Storing data in the cloud — as opposed to a server in a corporate server room — can make some people anxious. But Salesforce comes with secure data storage capabilities that are almost impossible for most enterprises to achieve on their own. So relax. Salesforce has been audited by many international standards and has acquired the following certifications:
SAS 70 Type II
EU-US and Swiss-US Safe Harbor
Salesforce protects your data from any physical damages by providing safety from:
Humidity and temperature
Network loss or congestion
Early fire detection and prevention
To secure your data from intrusions, Salesforce uses the following approach:
Stateful packet inspection (SPI) at the perimeter firewall: Salesforce inspects all the packets coming in on the outer firewall. Stateful helps let the network know the connections and sessions are not only invested for their headers, but for their payloads as well. This leaves a very low probability for error.
Bastion stations: These are computers designed with the highest possible security parameters to defend against attacks.
TLS/SSL: Cryptographic protocols that encrypt all network data transmissions.
Salesforce also recently introduced Salesforce Shield, a platform built natively on Salesforce1 that can provide clients with very powerful features like:
Platform encryption: Without using any third-party tool or interface to decrypt, users can use the Salesforce metadata level for encryption.
Event monitoring: If you need to see things like who printed a list view, who exported account details, or even who viewed a particular page, Salesforce Shield provides you with a CSV of all such events. This data can then be imported into any visualization tools, such as Wave Analytics, Salesforce reports and dashboards, or any other third-party tools for deeper analysis.
Audit Trail: Though it is already present in standard Salesforce, Salesforce Shield adds on to the Audit Trail by providing an audit history of the past 10 years and up to 60 fields per object!
And of course, a properly implemented Salesforce org has all sorts of security features, such as: Profiles, Object-level security, Field-level security, and Record-level security. And organizations can always enable 2-factor integration or have third-party biometrics installed!
So place your data in Salesforce and just worry about building apps and logic. The infrastructure is fine.