Achieving a balance between security and convenience in a mission-critical business application was difficult even before employees started using their mobile devices to take work outside the office. Salesforce.com Inc. wants to ease the task for the providers and large enterprises that run custom services on its CRM service with a new authorization mechanism that is rolling this morning to facilitate better control over how client records are accessed.

Transaction Security, as the cloud giant calls the feature, provides the ability to customize the rigid policies that its platform uses to prevent data theft for specific situations. A sensitive revenue report that would have once been automatically viewable by every user with the right permissions, for instance, may now be configured to require re-authentication before it can be opened. It’s a much more simpler alternative to the traditional approach of having the IT department manually handle every file containing confidential information and only grant access upon request on a case-by-case basis.

At the same time, an organization can also use Transaction Security to make the restrictions on its Salesforce.com applications even tighter than they were before. To that end, the mechanism provides the ability to block senior personnel with full access to their client records from performing certain actions that could potentially expose the data to unnecessary risk. The blacklist may include everything from logging into the platform through a mobile device whose security has not been verified by the IT department to less obvious threats like bulk downloads. Administrators have several options for how to respond to such policy violations.

They can set Transaction Security to deny the request, log the offending user out of Salesforce.com or, if the individual has a history of carelessness, alert a supervisor. Organizations with more specialized requirements have the ability to augment the default feature set with their own custom-made policies. 

Image via Flickr