Aetrum Insights
Ideas worth reading.
Practical perspectives on Salesforce, enterprise architecture, AI strategy, and the decisions that shape technology programs.
A Map You Drew Once Is a Map That Is Already Wrong.
Part 6, the final post. A dependency map is correct the day you draw it and wrong a quarter later, because the org keeps moving and nothing native keeps the map current. Keeping it true is an operating model, not a document.
Your Certificate Has an Expiry Date. It Does Not Have an Owner.
Part 5 of the series. Salesforce records who changed a credential and when it expires. It does not record who is accountable for it. That gap is where renewals fall through.
Named Credentials and the Certificates They Quietly Depend On
Part 4 of the series. A Named Credential looks like an endpoint and a login. Underneath, it is often a certificate dependency, and Salesforce does not draw that line for you.
The Connected App nobody scoped
Part 3 of the series. A Connected App is one node in Setup with half a dozen invisible edges. In 2025 those edges became a breach blast radius and a forced migration at the same time.
The inbound mTLS certificate nobody owned
Part 2 of the series. A single inbound API certificate, an expiry nobody tracked, and why the move to short-lived certificates makes mutual TLS the first place the dependency graph bites.
The hidden dependency graph in every Salesforce org
Part 1 of a series. The invisible edges between certificates, Connected Apps, and Named Credentials, and why the short-lived certificate era makes mapping them matter more than ever.
The Three Salesforce Data Model Tests Most Migrations Defer to Year Two
Part 3 of 3. The forcing functions most teams discover too late: reporting, integration, and scale as design inputs in month one, not discoveries in month eighteen.
Salesforce 2026 Security Enforcement: An Architect's Guide to Every Date, Every Control, Every Gotcha
A consolidated timeline of the five mandatory step-up authentication gates rolling out June through August, with an architect's view of each control and a prioritized prep checklist.
The May 11 Salesforce Connected App Deadline: A 30-Minute Self-Audit Checklist
A 30-minute audit checklist for Connected Apps and OAuth access, anchored to the May 11 ISV partner deadline.
The Salesforce Security Decision Your Data Architect Should Be Making
Part 2 of 3: Why master-detail vs. lookup is the most consequential choice nobody escalates.
The Oracle-to-Salesforce Migration Question Nobody Asks Until It's Too Late
Part 1 of 3: The data model decision that determines whether year two is a victory lap or a re-platforming project.