1. Help Center
  2. Security
  3. Integrations Security Overview

Salesforce Security Overview

This article provides a security overview of the Showell integration with Salesforce

1. Introduction

The Showell App integration with Salesforce enhances user productivity by allowing access to Showell workspace content directly within the Salesforce environment. This integration provides seamless access to sales materials and other relevant content, streamlining workflows for sales teams and other users.

Salesforce

Showell is embedded within Salesforce using an iFrame, with communication facilitated via the Postmessage method. Additionally, analytics data is exchanged from Showell to Salesforce through server communication, utilizing OAuth 2.0 for secure authorization.

The Showell App integration with Salesforce is designed with security as a fundamental aspect, employing strong authentication, encryption, and data handling practices. While this overview provides a comprehensive look at the security measures in place, further details can be obtained through direct contact with Showell support.

More information:

 



2. Authentication and Authorization

Authentication between Showell and Salesforce is managed through OAuth 2.0, ensuring secure and streamlined access.

During the authorization process, Showell requests specific permissions to act on behalf of the authenticated user, enabling secure data exchange. The tokens obtained (access and refresh tokens) are encrypted to maintain security. The OAuth tokens allow our backend to fetch data as the authenticated user but are limited to prevent further actions once the initial authorization is complete.

 



3. Data Encryption

Data security is a top priority, and the integration uses robust encryption methods to protect data both in transit and at rest.

Data transmitted between Showell and Salesforce is secured using HTTPS, ensuring encrypted traffic to prevent interception. At rest, data within Showell's physical database is encrypted using AES-256 encryption, a standard that meets industry guidelines for securing confidential information.

Encryption keys are managed according to Showell’s Encryption Key Management policy, ensuring they are periodically reviewed and upgraded as necessary.

Our server infrastructure is hosted on AWS in Europe, ensuring compliance with European data protection standards.

 



4. Data Handling and Privacy

The integration between Showell and Salesforce involves specific data handling practices to ensure privacy and compliance:

  • By authorizing the connection between Showell and Salesforce, you, as the end user, allow the Showell server to access and update Salesforce data on your behalf.
  • Showell stores limited data, including the recipient's email (such as Contact, Lead, or Opportunity) entered in the designated 'recipients'-field during the share creation process, along with the Salesforce object ID and name using 'recipients' or 'related to' fields. No additional data is stored on the Showell platform.
    • This data is linked to Shares on the Showell Server, which is then synchronized back to Salesforce.

Compliance with privacy regulations such as GDPR, CCPA, and ISO 27001 is maintained, ensuring personal data is handled responsibly. Users can exercise their data subject rights (access, rectification, deletion) by contacting Showell support. We retain user data only as long as necessary to provide the service and comply with legal requirements.

 



5. Tracking and Logging

Showell does not collect data from Salesforce. It only gathers tracking information within the Showell App to monitor usage and improve service quality. For example, in Showell's Digital Sales Room, the following information is tracked:

  • Visitor details: Who visited the Digital Sales Room, which content they viewed, the duration of their viewing, and whether they downloaded the content to their device.

Showell servers are authorized to access and sync Salesforce data (See point 4), specifically the recipient's email for Share analytics. Analytics data is exchanged from Showell to Salesforce through server communication, utilizing OAuth 2.0 for secure authorization. Tracking information is stored within Showell's infrastructure and is accessible to authorized personnel only. This information is protected through encryption and access control measures to ensure it remains secure.

Error messages are logged with Sentry.io, helping to identify and address issues promptly without collecting personal data.

For more information on Share Analytics: analyze your shared content

 



6. Security Measures

Additional security measures are in place to safeguard the integration:

Regular Security Audits and Penetration Testing: Conducted in compliance with ISO 27001 standards, including regular monitoring and logging to check the effectiveness of procedures and controls. Important logs are reviewed monthly, and violations are reviewed within one business day.

Secure Development Practices: Adhered to throughout the development lifecycle.
Certifications and Standards: Compliance with standards such as ISO 27001 to ensure robust security practices.

 



7. Incident Response

In the event of a security breach, Showell has a comprehensive incident response plan:

  • Identification: The incident is detected, reported, and verified by the Security Response Team (SRT).
  • Assessment: The SRT examines the incident, logs details, evaluates risks, and categorizes the incident type.
  • Response: The SRT acts to control the incident, secures evidence, and reports to law enforcement if necessary. Post-incident analysis is conducted to prevent future occurrences.

The SRT, composed of the CTO, CISO, senior management, customer support, IT, and Product Development team members, is responsible for investigating and responding to incidents. The team ensures compliance with relevant laws and conducts post-incident reviews to implement remedial actions.

 



8. Contact Information

If you have any questions or concerns about this security overview or the handling of your information, please contact your Showell contact person or Showell Support.

 

💡 Summary (TL;DR)

The integration allows seamless access to Showell content within Salesforce, improving productivity. It uses iFrame for embedding and Postmessage for communication.

Authentication and Authorization:

Managed via OAuth 2.0, ensuring secure access.

Tokens are encrypted and used to securely fetch data.

Data Encryption:

Data in transit is secured with HTTPS.

Data at rest is encrypted with AES-256.

Hosted on AWS in Europe, complying with European standards.

Data Handling and Privacy:

Showell can access and update Salesforce data with user authorization.

Showell stores only the recipient's email, Salesforce object ID, and name from the 'recipients' or 'related to' fields during share creation. No other data is stored.

Email data is linked to Shares and synced back to Salesforce.

Complies with GDPR, CCPA, and ISO 27001.

Data is retained only as long as needed for service and legal requirements.

Tracking and Logging:

Showell Analytics data is securely exchanged via OAuth 2.0 to Salesforce.

Error messages are logged with Sentry.io without collecting personal data.

Security Measures:

Regular security audits and penetration testing.

Adherence to secure development practices and ISO 27001 standards.

Incident Response:

Comprehensive plan with identification, assessment, and response by the Security Response Team.

Showell