Despite the collective push to digitize customer experiences that has taken place throughout the financial services sector in recent years, most institutions have plenty of room to improve. The modern bank comprises a multitude of disparate systems across its many business units — and for the most part, sales, service, and engagement journeys are not seamlessly connected across channels.
But Salesforce Financial Services Cloud presents banks with an opportunity to change that. The Salesforce platform with native digital, sales, engagement, and marketing combined with on-platform lending presents banks with an amazing opportunity to optimize cross-channel customer experiences while streamlining the employee experience. Not surprisingly, many organizations are jumping at this opportunity.
However, lenders that move quickly to scale their Salesforce usage must remember one thing: Cloud-based banking is still new. Consolidating large amounts of highly sensitive regulated information into cloud applications is still a fundamentally risky endeavor — one that requires a comprehensive security and governance strategy that balances business operations with financial performance, customer service, and compliance. Most banks don’t have that yet.
Laugh Now, Cry Later
In 2020, most banks are just starting to gain experience in managing sensitive customer information (e.g., NPI, PII, PCI) in a cloud environment. Similarly, the Financial Industry Regulatory Authority and other regulating bodies are still figuring out how the risks associated with cloud computing differ from those associated with legacy solutions. Banks that race ahead of regulators to offer customers more seamless digital experiences might prosper in the near term, but eventually, they could pay a severe price for prioritizing speed over security.
The reality is that most lenders still see Salesforce as a “black box” that doesn’t require much oversight. But remaining blissfully ignorant of the security risks that accompany the use of Salesforce and other platform-as-a-service solutions isn’t a viable option. Inevitably, as banks fail to uphold their end of the shared responsibility model employed by most cloud services agreements, data breaches will drive away customers, incur the wrath of regulators, and force institutions to implement stronger, more developed governance and security policies.
Salesforce’s Communities tool, which allows users to set up branded customer engagement portals, often serves as a natural starting point for banks interested in improving customer experiences. Using Communities effectively requires the collection of customer product and preference information, which means that a potentially wide range of bank employees have access to this information at any given time. This should be concerning, considering roughly 30% of data breaches arose from internal sources in 2019.
Even beyond the implementation of Communities, many banks are recasting branch roles in a way that adds to the risk of internal data compromises. In order to address all customer product inquiries from each branch, banks are eliminating the segregation of duties among branch employees, meaning fewer employees inevitably have access to a wider set of customer data. The prevalence of internally driven data breaches combined with banks’ general ignorance of the shared responsibility model makes for a frightening combination if you’re a security or compliance professional.
Securing Customer Experiences
Own helps financial services firms address platform security with confidence. As an independent partner focused solely on security and governance for Salesforce, we can help you make security an integral part of your new customer experience architecture.
We commonly start with a proprietary, comprehensive Security Risk Assessment that will reveal any vulnerabilities in your current Salesforce configuration across six key areas: data protection, data loss prevention, authentication, authorization, monitoring, and integrations. Every Security Risk Assessment inevitably turns up some security gaps, and we’ll give you a prioritized remediation plan for closing these gaps and mitigating risks — now and as you leverage the platform in more ways in the future.
While the security features built into the Salesforce platform are robust, they’re often too difficult to use efficiently for smaller IT teams, like those typically in charge of security at mid-market or community banks. In our experience, bank leaders often assume that their IT teams are deploying these features correctly, and that there’s a centralized system of oversight governing usage and application development on the platform. Usually, that’s not the case. To fix this, Own helps banks implement critical security controls limiting access to company and customer information in a way that mitigates the risk of data theft without compromising platform usage.
As Salesforce continues to capture more market share in the financial services sector (especially as nCino becomes a more integral part of the loan origination and lending processes), more institutions will scramble to adapt their security and governance strategies to the cloud.
Interested in learning more? Request a free Guided Risk Assessment for Salesforce today, or schedule a demo below.