Securing Salesforce in 2023

This study will provide you with data and insights that can inform your Salesforce security strategy for 2023 and beyond.

Every Salesforce admin and security manager will benefit from this practical advice on where to focus your security resources in 2023 to better manage your Salesforce environment security.


With all the various options for Salesforce security, where should you focus?

We conducted global survey to ask thousands of IT-professionals how they deal with cloud security. To back up this data with Salesforce-specific insights we took detection data from WithSecure Cloud Protection for Salesforce product to share with you what we have seen in 2022. Based on these sources our experts give their recommendations where to focus your security efforts in 2023. 

IT leaders top 5 security challenges in 2022.

Cloud and collaboration

Cloud platforms like Salesforce have become essential for maintaining remote and hybrid working strategies accelerated by the pandemic, as well as delivering advantages in terms of improved efficiency and agility, and reduced costs and resources. However, this more diffuse IT environment also creates more moving parts, many of which are out of direct control.

Ensuring security of cloud-based collaboration applications, such as Salesforce and Office 365.

Ensuring the security of an increasingly diverse pool of devices, services and software.

Preventing advanced e-mail-based threats, such as phishing or business email compromise (BEC).

Preventing data breaches.

Ensuring protection against malware and ransomware.

“While Salesforce is working to keep its infrastructure secure, users must recognise their responsibilities in securing their instances. The days of Salesforce not being targeted are close to zero, so there is no time to waste.”

Doug Merrett - Salesforce Security, Compliance, Privacy and Resilience Specialist, Platinum7

“For decades, everything used to be in your direct control on premises, with only a limited number of external connections to worry about. Now everything is in the cloud, many critical systems are out of direct control.”

Pankaj Paryani - Salesforce Technical Lead, WithSecure™

Our deep dive article on Salesforce security priorities outlines the trends we found in our Pulse 2023 survey.

46% of organizations detected one or more targeted attacks in their cloud platforms in the last 12 months

The fact that a quarter of respondents believed they were the victim of a targeted attack in the last 12 months demonstrates that adversaries have become more sophisticated and organised. However, many organisations are making the attackers’ lives easy by failing to properly configure and monitor their cloud environments.

Was breached more than once


Was breached once                                                  


Was detected more than 1 targeted attack


Was detected 1 targeted attack


Interested learning more?

Download the full report to get all the data from 2022 and our Salesforce security experts’ recommendations for 2023.

Our experts


Dmitriy Viktorov

Head of Product and Technology, Cloud Protection, WithSecure™

Dmitriy is a seasoned product and security pro who is passionate about solve complex problems and helping customers keep their cloud and digital services secure and protected.

He has held different roles in R&D, Product Management and Technology Office, and is currently leading product development of Cloud Protection for Salesforce.


Pankaj Paryani

Salesforce Technical Lead, WithSecure™

Pankaj is a skilled Salesforce Developer & Consultant with multiple projects developed for customers around US, UK and APAC regions.

His recent role focuses on leading the CRM Development team at WithSecure to make sure Sales and Services are securely up and running with their customer needs.


Doug Merrett

Salesforce Security, Compliance, Privacy and Resilience Specialist, Platinum7

Doug is a passionate security advocate who worked at Salesforce for 13 years as a Platform and Security Specialist, in the UK and Australia.

During that time, he helped many customers understand Salesforce's approach to security & infrastructure and guided them on maximising the security of their data stored on the Salesforce Platform.

In June 2021, Doug started his own consultancy, Platinum7, focusing on Salesforce Security, Compliance and Resilience.