Secure Your Salesforce Org & Data: The ANZ Edition
Tailored for Australian and New Zealand Salesforce organizations. Covers the Privacy Act, Australian Privacy Principles, APRA CPS 234, PHI masking, sandbox security, and deletion request automation for ANZ regulatory requirements.
High-profile breaches in the ANZ region — including the Optus and Medibank incidents — demonstrated that production data in under-secured test environments and single-factor authentication for support staff are primary attack vectors. This webinar applies a four-step Salesforce security framework specifically to Australian and New Zealand regulatory and threat contexts.
Book a DemoWhat's covered in this webinar
ANZ Breach Context and Lessons
- Optus breach stemmed from production data used in an inadequately secured test environment
- Medibank breach exploited a single support desk credential without two-factor authentication
- Both breaches were configuration failures, not Salesforce platform vulnerabilities
- ANZ organizations operating Salesforce face the same risks as global enterprises, often with smaller security teams
Assessing Salesforce Org Health
- Salesforce Health Check, Portal Health Check, and Optimizer are free, built-in starting points
- Experience Cloud communities expose publicly shared objects to external users by default in many orgs
- As Salesforce usage expands across Sales, Service, Health, FSC, and Marketing Cloud, the attack surface grows
- Threat vectors keep changing — treating security as a one-time project guarantees exposure
Securing Application Access
- MFA is mandatory — a single credential without a second factor is the primary path for credential-based attacks
- IP range restrictions via VPN and certificate-based device authentication reduce unauthorized access
- API access control must be explicitly enabled via Salesforce support — it is not on by default
- Connected app permissions should be reviewed and restricted to least-privilege access
Securing Salesforce Data
- Sandbox environments refreshed from production carry live PII into less-controlled developer access
- Data masking tools replace real customer data with realistic but fictitious values before sandbox refresh
- Field-level security and sharing rules must be audited regularly as orgs grow and evolve
- Deletion and right-to-be-forgotten automation ensures compliance with the Australian Privacy Act and APPs
Use this when
✓Your organization operates in Australia or New Zealand and must demonstrate compliance with the Privacy Act and Australian Privacy Principles.
✓You need to assess your Salesforce org’s security posture following high-profile industry breaches in the ANZ region.
✓Your team is concerned that sandbox environments contain production customer data accessible to contractors or partners.
✓You need to enforce MFA and access controls across a Salesforce org used by support staff with broad customer data access.
✓You are preparing for an APRA CPS 234 review and need to demonstrate Salesforce security controls are fit for purpose.
✓Your team needs to automate deletion requests to comply with Australian Privacy Principle 11 data destruction obligations.
Frequently Asked Questions
Ready to see this in your Salesforce org?
Book a 45-minute session and we'll walk through this use case using your own data and configuration.
Explore more
Sandbox DataMasker
Automatically mask PII in Salesforce sandboxes on every refresh, preventing production data from reaching developers and testers.
Privacy Rights Automation
Automate data subject deletion and portability requests natively in Salesforce to meet Australian Privacy Principle 11 obligations.
Salesforce Security Best Practices
The US edition of our Salesforce security best practices webinar, covering the same four-step framework for US organizations.