Skip to main content
Skip table of contents

24Files and Security

Basics

24Files is a managed package that is installed in your Salesforce environment and integrates with your SharePoint environment. This implies that:

  • The 24Files team does not not host a service for you.

  • The 24Files team does not store any of your data.

  • The 24Files team does not have access to any of your data.

24Files Security and Integration Essentials

Built on Salesforce: 24Files is developed entirely on the Salesforce platform, ensuring robust security and seamless integration. It connects with SharePoint through APIs, ensuring that no files are stored on any 24Files or third-party servers.

Authentication and Authorization: 24Files does not store any SharePoint credentials. Instead, it utilizes an OAuth authorization flow, redirecting users to SharePoint for authentication. This approach maintains security and integrity by relying on established protocols for user verification.

Salesforce Security Review: As a listed solution on Salesforce's AppExchange, 24Files has undergone a thorough security review by the Salesforce team. This review confirms its adherence to best practices in software security.

Role-Based Access Control: Leveraging Salesforce's security model, 24Files defines multiple roles including admin, user, and community user, each with specific permissions to suit different levels of access and interaction within the system.

SharePoint API Permissions: To perform API calls on SharePoint effectively, 24Files requires certain permissions, which are set to the minimum needed for functionality. One key permission is AllSites.Write, which allows users to add content to libraries without the capability to create new libraries or alter the structure of existing ones.

Managing Access and Permissions with SharePoint

Direct Inheritance of Permissions:

  • Seamless Integration: By integrating directly with SharePoint, 24Files inherits all predefined access settings from SharePoint. This ensures a consistent and streamlined management of access rights across both platforms.

Controlled Access Based on User Rights:

  • Rights-Specific Visibility: Users will only be able to see the files and folders in 24Files that they are authorized to view in SharePoint. If a user doesn’t have access to certain data in SharePoint, they won’t have access to that data in 24Files either.

Benefits of Permission Inheritance:

  • Maintenance Efficiency: The direct inheritance of permissions from SharePoint to 24Files avoids the need for managing multiple permission systems, reducing complexity and maintenance overhead.

  • Enhanced Security: Utilizing SharePoint’s robust security measures, 24Files ensures that sensitive information is protected and accessible only to authorized personnel.

  • User Familiarity: The use of a familiar permission model reduces the learning curve for users and promotes better adoption and user experience.

This integrated approach not only streamlines how permissions are managed between SharePoint and 24Files but also maintains a high level of security and data integrity, ensuring that only the right users have the right access at the right times.

24Files and Soc-2 Compliance

Why SOC 2 Compliance Isn't Required for 24files

While 24files does not maintain a standalone SOC 2 report, this does not represent a security risk for our customers. In fact, our Salesforce Native architecture is designed to ensure that your data remains within the compliant environments you already trust (Salesforce and SharePoint).

1. The "No-Data-Silo" Architecture

The primary reason companies seek SOC 2 compliance is to verify how a vendor stores and protects data on their servers.

  • 24files never stores your data. We do not have a separate database or cloud backend where your files live.

  • Direct Integration: 24files acts as a secure "lens." It visualizes your SharePoint data directly within the Salesforce UI.

  • The Result: Your data stays within the SOC 2-compliant boundaries of Salesforce and Microsoft 365.

2. Salesforce AppExchange Security Review

Because 24files is an AppExchange app, we are subject to what is arguably the most rigorous security vetting in the SaaS industry:

  • Annual Security Reviews: We must pass the Salesforce AppExchange Security Review to be listed. This is a mandatory, invasive audit conducted by Salesforce’s own security team.

  • Code & Dependency Scanning: We utilize industry-leading tools like Checkmarx and Snyk to ensure our code is free of vulnerabilities and that all third-party dependencies are secure and up-to-date.

  • Native Execution: Our logic runs within the Salesforce multi-tenant environment, inheriting the platform’s existing security controls, encryption, and permission sets.

3. Inherited Compliance

By using 24files, you are not adding a new data processor to your supply chain. You are simply extending the functionality of two platforms that already meet the highest global standards:

  • Salesforce: Holds SOC 1, SOC 2, SOC 3, ISO 27001, and more.

  • Microsoft SharePoint: Holds SOC 1, SOC 2, ISO 27001, and HIPAA compliance.

 

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close