Force.com uses the strongest encryption products to protect customer data and communications, including 128-bit VeriSign SSL Certification and 1024-bit RSA public keys
Perimiter Defense / Logical Network Security
The network perimeter is protected by multiple firewalls and monitored by intrusion detection systems. Firewall logs are regularly analyzed to proactively identify security threats. Security configurations are proactively monitored for changes, vulnerabilities, and errors and vulnerability threat assessments including penetration tests are regularly conducted
Internal Systems Security
Inside of the perimeter firewalls, the systems are safeguarded by proprietary safeguards including network address translation, port redirection, IP masquerading, and non-routable IP addressing schemes
User access is provided only with a valid username and password combination, which is encrypted via SSL while in transmission. An encrypted session key is used to uniquely identify each user and the session key is automatically scrambled and re-established in the background at regular intervals.
Multi-Tenant App Security
A robust application security model prevents one customer from accessing another’s data. This security model is reapplied with every request and enforced for the entire duration of a user session