Security Best Practices for Administrators
You can use Business Manager to secure your site and ensure a safe online shopping environment for your customers. In doing so, you also secure Business Manager by preventing attackers from removing security controls that you previously configured.
- Determine How to Block Attacks
While Salesforce B2C Commerce provides security protections, customers are responsible for configuring security controls and for not removing security controls that are enabled by default. You must consider all of these aspects to maintain the security of your B2C Commerce instance. - Network Access Restrictions
The network level is the first line of defense against attackers trying to access your assets. Salesforce B2C Commerce uses two mechanisms: one for storefronts and one for Business Manager. - Secure Communications
Secure communications are crucial to prevent attackers from reading or changing sensitive information, for example, credit cards, personally identifiable information (PII), credentials, and so on. Within Salesforce B2C Commerce, you can secure these interactions using the following secure protocols. - Secure Storage
Salesforce B2C Commerce stores many types of sensitive information, the most important being credit card details. - Authentication and Authorization
Authentication and authorization are key security concepts. To configure security controls, you need access to Business Manager. - Security Event Auditing
Salesforce B2C Commerce provides various log files, including a security log. The security log contains log entries for Business Manager logins. - Denial-of-Service Protection
In a denial-of-service (DoS) attack, the attacker attempts to deny computer resources to a networkβs users. Attackers usually accomplish this by overwhelming the target computer systemβs resources with unauthorized requests, which prevent valid users from accessing the network. - Data Privacy and Protection
The Salesforce B2C Commerce Services have a robust data security and privacy program in place. For information on Data Privacy and Protection and related topics, see the referenced resources.
Infocenter Retirement: On June 30, 2023, the Infocenter was retired, and documentation currently hosted on the Infocenter will be published to Salesforce Help, Commerce Cloud Developer Center, and Salesforce B2C Commerce Developer Documentation Resources. For more information, see the release note.