100% Native Salesforce Apps: Security and your data

Bec Henrich VP of Marketing

Customer and prospect data is your best asset to sell more efficiently and effectively. But as you collect and store private business or personal data, your duty to protect and keep it safe grows. So, when considering what third-party applications you should install into your Salesforce CRM, where all this private information lives, it’s important to know how these integrations can impact your data security.

Many apps on the AppExchange take data outside of your CRM for processing or operations. But ultimately, the safest place for your data is inside your Salesforce CRM. When choosing what application is best for your organization, you can greatly limit risk by using an app that’s 100% native to Salesforce.

What Are 100% Native Salesforce Apps?

Apps that are built entirely on the Lightning Platform are 100% native to Salesforce. They share the same core technology as the products Salesforce builds themselves like Sales, Service, and Experience Cloud.

App builders like Traction Complete, who are 100% native to Salesforce, share the same data security practices as Salesforce itself as they process all of their operations within the same platform. Then, we, use Salesforce’s data security as our own.

When assessing the security considerations for 100% native apps you are discussing the same security compliance and benefits as the security review you completed when first implementing your Salesforce CRM. Integrating 100% native apps should save you time and effort as you have already assessed the data protection risks.

How Salesforce’s security architecture works

Your data is of the utmost importance and Salesforce has invested in delivering high network security. Is the location of where your data is stored important to you? In most cases, your data is held in Salesforce-owned data centers in the same region you’re located in.

Additionally, when you access data in Salesforce, it’s encrypted in transit using Transport Layer Security (TLS) with at least 2048-bit RSA server certificates and 128-bit symmetric encryption keys. Traffic passes through stateful packet-filtering firewalls and edge routers that protect your org’s perimeter.

Intrusion detection systems constantly monitor their servers and any incidents that occur are reported in real-time at trust.salesforce.com. Salesforce also conducts regular penetration testing and vulnerability scans.

100% native apps are covered by these same security measures. When you use a native application, your data never leaves the protection of the Salesforce platform.

How Salesforce processes your data

Salesforce processes customer data based on how the customer uses their platform. If data must be processed by one of Salesforce’s sub-processors, Salesforce has strict privacy and data security agreements with those sub-processors. These agreements are also enforced by regular and thorough audits.

Native Salesforce apps automatically comply with Salesforce’s data processing policies. They never process data in any way that you haven’t already agreed upon with Salesforce.

Salesforce’s global data security certifications

Include (but are not limited to):

  • Department of Defense IL-2 & IL-4
  • GDPR
  • ISO 27001/27017/27018
  • Payment Card Industry (PCI)
  • Cloud Computing Compliance Controls Catalogue (C5)

Apps that are 100% native to Salesforce are covered by most security controls these certifications require.

Processes in the event of a disaster

Salesforce has a duty of care to ensure data stored within their platform is never lost or corrupted. As a security measure, they have configured their networking components, network accelerators, load balancers, web servers, and application servers redundantly. If any one piece fails, there are multiple backups available to keep things running.

Your Salesforce data is automatically replicated in real-time and backed up to localized data stores, stored on redundant, carrier-class disc storage with multiple data paths.

If in the small chance, a disaster does occur, Salesforce has processes in place to restore your services within 12 hours. These are tested annually to ensure compliance.

Because native Salesforce applications don’t process data outside of Salesforce, your data is always protected by their reliability and disaster recovery policies.

The security of your data center

When considering data security, concerns about access and safety stem past the digital into the physical locations where this data is stored. Salesforce’s data centers are only accessible by authorized personnel – the locations are unmarked and surveilled by guards 24/7 that enforce 2-factor access screening. These buildings are engineered to monitor temperature and moisture, as well as withstand any other environmental factors that could impact the safety of your data. In the event of a local power failure, these buildings are fitted with alternate power systems to prevent electrical failures.

As mentioned previously, because native apps host all of their data within the Salesforce platform, all of the above physical security measures also protect any data processed by these apps.

Your data and your business

When weighing the business requirements of different solutions, the security benefits of using a native Salesforce app should also be taken into consideration. At Traction Complete, we believe that having access to the data you need, right inside of your Salesforce CRM, helps you operate at the speed of the business.

The added security benefits of being 100% native to Salesforce means that your team can operate with confidence that your data is protected and kept safe by the same data security measures Salesforce itself uses.

Read our full Data Protection Act here.

Last Updated: 15 December, 2023


If you have specific questions related to your data and our Salesforce apps, book a time with our experts and they’ll help you get the information you need to make a confident decision on your technology.