While I’m not one to believe in karma, I do think that things often come full circle.
Several years ago, when I was at Salesforce, many of our customers in regulated industries were struggling to take full advantage of the Salesforce platform due to regulatory and compliance constraints. As EVP of Platform Products, I was part of the team that was charged with building a product that could help these companies easily build compliance into their Salesforce development efforts. After lots of ideating, development and testing, Salesforce Shield officially launched in 2015.
Fast-forward to today, and I'm the CTO here at Own. Last year, when we started discussing plans to acquire RevCult, a SaaS Security Posture Management (SSPM) company whose services include helping companies implement Salesforce Shield, you can imagine my enthusiasm.
But not just for the reasons you’d expect.
Managing security is hard…and getting harder
The reason I was so excited about teaming with RevCult wasn’t just because I had a personal connection to the product (though that was pretty neat). It’s because I realized just how great a need there is for data security today.
2021 saw a record-breaking number of cyber attacks, with a 50% increase in overall attacks per week on corporate networks compared to the year before.
But while cyberattacks tend to make the headlines, they aren’t the only threat to organizations. In addition to external security breaches, the majority of cloud security failures and resulting data loss continue to be the customer’s responsibility, according to Gartner. Careless employees, lax permissioning, social hacking, insider threats, poor physical security controls and other vulnerabilities are far more likely to result in data loss than attacks on the SaaS provider.
Our own research found that 88% of sensitive information inside Salesforce remains exposed to hacking and misuse by employees because most users can read or edit high-risk fields. And according to a recent study from ESG, nearly one third of all successful data breaches used misconfigured users and permission settings as the initial entry point.
And just as customers are responsible for recovering their own data should it become lost or corrupted, they are also responsible for securing the data with controls like password policies, IP restrictions, SSO, encryption and more.
However, this is easier said than done. A single SaaS app includes numerous security settings, controls and policies that must be managed and tracked, creating a near infinite number of opportunities for mistakes and oversights. As a result, protecting and governing the data inside your SaaS applications is a massive undertaking — one that a majority of organizations cannot totally grasp without the right technology.
Bringing Own Secure to market
Acquiring RevCult in the second half of 2021 was a key step toward our goal of helping organizations solidify their security posture by removing vulnerabilities in their SaaS environments. Since then, we’ve been hard at work growing our development team, accelerating our product investments in SaaS security posture management, and integrating our two companies.
I’m proud to say that all of that work led us to where we are today, as we unveil our new security product: Own Secure. Secure is the most comprehensive way to strengthen your SaaS security posture by identifying data exposure risks and proactively taking action to protect and secure your data.
Secure is available on the Salesforce AppExchange and can help you:
- Identify security risks with confidence - Pinpoint misconfigurations, incorrect permissions, and data exposures wherever they may be in Salesforce.
- Classify sensitive information with ease - Isolate exactly where sensitive information exists in Salesforce and apply classification categories without leaving the platform.
- Accelerate remediation with detailed blueprints - Proactively automate remediation of data vulnerabilities and encryption blind spots with detailed action plans and real-time alerts.
- Accelerate Salesforce Shield implementation - Implement and report on Shield encryption to understand why encryption is blocked and what needs to be resolved down to the field level.
- Prove compliance with industry regulations - Deliver real-time, evidence-based reports and audits to satisfy internal policies and external regulations in highly regulated industries.
Fortify your Salesforce data security
Even during my time at Salesforce, I never could have predicted how quickly digital transformation would happen. As business becomes increasingly reliant on SaaS and the cloud becomes essential to day-to-day operations, companies must implement a robust and well-rounded SaaS data protection strategy. And including proactive data security as part of this strategy is no longer negotiable.
If you’d like to learn more about Secure, request a free Guided Risk Assessment for Salesforce today, or schedule a demo below.