📈 Read the 2025 Salesforce Threat Landscape Report
Back to blog

Case study: Global Brand – Strengthening Salesforce security for global operations

When a global brand discovered malicious attachments and URLs slipping past email security and into Salesforce through email-to-case, they faced a critical choice: maintain essential customer communication workflows or close a dangerous security gap. WithSecure Cloud Protection for Salesforce provided the solution—native, real-time protection that secured their environment without disrupting operations. The partnership even led to product innovation, with customer feedback driving the development of QR code scanning capabilities.

W/ Team January 7th, 2026

Overview

When a global brand discovered malicious attachments and URLs slipping past its email security defenses and into Salesforce, it faced a dilemma: maintain critical customer communication workflows or close a dangerous security gap.

As part of a global system managing complex supply chains and partner relationships across multiple continents, maintaining secure yet accessible communication channels is business-critical. The company operates multiple Salesforce instances across multiple business units to handle internal service requests and external customer interactions.

By partnering with WithSecure Cloud Protection for Salesforce, the company gained the visibility and control it needed to secure files and links uploaded through email-to-case—without disrupting vital customer communication channels.

The challenge: The email-to-case security gap

Salesforce plays a central role in the company’s daily operations, supporting internal ticketing and service requests while also serving as a key touchpoint for stakeholders around the world.

However, this broad connectivity created an unexpected risk. Emails sent from external users—often containing attachments or URLs—were automatically converted into Salesforce cases. Unlike standard email gateways, Salesforce’s email-to-case mechanism bypassed existing email security filters.

As a result, malicious links and attachments regularly reached users inside Salesforce, leading to security incidents including credential phishing attempts and potential malware infections. The cybersecurity team was responding reactively to threats that had already reached users—a situation that risked both data security and business continuity.

“We had strong protections on email,” explains the company’s representative, “but email-to-case wasn’t part of that pipeline. Salesforce simply didn’t scan or detect threats in the same way—and turning off the feature wasn’t an option because we rely on it to support customers.”

The team needed a way to maintain its external communication workflows while ensuring that every file and URL entering Salesforce was safe.

The solution: In-platform protection that fits existing workflows

After evaluating several vendors, the company selected WithSecure Cloud Protection for Salesforce to secure its Salesforce environments.

The solution was deployed as a native Salesforce package, requiring no additional infrastructure or complex setup. Once installed, it automatically intercepts and scans all files and URLs—including those from email-to-case workflows—in real-time, before users can access them. Suspicious content is quarantined automatically while clean files flow through without delay.

“The deployment was smooth and straightforward,” notes the interviewee. “It fit right into our existing Salesforce setup without extra infrastructure. We quickly saw reduced risk and greater visibility across the environment.”

The results: Measurable security improvements and product innovation

The collaboration not only closed an immediate security gap but also led to joint innovation. As one of the early adopters of Cloud Protection for Salesforce, the company worked closely with WithSecure to share emerging threats observed in its environment—including QR code–based phishing attempts.

Through this collaboration, WithSecure was able to introduce QR code scanning capabilities into its protection engine—a feature that now benefits all customers.

“We were seeing more QR-based attacks coming through email,” the representative says. “By sharing what we were finding, WithSecure quickly added QR code detection into their product. That openness to feedback and rapid response really strengthened both our security and theirs.”

Looking ahead: A partnership built on shared responsibility

The company continues to work closely with Salesforce and WithSecure to ensure its environment remains secure as use of AI and automation expands.

” Partnerships like this aren’t optional—they’re essential,” the representative concludes. “As we expand our use of AI and automation in Salesforce, having purpose-built security that evolves with emerging threats gives us confidence to innovate safely. That shared responsibility—each focusing on their strengths—is what keeps environments like ours safe.”

W/ Team
The WithSecure Cloud Protection for Salesforce team brings frontline cyber security expertise to the Salesforce ecosystem. Focused on education and empowerment, the team shares actionable insights on emerging threats, best practices, and how to stay protected – with simple, native solutions that keep Salesforce secure without slowing it down.