In this session, we will explore how the Principle of Least Privilege (PoLP) serves as a foundational security strategy for protecting data, reducing risk, and improving overall system resilience. We’ll examine how thoughtful access design, rather than reactive permission cleanup, helps prevent unauthorized access and supports compliance without hindering productivity.

In addition, we will review recent changes to Connected App security, including tighter OAuth controls and what they mean for third-party integrations. We’ll also discuss the security implications of VPN usage, clarifying common misconceptions and highlighting where VPNs help—and where they don’t—within Salesforce’s security model. Finally, we’ll uncover the hidden impacts of sharing rules, showing how they can unintentionally expand data access and undermine least-privilege goals.