Creating secure integrations : case of Salesforce integrations

Abstract

Organisation's demand for digital transformation is increasing. These days organisations are seeking ways to centralise their systems and operations. The need for cloud-based Customer Relationship Management (CRM) systems is, without a doubt increasing. These cloud-based systems offer many benefits like security by design and cost efficiency. Salesforce is the world's leading CRM platform, and it offers a high level of security and a large variety of functionalities to extend security even further. However, integrations between Salesforce and third-party software create vulnerabilities that organisations and developers creating integrations need to consider. Organisations need to implement integration security into their information security policy (ISP) and obligate those creating integrations to follow security standards and best practices. Increasing security knowledge and resources will help transition towards more secure integrations. This research finds out whether organisations and developers are considering security while creating integrations. The research includes a case study where organisations and developers were asked about their integration security expertise and where they think the responsibility of secure integrations lies. The research aimed to provide security best practices for integration creation and insight into sharing responsibilities between different stakeholders. Research showed that the size of the organisation and the developer's information technology experience correlate with their security knowledge. However, results also show that organisations and developers do not focus on integration security as much as needed. This research recognised a need for further research due to the significant lack of research on the topic.