We're here to talk about security.
We are going to discuss why securing your data
and your customers' data is paramount,
and then I'll give you three steps you can use
to keep your data secure,
saving on costs and improving productivity and efficiency
with a few examples of how we do it at Salesforce.
Welcome to Salesforce on Salesforce,
an inside look at our sales, service,
marketing, and IT businesses
with helpful how-to steps you can use for your business.
we'll have steps that can help businesses
save on costs with automation,
be more efficient with productivity tools, and so much more.
As always, you can continue learning on Trailhead,
Salesforce's online learning platform,
for more information on this topic
and many others you might find useful for your business.
At Salesforce, we build all of our products
with a trust first mindset.
Trust is our number one value
and it has been since the earliest days of our company.
You trust us to build a secure platform that you can use
to help you personalize the best customer experience
and deliver the best customer support
according to your company objectives,
and in return, your customers trust you to keep any personal
or protected information safe and sound.
Protecting your customers' data can help you
on your compliance journey,
leaving you free to focus on other key initiatives.
So, how do we help you instill trust and stay secure?
Well, it's through our shared responsibility model.
Essentially, this would be similar to us
building you a state-of-the-art security system
to help protect your home,
but if you leave your house key under the doormat
or you forget to lock your door,
you increase your risk or exposure.
In practice, our shared responsibility model
means that at Salesforce we understand the importance
of adopting industry-leading security practice,
such as Zero Trust Mindset
and the technology needed to help protect customers' data.
In turn, our customers apply permissions, accesses,
and controls that make the most sense for their business.
But protecting your home at Salesforce
is easier than you think.
So here's our three recommended steps
on how to begin your enterprise's security journey.
Step one, understand your data.
Chances are you have a lot of data
flowing in and out of different systems,
And when you're working with partners,
multiple Salesforce orgs, or any legacy systems,
you might not realize who has access
or what types of information are being stored where.
On the security team at Salesforce,
we love being over planners.
Understanding our data can help us reduce risks
like hefty regulatory fines handed down
all because of a simple mistake
that could have been avoided.
So talk to your internal teams
and map out where all of your data lives
You want to assess how secure your data is
with products like Security Health Check
that compare your security health to our standard baseline
to get you started right away.
But if you're in a more regulated industry,
that baseline might not be sufficient.
In this case, a product like Shield Field Audit Trail
can allow you to access historical audit information
so you know who is accessing your data
helping give you a real-time pulse on your Salesforce org.
The key to understanding your data
is that no matter where you or your company is
in your security journey,
taking a day or two to do an inventory
of your assets and data flows,
both in and out of Salesforce,
is a great way to get started.
Step two, protect your data.
Once you have a better idea of your data flows,
your users, your systems,
you can now begin to address any unmet needs,
like any old Salesforce orgs you're no longer using
or inactive users with licenses that are still active.
The majority of our programs, measures, and controls
focus on fundamental security practices.
One such practice is the widespread adoption
of multifactor authentication, or MFA for short.
For example, we employ MFA for every single one
of our more than 60,000 employees at Salesforce.
We often find that customers think their security posture,
which is just a fancy way
of saying your organization's internal approach
but they actually end up spending so much time
addressing users' current needs,
like granting permissions or offboarding users,
instead of allocating time to future events
that bear greater cost implications,
like finding sensitive customer information
Products like Shield Data Detect
help our customers automatically identify
and classify sensitive data,
like customers' credit cards numbers
sitting in the wrong place.
Because in the chance the information does end up
where it's not supposed to be,
you want to do something about it ASAP
to help you comply with the latest laws in your industry.
there are over 240 global regulations,
each one with its own set of guidelines and laws
in place to help protect consumer privacy.
From GDPR to CCPA to insert new acronym here,
it can be daunting to keep up with all those laws
and auditing your data to ensure you are compliant,
especially if your business operates in multiple locations.
Compliance is always top of mind for us at Salesforce.
We have a team of security and privacy experts
across the world dedicated to helping our company comply
with the latest regulations.
At Salesforce, we use a product called Privacy Center
to help maintain compliance year round
with applicable regulations.
And for developers out there,
we have a product called Data Mask
which helps you mask sensitive data
and sandbox environments,
so you're already ahead of the compliance game
by enabling your devs to work with realistic data,
while eliminating much of the risk
that comes with using real-world data.
Compliance is like insurance,
it can be costly if you don't use it,
but you really don't want to be without it
in the off chance that you do need it.
Because not complying with regulations
is often two times as expensive as everyday compliance.
Going back to our home security analogy,
this is similar to paying
for everyday homeowner's insurance,
but the cost of your items getting stolen
or someone breaking in is much worse
than whatever your monthly payment might be.
Step three, monitor your data.
where there are potential vulnerabilities in your data
and you've put active measures in place
to help protect it in a compliant way,
this step is about how to regularly monitor your data.
Earlier we mentioned the importance
of having a security posture,
we constantly evaluate our security posture
by testing our security controls and processes
Monitoring our data means regularly testing our code
and alerting our Salesforce security response center
We also regularly conduct penetration tests.
You can think of these tests as simulations
like a breach or a general system stress test,
to ensure that our systems are up to code.
We take these extra measures
because customer data is incredibly valuable
and expensive if it ends up in the wrong hands.
We talked about the cost savings
from complying with third-party regulations and laws,
but did you know that the average cost
of a data breach worldwide is nearly $4 million?
And that's only in response to a data breach.
That figure is significantly higher
when you factor in customer trust
and any future revenue impacted
as a result of that lost trust.
In addition to stress testing our systems,
we're also monitoring them regularly
to look out for anomalies and known threats.
With a company of our size, we have policies in place
for how data can be exported and how much.
Or if our apps aren't performing regularly
because of some unforeseen event,
we can send real-time alerts
so that we can troubleshoot and inspect any potential risks.
Products like Shield Event Monitoring help our customers
what the most frequently accessed reports or objects are,
or how long it takes your pages to load.
Because customer trust is not only relevant
when keeping their data safe,
it also matters when building reliable,
powerful customer experiences
that differentiate your business.
Lastly, a lot of our customers, like us,
and it's hard to get a full picture
into your security policies
and your key metrics across a large enterprise,
especially if you're using different admins
or teams across each org.
Our product Security Center is an awesome way
to apply consistent policies across all of your users
and see all of your security controls in one place.
Security Center also helps you maintain
your compliance policies across your entire organization,
allowing departments to easily collaborate
while making a big impact.
Compliance, consistency, and collaboration,
Three recommended steps to help you develop your security
by understanding, protecting, and monitoring your data.
Check out salesforce.com/platform
to dig into more about our security products
and be sure to watch the other episodes in this series
to learn how we at Salesforce run our business
with helpful honest tips you can use for yours.