Symantec Security Assessment for Salesforce is now available for Symantec Control Compliance Suite (CCS) 10.5.1 customers. This application extends CCS risk and compliance assessment capabilities to include the customer’s Salesforce.com environment and providing side-by-side reporting of compliance for both on-premise assets as well as those that reside in the cloud.
This extended capability is achieved using these two new components: • Symantec Security Assessment for Salesforce: a new application that runs within the customer’s Salesforce.com instance. It assesses the key Salesforce.com security configuration settings and provides an exportable file for CCS to import, analyze and report on. • An update to CCS 10.5.1 that leverages the new External Data Connector functionality to import the Salesforce.com assessment data. Please note that 2011-3 PCU is also required to be installed with CCS 10.5.1.
The Symantec Security Assessment for Salesforce application is available on the Salesforce.com AppExchange (http://appexchange.salesforce.com/home). Simply search for Symantec Security Assessment for Salesforce. Follow the instructions for installing and configuring the application. Once completed, security configuration information is obtained using the “Collect Data” tab. This data can then be imported into the customer’s on-premise CCS. Note that you can view the results of this assessment directly within the Salesforce.com account, however, this does not provide the integration with the CCS on-premise asset risk and compliance assessment.
In order to import the Symantec Security Assessment for Salesforce assessment data, the customer needs to download and install an update to CCS 10.5.1, available on http://www.symantec.com/business/support/index?page=landing&key=53741. Please see the “Downloads” section for Symantec Security Assessment for Salesforce – July, 2011 – 10.5.1. Once installed, CCS will perform an assessment of the Salesforce.com data against the customer’s policies. This produces a side-by-side dashboard and report view both their on-premise and cloud security risk and compliance posture.