Security Best Practices for Administrators | Infocenter

Determine How to Block Attacks
While Salesforce B2C Commerce provides security protections, customers are responsible for configuring security controls and for not removing security controls that are enabled by default. You must consider all of these aspects to maintain the security of your B2C Commerce instance.

Network Access Restrictions
The network level is the first line of defense against attackers trying to access your assets. Salesforce B2C Commerce uses two mechanisms: one for storefronts and one for Business Manager.

Secure Communications
Secure communications are crucial to prevent attackers from reading or changing sensitive information, for example, credit cards, personally identifiable information (PII), credentials, and so on. Within Salesforce B2C Commerce, you can secure these interactions using the following secure protocols.

Secure Storage
Salesforce B2C Commerce stores many types of sensitive information, the most important being credit card details.

Authentication and Authorization
Authentication and authorization are key security concepts. To configure security controls, you need access to Business Manager.

Security Event Auditing
Salesforce B2C Commerce provides various log files, including a security log. The security log contains log entries for Business Manager logins.

Denial-of-Service Protection
In a denial-of-service (DoS) attack, the attacker attempts to deny computer resources to a network’s users. Attackers usually accomplish this by overwhelming the target computer system’s resources with unauthorized requests, which prevent valid users from accessing the network.

Data Privacy and Protection
The Salesforce B2C Commerce Services have a robust data security and privacy program in place. For information on Data Privacy and Protection and related topics, see the referenced resources.