With today’s ever-increasing number of cyber attacks and phishing attempts, keeping data secure — while continuing to innovate and scale their businesses — has become a top concern among leadership teams across industries. One of the most important ways to safeguard your systems is by keeping them up to date, applying security patches and installing available upgrades.
Here at Salesforce, trust is our number one value, and security is a major part of any new release. The same holds true for Hyperforce, our cloud-native architecture that pairs Customer 360 with the agility of public cloud. And like those upgrades you regularly do for your digital apps and operating systems, Hyperforce is the latest upgrade for Salesforce customers.
To learn more about the benefits of Hyperforce, the upgrade process, and, perhaps most important, the security of this new infrastructure, I sat down with Salesforce Senior Director, Krishna Chalamasandra. Krishna is part of Salesforce’s Security and Compliance Customer Success team, the team that supports Salesforce customers through every step of the upgrade process.
So, Krishna, let’s start at the top. What is Hyperforce, and why now?
As you noted, Hyperforce is a new infrastructure architecture that unifies the foundations of the various clouds, allowing Salesforce to scale rapidly and securely using public cloud partners. As customers become increasingly global and look to SaaS to handle mission-critical functions, they also need to meet local data storage requirements and international compliance regulations. Hyperforce enables that, leveraging public cloud partners to deliver faster expansions, manage data residency, and safeguard your customer data with robust and transparent privacy controls and end-to-end encryption.
Learn security best practices
What about customers who may be thinking, “I’m comfortable where I am, so why would I need to move?”
While not currently required, many of our customers are already upgrading to Hyperforce and the response has been overwhelmingly positive. Hyperforce offers more benefits than just moving from first party data centers to the public cloud. From a security standpoint, Hyperforce provides all aspects of the CIA Triad, which refers to “confidentiality,” “integrity,” and “availability,” plus auditability and privacy.
Now, I want to take a step back because we talked about Hyperforce and we’ve talked about security. Can you help me understand the difference between a first-party data center and the public cloud and what that means for Hyperforce?
For the last 22 years, Salesforce offerings were hosted within a data center. With a data center, you start by setting up the racks, putting the hardware and the machines in place, adding networking, storage, and all of the infrastructure along with the platform and the services for Software as a Service (SaaS). All of the layers of cloud computing, things like Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Supply Chain as a Service (ScaaS), Salesforce completely owned and managed all of this with a first party data center.
With Hyperforce, we are leveraging the power of a public cloud provider. We have partnered with AWS, who take care of their data centers, with all of the systems including hardware, networking, the IAS. We’re leveraging that and deploying our platform as a service. The unified cloud infrastructure enables our SaaS workloads to be deployed more quickly and be available in new regions. This is a key benefit because, in the past, establishing a local Salesforce instance in a new region could take years, but with Hyperforce, we can have a new instance in the region to help our customers store their data locally within a few months. This kind of agility gives our customers tremendous competitive advantage.
So, the public cloud enables faster deployment, data residency options, and more flexibility, but what about security?
Just like with everything Salesforce does, security was built into the Hyperforce architecture from the start. As countries are examining and changing their compliance requirements from a data privacy standpoint, this often requires that data stays within a specific region. We provide tools to allow customers to discover applicable data standards and set up and manage their Salesforce org with confidence that they are in compliance with data residency requirements.
When we’re partnering with cloud providers such as AWS, how exactly does Salesforce ensure that data is secure?
This is where public cloud readiness comes into play. While it may seem that because AWS completely manages the infrastructure, Salesforce wouldn’t have control over data security, in reality, the security controls — like end-to-end encryption — that we have in place block AWS from accessing our customer data.
If, for example, AWS took a network capture between services, they would not be able to see the clear text information. The tenant level encryption (TLE), which we are offering as part of Hyperforce, provides customers the ability to encrypt all of their data and they can bring in their own keys and they can hold the keys.
What additional controls do customers gain with Hyperforce?
TLE is a great example. Customers can bring in their own Key Management Service (KMS) and Hardware Security Module (HSM), that way they secure their keys and they manage the keys securely in AWS. Using Cloud HSM, we have the ability to have these add-ons or plugins to support our customers and give them much more control over their data.
Salesforce is regularly engaging with customers around encryption and how it can be provided at various layers in the public cloud in comparison to the out of the box encryption received within a first-party data center. Krishna, as a customer, help me make the decision between first party data centers, products like Salesforce’s Shield and other advantages of Hyperforce from a security standpoint.
The first thing we should ask a customer is “what are your requirements?” Because depending on the industry and the type of business they conduct, some customers require encryption as a checkbox. Other customers, in highly regulated industries like healthcare or financial institutions, have compliance requirements because they may be storing PII or PCI data or other sensitive information.
Based on customer needs, we can suggest an appropriate offering for them right in Hyperforce, which provides an additional layer of encryption. So if they just want to encrypt all the data and have the control of the keys, then TLE would suffice. Some customers have specific fields that need to be encrypted, then we recommend platform encryption beyond TLE.
So, Krishna, what specific actions do customers need to take to be ready for the upgrade to Hyperforce?
The first thing customers should know about the upgrade to Hyperforce is that it’s free, and that by upgrading they will get all of the benefits we’ve been discussing here at no cost. The second thing is that Hyperforce is what we like to call “hyper compatible”, meaning that the user experience will remain the same. Third, with Hyperforce they are accessing the latest and greatest technologies available. We have more than 45,000 customers using Hyperforce today, mostly in the Asia-Pacific region and Singapore, and it’s rapidly expanding across regions.
You can launch Hyperforce Assistant GA, which is a tool to assess an org for eligibility. Or if customers are otherwise ready or have explicit requirements and urgency to upgrade, they can reach out to their account team and work with our Customer Success partners to make that happen.
Check out the Hyperforce FAQ if you have any questions.
Krishna Chalamasandra is a cybersecurity and compliance enthusiast with over 22 years of experience in the industry. Being a member of the Salesforce Security and Compliance Customer Success team, assists customers with deep-dive security reviews, architecture overviews, customer audits, and supporting executive conversations at the CISO/CIO level. Having expertise from both engineering and customer success, he is a customer-focused results-driven leader.