Salesforce B2C Commerce 24.7 > B2C Commerce Security Guide > General Security Best Practices

Apply Defense in Depth

Defense in depth means using multiple layers of security within your environment instead of just one. If an attack causes one security mechanism to fail, other mechanisms can still provide the necessary security to protect the system. Think of creating a security onion and not a security egg. When dropped, an egg smashes everywhere, while an onion just gets a little bruised because it has multiple layers.

Here are some best practices when applying defense in depth.

  • Implement 2FA so a user account can’t be compromised if someone steals the password. Using Account Manager to configure authentication enables customers to enforce 2FA on all their users, thereby implementing defense in depth.
  • Add authentication mechanisms to internal systems in case an attacker manages to get inside the firewall.

Infocenter Retirement: On June 30, 2023, the Infocenter was retired, and documentation currently hosted on the Infocenter will be published to Salesforce Help, Commerce Cloud Developer Center, and Salesforce B2C Commerce Developer Documentation Resources. For more information, see the release note.