In summer 2020, Gartner forecasted worldwide security and risk management spend would approach nearly $124B as demands for security and monitoring rose to meet the needs of remote working. And after several high-profile data breaches, like the Solar Winds attack in the second half of the same year, cybersecurity emerged from the back office as one of the hottest topics that firms must get fluent in fast.
But what does that mean for your Salesforce apps? 2020 upended so many of the conventional ways we think about securing apps and data – and many firms had to make sweeping changes to their security postures due to remote workers. This created a lot of new learning opportunities for IT, Compliance, and Risk teams globally, with topics like:
- How do you know if Salesforce is implemented in a way that meets your compliance requirements while still allowing for innovation?
- How do you align your Salesforce implementation to your security posture?
- How do you operationalize security?
Contemplating these increasingly complex questions and scenarios are sure to help businesses better understand their business risks. But what are the right answers to mitigate them?
The Crosshairs of Innovation: The Emerging Role of Security and Compliance
To answer these questions and more, we invited security professionals from Salesforce and RevCult to host a discussion on lessons learned in 2020 and provide insights for the year ahead. One of our core values at Silverline is that we are always learning, and I’ve felt fortunate to be in the same orbit with our partners at RevCult who live and breathe security for the Salesforce platform every day.
And in the spirit of passing that knowledge along, I hope you find these insights about Salesforce Security strategy as beneficial as I did. Catch the replay.
Key takeaways and what to ask yourself
As many firms look at their 3-5 year innovation roadmap, it requires prodigious amounts of data – much of it sensitive and personally-identifiable in nature. As our clients make adjustments to their Salesforce security capabilities and roll out new features like Event Monitoring, Data Classification, and Data Masking, they want to get the most out of their investment in Salesforce Shield.
They’re also keen to understand how we can connect Salesforce to SIEM platforms like Splunk and NewRelic. It all starts with data governance, the foundation for Salesforce data security.
During our discussion, the panel of experts reviews the basics of what data governance means in order to effectively manage data using appropriate controls throughout the information lifecycle. Then we went on a deep dive into the ways that Salesforce, the lifecycle of customer data, and regulatory compliance can all effectively — and peacefully — co-exist. The panel grappled with these five important questions relating to compliance and cybersecurity posture:
- Where should we start?
- What data lives in Salesforce and how do I classify it?
- How do we prevent sensitive information from falling into the wrong hands?
- What are the regular compliance reports we will need to show an auditor or regulator?
- What should our action plan to achieve our security goals entail?
Interested in more insight from CISOs? For extra credit, check out RevCult’s The CISO’s Guide to Salesforce. RevCult also recently hosted a fantastic “CISOs Talk Shop” event with security executives to discuss what they see as the top data security priorities and how their companies are leveraging Salesforce tools to help. The panelists include security executives from Terminix/ServiceMaster, CBRE, and Cadence Bank.
What’s the next step?
Silverline has more than a decade of consulting experience for highly regulated industries — and we can say with absolute certainty that security and compliance are more important than ever.
Our team of experts are poised and ready to help your security teams plan for your own Salesforce Security Program with a tailored workshop. We’d be happy to chat about your needs.