Automatically Remove Salesforce Public Links with Varonis

Varonis’ least privilege automation capabilities now remove public Salesforce links automatically.
Nathan Coppinger
2 min read
Last updated February 6, 2024

Watch this demo to see Varonis' least privilege automation in action.

Varonis’ least privilege automation capabilities now expand to Salesforce, enabling our customers to remediate public links in Salesforce automatically and continuously.

Public links pose a significant risk to organizations and, without the proper configuration insights and remediation controls, expose critical attachments such as sales contracts, pricing info, support tickets, and more. 

What are public links?

Public links enable users to share files and attachments from your Salesforce Orgs with anyone. If they have the link, they can access your data.

Public links are easy to create but nearly impossible to find and track with Salesforce’s native capabilities alone.

Organizations often have the “create public link” permission switched on in their global sharing settings without realizing it. The permission then proliferates throughout the organization as Profiles and Permission Sets with this entitlement are cloned and assigned to new users.  

With Varonis, organizations can continuously monitor their Salesforce environments to identify where sensitive data is exposed through public links, understand who can create them, and automatically remove them – all from a unified platform.

Remediating public links with Varonis

Varonis continuously monitors Salesforce to identify where users share sensitive Salesforce data using public links. Our Salesforce dashboard provides a visualization of the number of public links, stale or active, across your Salesforce Orgs. 

Salesforce public link widget

Get an overview of the number of links across your Salesforce Orgs.

From the dashboard, you can easily drill into a report to see exactly which public links exist and get more information on each, including:

  • Who created the link
  • Whether the link has sensitive data
  • The last time the link was used
  • If it’s password-protected
  • Its related records
     

Salesforce public link report 1

View all of the public links created across your Salesforce Orgs.

 

Public link detailsSee all the details related to each public link.

From this report, you can use Varonis to remove the public link from the internet, cutting off unwanted access to your data.

You can select specific links you would like to remove or create a policy to automatically remove links based on specified criteria, such as sensitivity and staleness.

You can also set the remediation policies to run at regular intervals to reduce public exposure continuously. 

 

Remove public links directly from the Varonis UI.

Preventing the creation of public links

Understanding who can create public links involves identifying which Profiles and Permission Sets have that ability and then tracking down each user with the assigned Permission Set.

With Varonis, our platform quickly surfaces which users can create public links, providing you with a report of every Profile and Permission Set containing the “create public link” entitlement and the individual users who can perform the action.

You can then use the results to identify where to restrict the ability to create public links.

 

Quickly find who can create public links in Salesforce.

Try Varonis for Salesforce

Available on the Salesforce AppExchange, the Varonis Data Security Platform helps security teams continuously monitor and improve their Salesforce security posture in real-time with the ability to:

  • Discover and classify sensitive data in records and attachments
  • Greatly simplify permission analysis to understand where sensitive data is exposed and enforce least-privilege access
  • Monitor sensitive data activity and alert on abnormal behavior
  • Enhance Salesforce Shield
  • Continuously surface and fix configuration drift
  • Identify and manage third-party application risk

Ready to protect your critical Salesforce data and improve your security posture with Varonis?

Contact us today to get started with a free Salesforce data risk assessment.

 

What should I do now?

Below are three ways you can continue your journey to reduce data risk at your company:

1

Schedule a demo with us to see Varonis in action. We'll personalize the session to your org's data security needs and answer any questions.

2

See a sample of our Data Risk Assessment and learn the risks that could be lingering in your environment. Varonis' DRA is completely free and offers a clear path to automated remediation.

3

Follow us on LinkedIn, YouTube, and X (Twitter) for bite-sized insights on all things data security, including DSPM, threat detection, AI security, and more.

Try Varonis free.

Get a detailed data risk report based on your company’s data.
Deploys in minutes.

Keep reading

Varonis tackles hundreds of use cases, making it the ultimate platform to stop data breaches and ensure compliance.

what's-new-in-varonis:-may-2024
What's New in Varonis: May 2024
Varonis brings a UI refresh, easier policy management, expanded automated remediation capabilities in AWS, automation rollback, and privacy automation.
using-power-automate-for-covert-data-exfiltration-in-microsoft-365
Using Power Automate for Covert Data Exfiltration in Microsoft 365
How threat actors can use Microsoft Power Automate to automate data exfiltration, C2 communication, lateral movement, and evade DLP solutions.
what-about-individual-users-on-acl's?
What About Individual Users on ACL's?
One question I received in response to our recent post about aligning windows security groups and automating entitlement reviews was, “If you’re using single-purpose security groups and managing them automatically...
cloud-security-essentials:-the-case-for-automated-dspm
Cloud Security Essentials: The Case for Automated DSPM
Data security posture management (DSPM) has emerged as a standard for securing sensitive data in the cloud and other environments. However, without automation, DSPM doesn’t stand a chance. Automation is crucial to overcoming the challenges of securing data in the cloud.