How do you architect security across all layers in Salesforce?

Security is layered. Each layer addresses different threats.

Layer 1: Identity (Authentication).

• MFA mandatory for all users.
• SSO via Okta / Azure AD / Ping for enterprise.
• My Domain required for SSO and Lightning.
• Connected Apps for OAuth integrations; minimum scopes.
• Session settings strict (15-min timeout, IP restrictions, secure cookies).
• Login Flows for additional verification on high-risk logins.

Layer 2: Authorisation (What you can do).

• Profiles minimal; baseline only.
• Permission Set Groups model job functions.
• Muting Permission Sets to narrow within groups.
• Object permissions least-privilege.
• System permissions audited (View All Data, Modify All Data).

Layer 3: Record-level access (Sharing).

• OWD per object based on data sensitivity.
• Role hierarchy mirroring org chart.
• Sharing rules for cross-team access.
• Apex Managed Sharing for complex logic.
• External user sharing (Sharing Sets, Share Groups for HVPU).

Layer 4: Field-level access (FLS).

• FLS enforced via Profile / Permission Set.
• Encrypted fields (Shield Platform Encryption) for Restricted / Mission Critical.
• Field Audit Trail (Shield) for sensitive field history.

Layer 5: Data protection.

• Data Classification metadata.
• Privacy Center for GDPR / CCPA / etc.
• Data Retention policies.
• Encryption at rest and in transit.
• Tokenisation for highly sensitive (PCI).

Layer 6: Audit and detection.

• Setup Audit Trail — metadata changes.
• Login History — every login.
• Field History Tracking — record changes.
• Event Monitoring (Shield) — runtime activity.
• Transaction Security Policies (Shield) — real-time enforcement.

Layer 7: Application.

• Validation rules to prevent invalid data.
• `with sharing` in Apex by default.
• SOQL injection protection via bind variables.
• CSRF protection in custom forms.
• XSS prevention in Visualforce / LWC.

Layer 8: Infrastructure.

• Salesforce manages the underlying infrastructure (PaaS).
• Salesforce Trust dashboard for platform health.
• Salesforce Shield for additional infrastructure controls.

Layer 9: Operational.

• Regular permission audits.
• Penetration testing annually.
• SOC 2 / ISO 27001 compliance.
• Incident response plan.

Cross-layer:

• Consistent identity across all layers.
• Defense in depth — assume one layer might fail; others should still protect.
• Logging at each layer for forensic analysis.

Architect role: design the layers; document the architecture; review periodically; respond to evolving threats.

The senior insight: security is everyone's job, not just the security team's. Architects bake security into design. Devs respect it. Admins enforce it.

Most security incidents happen at the application or operational layer, not infrastructure. The places to invest first.