Aetrum Insights

Ideas worth reading.

Practical perspectives on Salesforce, enterprise architecture, AI strategy, and the decisions that shape technology programs.

Salesforce Architecture June 30, 2026 ~9 min read

A Map You Drew Once Is a Map That Is Already Wrong.

Part 6, the final post. A dependency map is correct the day you draw it and wrong a quarter later, because the org keeps moving and nothing native keeps the map current. Keeping it true is an operating model, not a document.

Salesforce dependency graph drift operations governance
Read →
Salesforce Architecture June 21, 2026 ~9 min read

Your Certificate Has an Expiry Date. It Does Not Have an Owner.

Part 5 of the series. Salesforce records who changed a credential and when it expires. It does not record who is accountable for it. That gap is where renewals fall through.

Salesforce certificates security ownership operations
Read →
Salesforce Architecture June 16, 2026 ~8 min read

Named Credentials and the Certificates They Quietly Depend On

Part 4 of the series. A Named Credential looks like an endpoint and a login. Underneath, it is often a certificate dependency, and Salesforce does not draw that line for you.

Salesforce Named Credentials Certificates mTLS integration architecture
Read →
Salesforce Security and Architecture June 6, 2026 ~10 min read

The Connected App nobody scoped

Part 3 of the series. A Connected App is one node in Setup with half a dozen invisible edges. In 2025 those edges became a breach blast radius and a forced migration at the same time.

Salesforce Connected Apps OAuth integration security architecture
Read →
Salesforce Security and Architecture May 30, 2026 ~10 min read

The inbound mTLS certificate nobody owned

Part 2 of the series. A single inbound API certificate, an expiry nobody tracked, and why the move to short-lived certificates makes mutual TLS the first place the dependency graph bites.

Salesforce certificates mTLS integration security architecture
Read →
Salesforce Security and Architecture May 23, 2026 ~8 min read

The hidden dependency graph in every Salesforce org

Part 1 of a series. The invisible edges between certificates, Connected Apps, and Named Credentials, and why the short-lived certificate era makes mapping them matter more than ever.

Salesforce certificates dependency graph integration security architecture
Read →
Salesforce Migration May 20, 2026 ~13 min read

The Three Salesforce Data Model Tests Most Migrations Defer to Year Two

Part 3 of 3. The forcing functions most teams discover too late: reporting, integration, and scale as design inputs in month one, not discoveries in month eighteen.

Salesforce migration data model reporting integration scale
Read →
Salesforce Security May 13, 2026 ~12 min read

Salesforce 2026 Security Enforcement: An Architect's Guide to Every Date, Every Control, Every Gotcha

A consolidated timeline of the five mandatory step-up authentication gates rolling out June through August, with an architect's view of each control and a prioritized prep checklist.

Salesforce Security MFA Architecture Compliance
Read →
Salesforce security May 6, 2026 ~8 min read

The May 11 Salesforce Connected App Deadline: A 30-Minute Self-Audit Checklist

A 30-minute audit checklist for Connected Apps and OAuth access, anchored to the May 11 ISV partner deadline.

Salesforce security Connected Apps OAuth audit
Read →
Salesforce Migration April 22, 2026 ~12 min read

The Salesforce Security Decision Your Data Architect Should Be Making

Part 2 of 3: Why master-detail vs. lookup is the most consequential choice nobody escalates.

Salesforce migration security model sharing data architecture
Read →
Salesforce Migration April 14, 2026 ~15 min read

The Oracle-to-Salesforce Migration Question Nobody Asks Until It's Too Late

Part 1 of 3: The data model decision that determines whether year two is a victory lap or a re-platforming project.

Salesforce migration data model Oracle CRM architecture
Read →