Secure, Strong, and Up-to-Date: Protecting Your Salesforce Org

Did you know?

• 99% of Salesforce orgs have installed packages with newer versions available

• On average, orgs have 14 out-of-date packages, and 8% of those haven’t undergone a security review

  
  

In this post, you’ll explore:

• The impact of out-of-date installed packages

• The challenges Salesforce teams face in managing them

• How to effectively identify and address these risks

  
  

Understanding Salesforce Installed Packages

Installed packages are applications or code components that Salesforce admins can add to an org, often with a single click.

They include:

• Managed packages listed on the Salesforce AppExchange (which have undergone the AppExchange Security Review)

• Managed packages not listed on AppExchange

• Unlocked and unmanaged packages, which do not guarantee a formal security review

It’s important to recognise that you are ultimately responsible for ensuring package safety and security.

The Impact of Out-of-Date installed packages

Out-of-date installed packages can have significant consequences for your org, affecting both security and performance. Let's explore these impacts:

Identifying out-of-date installed packages in your Salesforce org

Keeping your installed packages up to date is essential for maintaining security, performance, and reliability. However, Salesforce doesn’t make this process straightforward.

• Manual version checks: While some publishers automatically push updates, many do not. Even when manually comparing version numbers in your org to those listed on the AppExchange, the information may not always reflect the most recent release.

• Limited visibility for private packages: Packages installed outside of the AppExchange offer little transparency. To confirm the latest version, teams must contact publishers directly.

• High volume and complexity: The average Salesforce org has 40 installed packages, with 14 typically having newer versions available. Managing this volume manually is time-consuming and increases the risk of missing critical updates.

Tackling the Task

To tackle the complex task of managing out-of-date installed packages, Salesforce teams need an efficient and automated solution. That’s why we embedded installed package version tracking into Vanguard Diagnostics powered by Hubbl to help simplify the management process.

‍

How Vanguard Diagnostics identifies out-of-date installed packages

1. Custom Code Security Review: Vanguard Diagnostics powered by Hubbl has a free solution that enables a thorough review of custom code, whether unpackaged or in unlocked or unmanaged packages. It analyses configurations and usage patterns, identifying potential compliance gaps and providing specific recommendations to address them, aligning with best practice security requirements.

2. Package Versioning: With Vanguard Diagnostics powered by Hubbl, you gain access to an aggregate view of orgs across the Salesforce ecosystem. This unique perspective allows you to check all installed packages against a comprehensive database of package versions installed in other orgs. This "crowd-sourced" data ensures better visibility and keeps your org up-to-date with the latest features, reducing security risks and removing legacy declarative automation.

   
   

At Vanguard, our mission is simple: help Salesforce customers protect their data, reputation, and compliance, before someone else tests their defences.