Category: Developer Certification

Five Ways to Safeguard Sensitive Salesforce Data

~ Sara Morgan ~ Leave a comment

Salesforce contains a wealth of customer data that need proper security. Companies have to worry about common cyber attacks, along with laws and regulations that demand compliance. You may have heard of HIPAA, but what about the GDPR, PII, PCI, COPPA, or CPPA?

Protecting sensitive Salesforce data is an ongoing and multifaceted task. The level of protection varies by company. The first line of defense is always field and object-level permissions, along with the Salesforce Sharing Model. You can learn more about those in my Security Series.

Here are 5 additional methods to specifically help protect sensitive information in Salesforce

Encryption

Data encryption is a vital technique to protect sensitive data at rest or when it is stored. Salesforce offers two primary encryption methods: Classic Encryption and Shield Platform Encryption. Both use keys to scramble and unscramble sensitive data. Neither replace field-level security, which should always be looked at first.

Neither replace field-level security, which should always be looked at first.

Classic Encryption

Classic or Field-level encryption encrypts individual sensitive fields like SSNs. An unauthorized user will see data in the encrypted form and only users with the “View Encrypted Data” permission can view actual data.

Pros:

  • Strong encryption of text fields, along with data masking
  • Prevents exposure of sensitive data with a permission.
  • Included with the base user license.

Cons:

  • Does not encrypt existing fields or files and attachments.
  • Only used for new fields using a custom field type called ‘Text (Encrypted)’
  • Limited to 175 characters, along with many other restrictions.

Shield Platform Encryption

Enabling Shield Platform Encryption allows you to encrypt sensitive fields, files, attachments and more. It encrypts data at rest and in transit for strong protection. Provides the strongest and broadest level of protection for Salesforce data. But, careful consideration is needed before enabling.

Pros:

  • Allows organizations to comply with regulatory and business requirements.
  • Robust defense of data using a 256-bit AES key.
  • Allows you to encrypt existing fields and data found in other sources.

Cons:

  • Requires additional fees through an add-on license.
  • Requires setup and ongoing key management.
  • Does not support all Salesforce apps and some features may not work as expected.
  • Only encrypts fields created or updated after encryption is enabled.

Personal Information Management

Available after the Winter 22 release, Enhanced Personal Information Management hides personal information fields on user records for external users (community or site users). Fields like SSN’s and credit card numbers are replaced with asterisks or custom masks.

Pros:

  • Limits exposure of sensitive data without additional permissions.
  • Simple to configure field-level settings.
  • Can secure up to 20 fields you select.

Cons:

  • Only partially hides data and is not the same as data masking.
  • Less flexible and secure than full encryption.

Data Masking

Data masking fully obscures sensitive data by replacing it with fictional but realistically formatted data. For example, allows testing sandboxes with masked copies of real data. Installed with a managed package.

Pros:

  • Fully hides actual sensitive data with fictional data.
  • Great protection for hiding data when working with outside contractors and sandboxes.

Cons:

  • Disables custom workflow rules and triggers
  • Complex to set up and manage.

Data Classification Fields

Create standard data classification fields, such as Compliance Categorization, Data Owner, Data Sensitivity Level and Field Usage. Allows you to classify sensitive data and understand how it is being used. Works great with Shield Platform Encryption to encrypt fields only when necessary.

Pros:

  • Simple classification system indicating sensitive info.
  • Can run SOQL queries and create reports on classification data.

Cons:

  • Does not secure data, just provides visual labels for awareness.

Monitoring

Protecting your sensitive data does not mean it is always secure. It is necessary to monitor user activity to look for suspicious activity and take action, if necessary. Tracks up to fifty event types, such as logins, API calls, report exports and Apex executions. Salesforce offers two ways to tracks events: traditional Event Monitoring and Real-time Event Monitoring.

Event Monitoring

Traditional Event Monitoring works with the Event Monitoring Analytics App to monitor event log files and draw insights from the data. It can not only monitor suspicious activity, but help to optimize performance by examining slow page performance.

Pros:

  • Includes pre-built reports and dashboards to monitor different event types.
  • Use the Event Monitoring Analytics App to share and monitor key performance indicators (KPI’s)
  • Works with Transaction security to block certain user actions and send notifications when certain events occur.

Cons:

  • Only monitors data within a 24 hour time period and must be done manually.
  • Works with API and complex alert configuration required.

Real-time Event Monitoring

Real-time Event Monitoring is used to monitor user activity in your Salesforce organization in near real-time. Does this though the use of a application monitoring service. Working with Transaction Security, policies can be created to send notifications and perform certain actions.

Pros:

  • Able to take action sooner that traditional event monitoring
  • Works with Platform Events, so you can subscribe to events published by Salesforce.
  • Query events stored in a big object with SOQL and batch Apex.

Cons:

  • Requires purchase of an add-on license.
  • Complex alert configuration required.

Each method for protecting sensitive Salesforce data has its own strengths and weaknesses. The best approach often involves a combination of these techniques to create a robust security framework. The key is to strike a balance between security and usability, ensuring that sensitive data remains protected while enabling users to work efficiently. Keep in mind that security is not a one-time effort but an ongoing process that should evolve alongside your organization’s changing needs and the ever-evolving threat landscape.

Tips for passing Salesforce AI Associate exam

~ Sara Morgan ~ 2 Comments

I just passed the Salesforce Certified AI Associate exam. The exam is only 40 questions and costs only $75 US Dollars, so why not?

Of all the Salesforce certification tests I have taken, this was honestly the easiest. But, you should still prepare. As long as you use this Trailhead Trailmix, you should be fine.

I went through the majority of the trailmix. The Modules are good, but I suggest studying these docs specifically:

Good luck as your prepare for the exam, but don’t think you need a data science degree or math training to do it. You don’t.

Studying for the Salesforce Certified Sharing and Visibility Designer Exam?

~ Sara Morgan ~ Leave a comment

The second course in a new Skill Path series on Pluralsight, designed to help prepare you for the Salesforce Certified Sharing and Visibility exam was just published. The new course is titled, “Share Salesforce Data Across Users, Groups, and Roles“.

Using a real-world scenario involving a global company, you’ll learn how to build a record sharing model for your Salesforce org. First, you’ll explore the Salesforce sharing architecture and the different layers of record sharing security Salesforce provides.

From there, you’ll discover how to set org-wide defaults and design a role hierarchy. Finally you will learn how to open up access when needed with sharing rules or manual sharing. When you’re finished, you will have the skills and knowledge to design a robust and secure sharing model for your Salesforce organization.

And look out for future posts on this blog about this very complex and critical piece of the Salesforce Security architecture.

Trailhead + Pluralsight = Successful Salesforce Developer

~ Sara Morgan ~ Leave a comment

SFSucess

When I discovered Salesforce in 2011, the best way to learn all about it was to go through the Force.com Workbook, which has now been retired. I want to say the workbook was over 400 pages long and even though it did contain a ton of useful information, it was a bit dry and hard to read.

Fast forward to today and the old retired workbook has been replaced by a much improved source of information in the form of Trailhead. Trailhead uses the phrase, “The fun way to learn Salesforce” and they sure aren’t exaggerating.

Since it began in late 2014, Trailhead has grown quite a bit and just recently got it’s biggest update, which you can learn about here. If you are a developer that is interested in learning more about Salesforce, this is the way to go. Not only is the content free, but it is top quality. It is a GREAT, and as they say “fun” way to get introduced to any Salesforce related topic.

If you are interested in learning about Lightning (and who doesn’t want to learn more about Lightning?), and you are new to Lightning, check out:

And if you are already comfortable with the basics of Lightning and looking for something a little more challenging, then check out the following brand new modules:

But don’t stop with Trailhead. If you are really interested in becoming a Salesforce Ninja and earning a 6 figure income, then you need a subscription to Pluralsight too. I know developers tend to shy away from paying for anything, but the low cost of a Pluralsight subscription is more than worth it. And after all, if you are earning a 6 figure income, the low cost of a monthly subscription is nothing really.

The quality of the content on Pluralsight is unmatched by none. I know this because before I became a Pluralsight author, I produced courses/books for other vendors and none of them come close to Pluralsight. No one does more to ensure their authors will be successful and produce unique, quality content like Pluralsight. Period!!!

Also, as great as Trailhead is, it usually is only a starting point. It tells you the most important things you need to know, but tends to skip over a lot of the details. This is part of what makes it fun, but sometimes the details are good to know. Especially if you want to become a Salesforce Ninja, like I know you do. Well that is where the Pluralsight courses will come into play.

I know my two courses on Lightning, which you can find here, are loaded full of details that you will find no where else. The kind of details you get from blood, sweat and tears. From banging your head on the desk for hours before you finally figured out how something worked (NOTE: While I have not literally hit my head on the desk, I have certainly considered it enough).

And besides my two glorious Lightning courses, there are a bunch more about Salesforce (with more coming out everyday). In particular, I recommend:

Trailheads New Data Integration Specialist Superbadge is Super Fun!

~ Sara Morgan ~ 2 Comments

trailhead_superbadge_data_integrationI recently had the fortunate opportunity to provide early testing and feedback for the latest Superbadge released by Salesforce’s Trailhead. This one covers all the different aspects of being a data integration specialist. This includes being able to configure both inbound and outbound security, being able to synchronize Salesforce data with external systems, and creating test Apex classes to do both Apex REST and SOAP callouts.

Even though I have done quite a bit of data integration work over the years (both with Salesforce and .NET), I admittedly had not done much with it in the past two years, so I figured this might be a bit of a challenge.

It sure was a challenge, but in a very good way I think. And, it was actually fun! Yeah, right, fun I said.

The superbadge is not like any of the other trailheads you may have completed in the past. This special superbadge is designed to test how well you really grasped the underlying material and not just walk you through yet another predictable tutorial. It is also based on real-world type scenarios, similar to what you would encounter in your development job.

This particular superbadge requires that you to complete 4 other Trailhead badges as pre-requisites before you can even attempt the badge. The other badges will give you the knowledge that you need, but the challenges in the superbadge will only offer you business requirements. You will be asked to complete 9 different challenges that will really confirm you know the material well. You will even be asked to apply best practices when applicable.

What is so fun about it, is that it forces you to think though the scenarios and not just repeat a bunch of steps. If you are a developer like me, then you actually like this type of challenge, You probably also like crossword puzzles and mind teasers too, I’m guessing

So, I challenge anyone with no to a lot of experience with Salesforce data integration to check out this newly available superbadge and let me know what you think. I bet you will love it just as much as I did.

ShareShare Trailheads New Data Integration Specialist Superbadge is Super Fun!

Passed the Salesforce Platform Developer I and II Transition Exam!!!

~ Sara Morgan ~ 8 Comments

Woo Hoo!!!!

I am VERY happy to announce that yesterday I passed the Salesforce Platform Developer I and II transition exam. This exam is offered to Advanced Developers that want to take an easy path to getting their Platform Developer certs.

But, that does not mean this test is easy. The questions are scenario based (as you would expect) and do not test whether you memorized the material, but rather whether you “know” it like the back of you hand.

There are only 16 questions and you have 30 minutes to complete the test. That makes it a bit nerve racking in my opinion.

The official study guide lists the main areas you need to focus on for the test and I would say that is a pretty good start. The list consists of the following:

According to Official Study Guide

  • Describe the capabilities of base-system objects such as sharing objects, history objects, metadata objects, multi-currency, and Chatter objects.  
  • Describe the different capabilities of and use cases for the various Salesforce development platforms (Heroku, Fuel, Force.com).  
  • Describe how to design code that accommodates multi-language, multi-currency, multi-locale considerations.  
  • Describe the implications of compound data types in Apex programming.  
  • Describe the interactions between Visualforce/Apex with Flow/Lightning Process Builder.  
  • Given a scenario, describe when and how to use Apex managed sharing.  
  • Describe the use cases for the various authentication techniques.  
  • Given a set of requirements, describe the process for designing Lightning components.  
  • Describe the common performance issues for user interfaces and the techniques to mitigate them.  
  • Describe how to expose Apex classes as SOAP and REST web services.  
  • Describe how to use system classes to integrate with SOAP- or REST-based web services.  
  • Describe when and how to use metadata, streaming, and Analytics API to enhance Apex and Visualforce solutions.  
  • Given a scenario, identify the appropriate tool to analyze application performance profiles and troubleshoot data and performance issues.

I would add to this list some other areas that I suggest you also concentrate on:

  • @InvocableMethod and @InvocableVariable versus ProcessPlugin interface
  • Querying the PermissionSet
  • Using Developer Console to debug an app (especially checkpoints)
  • Using Webservice keyword and considerations
  • Querying based on the Currency field 
  • How to register certificates
  • Apex Managed Sharing considerations

Just to give you an idea, I spent about 3 weeks and over 20 hours studying for the exam. Even though I work with Salesforce development everyday, the exam does cover topics that I do not necessarily deal with on a daily basis, so I would suggest you spend some time reviewing the topics listed above.

Good luck on the test and let me know how you did.

screen-shot-2016-09-25-at-10-49-38-am

Why Every Salesforce Developer should be using Trailhead

~ Sara Morgan ~ 1 Comment

I have recently been using Trailhead to help me study for an upcoming exam and I have been incredibly impressed with how good it is. I have already posted about the Trailhead modules that cover new material, such as Lightning, but what I was surprised about was how useful it was for reviewing material that I thought I already knew pretty well.

Trailhead is definitely not exhaustive in it’s coverage, but what I like most about the modules is that they go over just the stuff you really need to know. And most importantly, they go over best practices. There are so many examples of inefficient and just plain bad code out there (even on some of the Salesforce sites I hate to say). The text and challenges in the Trailhead modules were well thought out and it is obvious they put a lot of time into developing them. It still Trailheadsurprises me that something this good is free, but fortunately for us, it is.

If you are preparing for one of the Certified Developer tracks, you really need to check out the Developer Trail. It covers a lot of what goes into the exams and the progressively harder challenges really solidify what you just learned. Unlike tutorials that you can just follow in your sleep, the challenges tell you to do something, but not how to do it. And, if you do not do it exactly right, you do not get the points. You actually have to THINK about what you are doing and this is absolutely the best way to learn.

And if you are a certified developer who has been doing this for several years, there is still stuff for you to learn, even when it comes to best practices. As we all know, this platform is changing constantly and that means that so are best practices.

And honestly, it is just fun seeing yourself rack up the points. I really like the WooHoo I get at the end of the challenge. I am proud to say I have 5 badges and over 12,000 points so far (with more to come). How many will you get?

I am officially a Salesforce Advanced Developer!

~ Sara Morgan ~ 20 Comments

As Peter Chitum suggests in his well read article, The Path to the Advanced Developer Certification, when you do finally pass this arduous certification process you should, “Say it loud, say it proud“….cert_dev_adv_rgb

So, I am happy to announce that today I was informed that I have Passed the Advanced Developer Assignment and I am officially an Advanced Developer.  YEAH!!!!

It took me one year longer than I expected, but it was very much worth the wait…and all the fuss. Actually, I am glad it was so hard to get. It makes getting it more worthwhile.

Several years ago, I went through both the Microsoft Certified Solution Developer (MCSD) and Microsoft Database Administrator (MCDBA) certification tracks, which were also long and exhausting. But, I have to say that I am a little prouder to have achieved this latest Salesforce certification. Even though the number of exams was less, I felt like the one Advanced Developer exam I did take was much more exhaustive in what it tested. I also was never tested with a programming assignment, which ensured that I followed best practices.

I also have to admit that I spent a lot more than the suggested 20 hours on my assignment (60 hours to be exact), but that is just because it was so important to me that I passed. I agonized over everything and questioned myself a hundred times. Glad I did now. I also dedicated an entire week towards doing it (with no other distractions). I think that helped a lot and I would suggest it to anyone else taking the exam (if you have that option).

Good luck to anyone else working the track. Stick with it and read, read, read…

 

Salesforce Developer Spotlight: Michael Welburn

~ Sara Morgan ~ Leave a comment

This is the third in a new series of posts that will spotlight one Developer who has successfully transitioned to Salesforce. The people in these posts were interviewed in order to share their transition experiences with other developers. This information was used as part of a Dreamforce 2014 session titled, “Career Strategies for Developers Transitioning to Salesforce“.

Michael Welburn, Developer/Consultant at 7Summits  michaelwelburn

Michael completed the Salesforce Advanced Developer Certification back in January of this year and has a lot of great advice to share with others wanting to follow his path. Formerly a Java developer, Michael was thrown into the world of Salesforce development very suddenly when his company assigned him his first Salesforce project. Even though his Java background helped a bit, he learned a lot of lessons through trial and error.

I am grateful he took time out of his very busy schedule to complete my interview. I think we can all learn a lot from each other.

Can you tell me a little about your background and the type of development you were doing prior to learning about Salesforce?

I graduated from University of Illinois – Urbana Champaign with a degree in Computer Engineering. I spent the next ~3-4 years doing a lot on the Java stack consulting on Documentum projects. Lots of Java, JSP, Tomcat, SQL/Oracle.

What was your main transition approach, or was your transition very sudden?

My company was starting a Salesforce practice and the first project (a single VF page and class) needed to get done. I was unbillable, so I got roped in without any idea what Salesforce was. Having a Java background helped quite a bit on the Apex side, but I ran into a lot of problems dealing with things like governor limits that blindsided me. Mostly I just fought my way through whatever tasks were tossed on my plate, learning what not to do and best practices as I went.

Did you pursue any certifications? Did you take any online or in-person classes? What other types of training did you do to learn about Salesforce?

I picked up the Dev 401 shortly after starting, which studying for helped demystify a lot of the platform. About a year later I started work at another company that was all for certifications, and I had some down time, so I cranked out Admin, Advanced Admin, Sales Cloud, and Service Cloud in a month. I found that working on a lot of smaller engagements over that year helped me be extremely prepared for those tests with minimal amount of studying. Then last fall I decided it was time to take Adv Dev 501. I felt pretty prepared, though there was a handful of material I had simply never used on my projects, and studying for that opened my eyes to a bunch of new ways of accomplishing things that I’ve integrated into my toolkit.

What are some of your favorite online resources for learning? Do you have any favorite blogs that you follow?

The Salesforce documentation is my #1 google result, looking for objects and fields. I subscribe to a handful of Force.com MVP blogs, particularly enjoying what Reid Carlberg, Jeff Douglas and Matt Welch have put out in regards to taking the platform to new limits.

Did you get any advice from other developers and if so what was the most helpful?

Unfortunately I was in a position where I did not know any other person developing on Salesforce, nor had any coworkers developing, for almost a year. I had to self teach myself pretty much everything (and I did not realize the depth of content available on the internet for that same amount of time). I’m glad that I discovered a lot of best practices via my own trial and error, but having some coworkers on the platform, or even reaching out on #askforce on twitter or the salesforce stackexchange site makes solving problems far easier.

What are you doing now and how did everything you do prepare you for it?

I’m a Technical Architect at 7Summits, helping build out their Salesforce practice that is particularly focused on creating online experiences to transform businesses. It is really exciting to see the UX/UI team that we have build awesome front ends on top of the Salesforce platform, and time and again the people I work with tell me how shocked they are that the backend work can be done so fast.

If you had to do it all over again, what would you do differently in your transition approach?

I would have spent a little more time trying to find helpful resources before punishing myself with trial and error, and I would have made more of an effort to find other developers working on the platform to bounce ideas off of. I have a hard time remembering what the ecosystem was like back in 2011, but the last couple years it has really exploded on the internet, to the point where there is always someone willing to help out on a variety of websites.

Anything else you want to add that you think would be helpful to developers transitioning?

Pay attention to the best practices that are documented, you will see them ALL. THE. TIME. https://developer.salesforce.com/page/Apex_Code_Best_Practices The workbooks that Salesforce provides for Force.com, Apex, and VF are also extremely helpful. https://developer.salesforce.com/page/Force.com_workbook Beyond that, just get your hands dirty in a dev org!

Salesforce Developer Spotlight: Jason Hammerle

~ Sara Morgan ~ Leave a comment

This is the first in a new series of posts that will spotlight one Developer who has successfully transitioned to Salesforce. The people in these posts were interviewed in order to share their transition experiences with other developers. This information was used as part of a Dreamforce 2014 session titled, “Career Strategies for Developers Transitioning to Salesforce“.

JasonHammerleJason Hammerle

Salesforce Architect for Cameleon Software, a PROS company

Jason, who recently passed the DEV501 certification test, has been working with Salesforce for the past two years. But Jason is no newcomer to software development. He has been a professional software developer since 1994, when he began his career as a computer programmer at NASA. It was there that he developed a C++ and X-Windows application used to plan Space Station and Shuttle missions. You can read more about his programming background here.

Jason has worked with many technologies and platforms over the years, but it was his exposure to a Dreamforce session one year ago that ignited a certain spark in him. The following are Jason’s own words about what led him to becoming a Salesforce Developer and why he likes it so much:

What was your main transition approach, or was your transition very sudden?

It was very sudden and exactly one year ago.  I had just taken a HOT session and I was sitting on a bean bag practicing what I learnt in an Interfacing with Salesforce using REST class while listening to 80’s music.  At that moment, I realized why Salesforce was so successful and why I was going to devote the rest of my career to this fantastic platform.  Specifically, Salesforce understood how to make the developer experience very cool and very fun.  We hear a lot about user experience but less about developer experience.  Good software requires good user experience and a good platform requires good developer experience – and Salesforce has the very best.  At that time, I was managing a large salesforce team, a dynamics CRM team, and two cloud teams.  My days were filled with double or triple booked meetings from morning until COB.  I decided in the bean bag that my life was about to change and that I was a developer again.  I took PTO the week after Dreamforce and spent 30 hours developing a Salesforce 1 app to validate my decision.  I have not stopped developing since.

Did you pursue any certifications? Did you take any online or in-person classes? What other types of training did you do to learn about Salesforce?

In the Spring of 2014, I travelled to Dallas TX to attend the DEV401 training class.  A few weeks later, I travelled to Salesforce offices in San Mateo, CA to attend the DEV501 training class.  Both instructors were really great teachers each with their own very unique style.  I passed the DEV401 cert in the Summer of 2014 and I hope to pass the DEV501 cert in Fall of 2014.  After I pass (while I wait for the programming assignment), I intend to purse two more certifications in Sales Cloud and Technical Architect.

 What are some of your favorite online resources for learning? Do you have any favorite blogs that you follow?

We have premier support so I heavily use the partner training portal to prepare for certification exams.  Also, I have a membership with pluralsight and think these video resource are a great way for developers to stay up to date and relevant.  I also follow several blogs like Sara Has No Limits, Bob Buzzard blog, Andy In The Cloud, Force365 – Cloud Architects, The Humble Salesforce Developer, et al.  I also started blogging myself on topics that I practice at work that I think might help others.  Recently, I have been working a lot with metadata api’s and so I probably reference Andy In The Cloud blog the most.  I have a lot of content from my recent experience that I would very much like to blog about when I can find the time.

Did you get any advice from other developers and if so what was the most helpful?

Yes, but it was a very weird situation.  I was managing (and leading) a remote team of very experience Salesforce developers (all in Bolivia) and then swapped roles with a technical lead (in Houston) that wanted to pursue management.  Most of my remote reports were now my peers and it was difficult at first to get advice from them.  Once the other developers saw that I was very serious about changing role – the certification helped – and they realized that I really did want to follow the technical path then they really helped me out.  Two of the Bolivians visited for two weeks.  During this time, they helped me to switch from Eclipse to MavensMate, work with Git and Stash (previously I only worked with Mercurial and other like versioning software), and – most of all – they really really challenged my code.  My years of being a professional developer came back to me very quickly during their visit which really motivated me. 

What are you doing now and how did everything you do prepare you for it?

After the Bolivians visited, we sprinted together for four three-week sprints developing a managed package.  It has been the best 12 weeks of my career by a long shot.  I am really looking forward to working with Salesforce over the long term to really master the platform.

If you had to do it all over again, what would you do differently in your transition approach?

Nope, I would not change a thing about the transition approach.  I use to go to work every day as a manager.  Now, I go to work every day to play with my favorite hobby.  I look at every work day like I would a fun vacation day on the slopes in Telluride or on the beaches in Maui.  I truly love my job and more than that – I love knowing what I am going to be doing for the rest of my career.  There is a clear difference between management and developer.  I liked management but development has always been what I truly love to do.  If I could do parts of my career over again, then I probably would not have gone into management.  With that said, I am a better developer now for it.

Anything else you want to add that you think would be helpful to developers transitioning?

If you already program in Java or C# then the transition will be very easy for you.  If you are a front end developer then your experience would likely be extremely valuable to a Salesforce development team.  And to all other developers (and even managers), you can be a Salesforce developer too by leveraging the great Salesforce training course, Salesforce resources, Success forums, blogs, and the many many people (like Sara) that have already transitioned and really want to help you.  I also very much would like to help anyone that wants to make this transition too.