Tag: salesforce cloud


How to ensure a faster security review process for your AppExchange solution

“Customer data is more important to Salesforce than anything else!”

The customers trust Salesforce for their data. All the customer data is present on the Salesforce cloud, making cloud security very important for both the customers & the company.

So, what is AppExchange & why AppExchange security is essential to Salesforce?

AppExchange is an ecosystem of different types of partners who have applications. 

When partners are putting up applications on AppExchange, which will be installed by customers, this is where customer sensitive data is residing. It is crucial to make sure that these applications are secure.

When customers have to buy something & they understand that the product is secure to buy, they don’t need security engineers to check the applications.

READ: AppExchange App Development Best Practices

So, the question here is, how does Salesforce secure the AppExchange ecosystem?

A written application has to go through the process of security review. 

There are different layers of protection to secure the AppExchange ecosystem.

AppExchange ecosystem

*source: salesforce

RECOMMENDED: How to Ensure Business Success on AppExchange?


Code Scanner: Used to scan the code.

Chimera Web Scanner: To run any application outside the ecosystem, so that APIs are secure

Monitoring services.


There is a vast amount of published content for the past many years on Salesforce. There is an entire developer web page where Salesforce has everything on security. Also, there are a bunch of trailhead modules talking about the security review process.

Like how to do secure coding, the partner developers are highly confident about submitting for review and code secure the link.


Partners are building applications. It is a shared responsibility between Salesforce & the partners to maintain the ecosystem & keep its security.



ISV partner account manager: They are the primary source of contact.

ISV Technical Evangelist: Helps partner prepare for security review.

Security review operations: Review the partner’s submissions and responsible for notifications to partners.


This team has a product security engineer that provides guidance and reviews applications. They are manually observing the code and making sure that everything is fine.


This team is developing for partners for the AppExchange ecosystem. They help assist in security review success.

ALSO READ: 5 Must Things To Consider While Outsourcing AppExchange App Development



*source: salesforce

The main question in a security review process is what exactly happens during the process.

Let’s study the whole ecosystem in the above image.

Users connect to different departments of Salesforce like Sales, Marketing, Apps, Analytics, etc. 

Salesforce is also externally connected by APIs and has external integrations for data processing and storage.

The Salesforce data is accessible on the cloud through different external client apps.

So every minute flow of Salesforce starting from users, external APIs & accessible client apps that are accessing Salesforce data are tested. It starts with touching and impacting the Salesforce data.

Any vulnerability in the whole flow puts Salesforce data at risk. That’s the reason full-scope testing is necessary.



*source: salesforce

Salesforce accelerates the security review process in four easy steps:

DESIGN:  In design, one has to go and review trailhead modules. It has a lot of secure coding content. 

Submission process office hours: One can ask process-related questions accessible at https://sfdc.co/submissionofficehours

Security review technical office hours: Customers can book office hours with Salesforce.com for discussion on different topics, details of which are available at https://sfdc.co/securityofficehours

DEVELOP: Start writing the code. Do testing of written code, if it is working as intended. 

This stage focuses on developing tools for security scanning.

TESTING: This phase makes use of tools like: 

Force.com source scanner helps find common security issues in native code. It also includes a manual code review for adherence to secure coding guidelines.

Zap scanner finds common web vulnerabilities.

Chimera Scanner is a fire & forget cloud scanner that runs ZAP as an engine.

RELEASE: This is the final step to submit for manual security issues.

5 Reasons to Build your AppExchange Solution with a Product Development Outsourcer (PDO)

Let’s Conclude:

The AppExchange security review process helps secure the Salesforce ecosystem starting from design to release. Secure AppExchange means less vulnerability to security threats and a more robust Salesforce platform. 

CEPTES is a Salesforce Silver consulting & Product Development Outsourcer partner that can guide you as your strategic partner to speed up the business value of your Salesforce.com investment through app development. consultation, digitization, and innovation. If you are thinking of growing your business using the Salesforce platform, then get in touch; we are happy to help you.

Read the blog to know the Role & Importance of a PDO Partner for a Successful AppExchange Product Lifecycle


How to Manage Dependency Injection within Salesforce

If you don’t know what Dependency Injection is, why it is required, which problem does it help us resolve, and how Dependency Injection is used in Salesforce, then don’t worry; by the end of this article, you will be clear of all your doubts.

Dependency InjectionWhat is Dependency Injection (DI)?

Dependency Injection is a design pattern that provides inversion of control; it is used for breaking tight coupling between 2 objects. It is an alternative approach to binding two objects loosely. 

Let us understand this with the help of an example.

Why is Dependency Injection required?

Let us consider the example of the client consuming the services provided by a server.

Typically, the server would be instantiated by the client as below:

Server s = new Service ();


Yet, the above code introduces a dependency between the Client and Server, and the client is tightly coupled with the server, as seen in the below diagram. 

You can see the implications of this dependency by trying to delete the Service, which is not possible as the client uses it.

So, what do you think are the issues with the above type of binding?

  1. The flexibility is reduced
  2. It is difficult to make changes
  3. It is not easy to reuse the code

DependencySo, we prefer to use Dependency Injection for flexibility, extensibility, and reusability of code.

Let us now see how Dependency Injection is managed in Salesforce;

In Salesforce, there are two types of dependencies possibilities.

  1. Introduced due to coding
  2. Dependency between metadata formed by using declarative tools (process, flow, layout, and actions)

Dependency injection helps in forming dependencies at runtime instead of explicitly during development. It aims to break the dependence between the calling code and how an instance is created. 

In the above example, we saw that the client had access to the Server implementation. The solution would be to invert the control, such that the client does not know about the server implementation details. 

The use of the “new” operator needs to be avoided to use Dependency injection, since the usage of a “new” operator requires packaging and deploying the Server implementation along with the client, resulting in loss of extensibility.

The goal of Dependency Injection is to eliminate the need for the calling code needing to know how an instance is obtained; it only needs to know how to use it. Through dependency injection, multiple different implementations could be packaged and deployed.

A dependency exists in the above example because the compiler needed to know the Service class of the client. 

The compiler needed to check whether the Service class compiles; the aim is to remove this dependency. This is possible if we load the Service class at runtime. An injector class would be required to load and provide the required service implementation class. 

The need for an Interface. To achieve loose coupling, we need to design the code to interact with an interface rather than an implementation. The implementation of the interface would vary from customer to customer. 

Dependency Injection uses configuration and code to dynamically determine the implementation used, thus decoupling dependencies from where they are used, as seen in the diagram.

Dependency managementTo Summarize

We saw what Dependency Injection is, the issues observed if Dependency injection is not used, the different types of Dependency Injection, and how to break down tight coupling and replace it with loose coupling using Dependency Injection within Salesforce.

The pros and cons of Dependency Injection are as below:


  1. Breaks the tight-coupling as it causes issues with reusing, updating, and maintaining the code.
  2. Adds support for many optional implementations that can be selected at runtime without code modifications.


  1. Introduces complexity in the architecture as it is challenging to identify implementations corresponding to associated calls.
  2. Difficult to troubleshoot in case something breaks at execution. Delay in identifying runtime issues.

CEPTES is a Salesforce partner with 10+ years of ecosystem expertise & over 80% Salesforce certified consultants. We are widely accepted as a leader in delivering Salesforce Cloud (Sales Cloud, Service Cloud, Marketing Cloud, App Cloud, etc.), Salesforce Analytics, and Lightning Migration services to various industries and companies of different sizes & types.

If you are looking for Certified Salesforce consulting services, then contact us today!

Cloud, CRM, Salesforce

The Need of Community Cloud – An Analysis

Salesforce is one of the most used customer relationship management (CRM) tool around the world. However, the market for a tool with only CRM option is limited. A business faces various problems and therefore needs solution as per the problem. The extra one always does the job of accurately predicting future problems. So, to grow business and simultaneously provide its customers, one stop solution for all the requirements, Salesforce has launched some series of add-in services and products to complement the main Salesforce CRM solution. One such add-ons is the Salesforce Community Cloud with all its benefits put together.

Some of these services became the stand-alone on their own for instance;

  • The Marketing Cloud
  • The Service Cloud

What is Salesforce Community Cloud?

To recognize the definition of community cloud, in a much better manner, it’s highly required to understand the need of it first. From the moment of its launch, it was intended to help the sales representatives to keep track of their work and the relationship with their customers. However, they indeed started to depend more on the customers and as well began the sharing of more stuff with the customers related to the business. But this entire process was not automated.

For instance, if a customer wanted to know how many kinds of products are there for choosing, the sales representative would have to download the product list from Salesforce and then sent it to the customer. Now, you can imagine if the company had a million customers and as well had to face a million requests a month. This issue needed to be solved with the process of granting access of your Salesforce data to the customers. Hence, leading to access the product list. Now the question was, ‘How to authenticate each customer?’ and most importantly, ‘How to give access to millions of customers without millions of users in SFDC?

The real-time data was huge enough to create more complication within the entire system. At such a juncture stepped in the renowned Salesforce product, known as Salesforce Customer and Partner Portals. This was however later named as Salesforce Community Cloud. This product has enriched the Salesforce developers with an option to create a community of users, who can indeed access some specific objects or data in Salesforce. A good way to share information, as well as collaborate internally on projects or tasks, in a more personalized manner.

In fact, according to Salesforce, one can use communities to

  • Drive an increased sale by connecting employees with distributors and suppliers
  • Deliver authentic and world-class service by giving customers one single platform to communicate
  • Managing the social listening, content, engagement, in one place
salesforce for SMB's
Salesforce, SMBs

Importance of Salesforce in Small and Medium Business

Yes, it is so true that speed is the essence of the business world. The statement is true for nearly every aspect of any business, but it is especially valid for the genre of technology, and the speed with which we adopt any technological innovations is critical to the business success.

Around the world, various small and medium scale business, popularly known as SMBs have become the most important contributors to the GDP of the respective countries. In a developing country like India, the role of all such SMB in the overall growth of the economy is commendable. In India, we have as well witnessed that the SMB sector, is getting a superior growth rate in the last few years. This increase has been on a consistent basis. Such kind of steady growth has therefore led to an increased complexity of business operations for all the SMB players.

NASSCOM has indeed led us to the fact that, cloud services are the key element for SMBs. Year on year CAGR is almost at a rate of 15 percent, the IT spending nearly an amount of $ 18.5 billion by 2018.  The SaaS adoption by Indian SMBs is growing at a high incidence of CAGR of 25% and is as well expected to reach $ 370 million, which is about INR 2,220 crores, by 2018.

It’s incredible news!!

We can, therefore, witness some immense opportunity in the SMB sector, but then what is stopping this industry to adopt technology?
The answer is, the urgent need to accurately and authentically identify the technologies which are not an easy task and highly critical to their success. Once SMB’s have already done the identification of the correct technology, the next and the most crucial step would be to proceed with the implementation of the same.

Let us have a look at some of the many problems faced by the SMB sector:

  • Lack of in-house expertness
  • Lack of knowledge about the process of Cloud computing
  • Do not know the process to implement
  • The present way of working
  • Lack of Knowledge as well as Training

All of the mentioned problems can get eradicated with the help of Salesforce, which is a real-time boon for the SMB sector.

Salesforce indeed has many products such as; Sales Cloud, the Service Cloud, the Marketing Cloud,  the Community Cloud, Wave Analytics, Platform and all the Apps, together which caters to solve the problems of SMB’s.

Salesforce, at their annual Dreamforce Conference, had shown a dedicated keynote for all the SMB’s stating that even they are getting the same technology platform as the Enterprises. Hence, Salesforce with all its advancements allows customers to compete with the enterprises of their industry. Salesforce platform hence enables SMB’s to compete on a higher level, along with the competitive advantage being the combination of  Salesforce platform and how it can be tailored to support their business needs.

For SMB’s, success with Salesforce the best and the finest practices are leveraged, thereby ensuring configured business processes. The SMB sector is rapidly coming out of the stereo mindset when it comes to the usage of technology and IT adoption. The end-to-end implementation of the Salesforce solutions would greatly assist the SMB players to attain the next level of operational success.

Is your data safe with Salesforce

Is Your Salesforce Data Really Safe? Few Questions to Help Us Find Out

Is your data safe with Salesforce? Yes, it is a question, quite unimaginable!! But it’s true!!

There have been 20 hours of service outage, which is even said to effect Salesforce. When we talk about Salesforce, it is rated as #1 CRM tool. The service is designed for global availability and redundancy. In other words, a SaaS-based company in its real sense. Still, it happened, and the frightening reality is that even Saas applications and services can experience such mishaps – including the biggest players like Salesforce. Hence, we are standing in reality, where even Salesforce is not considered safe.

Today we will discuss five questions, that will help us develop a comprehensive plan for protecting the critical Salesforce data.

• What does Salesforce recommend for Data Protection?

The Salesforce Help Center mentions “Although Salesforce does maintain all the backup data and can recover it, it is vital to constantly backup your own data locally so that you have the ability to restore it to avoid relying on Salesforce for backups to recover your data.”

In the event of accidental deletion of your data, it might happen that you get a slow and an expensive data recovery service. Waiting for so long to recover the CRM data can prove to be harmful to some organizations. Hence, concerning both money and time, which is unacceptable.

• What are the various factors that could impact your Salesforce Data integrity?

Threats to your Salesforce Data Integrity can come from any direction. It might seem that the process runs smoothly, yet errors can be introduced from various area. However, the concerned areas include the following:

All Third-Party Apps – Most of the SaaS-based tools, including Salesforce always offers integration with third-party apps. The app extends the functionality of the core service to a more valuable business proposition. This is in one way helps in increasing the productivity. While on the other hand, they can even alter your data in unexpected ways, ultimately leading to recovery challenge and data corruption.

User Error – Most commonly the Salesforce data is operated by multiple users, such as Sales Team, Marketing Team, etc. Public Reports are an excellent example of such situations where users have access to update or delete records. It is a process that opens the door for the possibility of malicious activities.

Data Migration or Updates – Though it is said that the admins are doing thorough checks before performing bulk updates for records. It is not an unusual happening that one may encounter duplicate files or incorrectly updated fields. This process can at the end make your data ineffective.

• Are you Prepared to react to a litigation request that would require your organization‘s data to be made available?

In the year 2014, almost 34% of the companies faced at least one lawsuit with nearly $20 Million at issue. As per this, there is a clear threat of litigation, and hence, the demands for e-discovery is considered to be a real concern for companies of all sizes.

With the growth of businesses adopting more Saas based tools in their day-to-day business operations courts is gradually increasing the production of cloud data as evidence in all legal proceedings.

• Does any Salesforce data adhere to your company’s compliance needs?

It is true that businesses today are subjected to many compliance data handling requirements. These conditions often involve the safeguarding of sensitive customer information. This information includes CRM data, PII (personally identifiable information), etc. hence, it is highly important that you have a comprehensive data management strategy.

• How much does it cost, if you lose your data?

Salesforce as a SaaS-based tool has proven themselves to be a real boon for companies, allowing them to both consolidate and at the same time centralizing the CRM data, making it available to their teams in any

place, at any time. Hence, a granular analysis of this data can be performed, thereby empowering them to manage better the relationships with current customers and as well as better identify potential clients.

But what would happen if this data is suddenly not available? Yes, it is true that Salesforce could even end up compensating its customers to almost an amount of $20 for the last month outage.


After a complete analysis of the entire situation, one can come to the conclusion that Salesforce or any other Saas-based service providers are not completely reliable for your data management. For a real peace of mind, it is always recommended to have an own backup plan in place.