issues, and data loss. The best way to reduce these costs is by avoiding breakages altogether. This is where the power of Arovy comes into play. Arovy can highlight potential issues in advance and send real-time alerts as incidents appear. Getting timely information on integration issues is crucial in preventing damage to business continuity.

Reduced Knowledge Gaps Between Development Teams

Enterprise-scale Salesforce instances typically have multiple partners and teams running parallel developments with dependencies on shared integrations. When these development tracks operate independently of one another, and integration documentation is lacking, knowledge gaps emerge – often leading to harmful consequences. Arovy acts as a single point of call for integration dependencies, API activity volume and scope, and field and object utilization. This can be a lifesaver for orgs with detached development teams.

Setup

The setup of Arovy is divided into two phases: 

  1. Preparing the sync user and settings in Salesforce for sync.
  2. Configuring Arovy Integration Blueprint according to your org’s requirements.

Phase 1

The first phase consists of ensuring that Salesforce and the connecting user have the correct permissions enabled to allow Arovy to do its magic. 

  • Start by navigating to Arovy settings and finding the user used for syncing with the target Salesforce org. 
  • Once done, log into Salesforce and check that user’s system permissions. Ensure that “View event Log files” and “View Real-time Event Monitoring Data” are enabled for the user.
  • Next, in Salesforce setup, under “Event Monitoring Settings”, verify that “Generate event log files” is enabled. Finally, “Streaming Data” and “Storing Data” must be enabled for the “API Event” and “Bulk API Result Event” in Event Manager.

Phase 2

In the second phase, you configure Arovy settings for objects and integrated apps. 

  • Begin by choosing the objects you wish to monitor via Arovy. This setting is for writing only – Arovy will track all the reads via APIs even if the object isn’t monitored. (By default, Salesforce limits the number of monitored entities to five standard or custom objects in total. Should you wish to include more objects for monitoring with Arovy, you should reach out to your Salesforce account executive to purchase an add-on entitlement.)
  • Once you have configured the objects for monitoring, you can navigate to “Integrated Apps” in Arovy and click “Refresh Objects”. 
  • Arovy will now automatically recognize the API traffic from external applications, keeping track of objects and fields being accessed.

Support

Arovy offers support across several channels, with technical end-user support available via phone (US only), email, and live chat. Customers of Arovy receive a dedicated customer success manager who provides a single point of contact on contractual and feature topics. In addition, an executive sponsor is available as needed for team onboarding, training, and ongoing support.

Arovy offers a support center, including an FAQ, onboarding material, scenario-based guides, and product feature explanations. Additionally, users may submit a request for a new functionality or enhancement, similar to Salesforce’s Idea Exchange.

Pricing

Arovy offers three package options with tiered pricing based on active Salesforce user licenses. Arovy’s pricing starts at $3 per user per month. On the table below, you’ll see the features accessible for each tier.

Summary

Securing Salesforce can be a chore, especially if done without a dedicated platform. However, security is a domain where it doesn’t pay to be stingy. When investing wisely in a proper tool like Arovy, you can save significant time and effort that would otherwise go to manual monitoring and analysis. Not to mention the potential damage to your business caused by integration breakages, or data being compromised. Arovy helps you nip integration failures in the bud, and prevent such incidents from occurring altogether.

Security should never be an afterthought or something you do out of bare necessity. In fact, when you approach security as a core activity, you may find that doing so will create positive synergies for the rest of your business. While securing your Salesforce integration architecture, Arovy identifies gaps in documentation, creates an overview of integrated apps and their dependencies, and provides suggestions to improve the overall performance of the system. In essence, paying attention to security leads to a more efficient, reliable, and transparent system.

To try Arovy out for yourself – for free – book a demo with an expert today.

The Author

Timo Kovala

Timo is a Marketing Architect at Capgemini, working with enterprises and NGOs to ensure a sound marketing architecture and user adoption. He is certified in Salesforce, Marketing Cloud Engagement, and Account Engagement.

More like this:

Leave a Reply