Modern cloud environments allow businesses to implement advanced digital capabilities faster than ever. In fact, 40% of executives say they’re accelerating digitization-perhaps taking on business strategies they hadn’t imagined before.1 This accelerated pace, however, introduces new complexities around data privacy and security.
It’s critical to remember that the adoption of a Software-as-a-Service solution does not change your obligation to your customers and stakeholders in terms of protecting hosted data. The shared responsibility model is clear that the business, rather than the vendor, is responsible for the integrity and protection of the hosted data.
“Most businesses are at a point where digital transformation cannot move fast enough, because the need for results is so great. But when you’re putting mission critical data about your customers, employees, and partners in these environments, you have to be able to trust that it’s secure and that privacy is being maintained.”
Here are some questions we often hear from business leaders considering a Salesforce implementation:
How do we respond to the changing privacy landscape?
You must make sure your products are appropriately configured to address GDPR, CPRA/CCPA, and other global and local privacy requirements. Your industry may also require Multi-Factor Authentication (MFA)—in fact, most of the IT market will be mandated to use MFA for all IT systems and cloud access by February 2022 following an executive order from the Federal Government.
In addition, you have to comply with data residency law requirements from a growing list of countries. This law mandates that data about a nation's citizens or residents be collected, processed, and/or stored inside the country.
Will I still see the productivity benefits of a digital transformation if I take all the extra steps to secure the data?
Yes, and likely more. 54% of consumers say it’s harder than ever for companies to earn their trust,2 While 81% say personal vulnerability (around health, financial stability, and privacy) is a reason why brand trust has become more important.3 Building an environment where your customers can be confident their data is secure creates a competitive advantage for your business.
This seems complex. What can I do right now to improve privacy and security in the system I’m building?
Work with your development partner to set your strategy around privacy and security before development even begins. Make sure cybersecurity and privacy subject matter experts are on your implementation team to advise on business risk and legal obligations. Then intentionally bring your strategy to life when designing the architecture of your platform. Salesforce and PwC have made significant investments in developing methodology, tools and accelerators to help make this a smooth transition.
How do we maintain privacy and security in our development environments when we have third party developers?
By following the principle of least privilege, you’ll ensure that each user only has access to the data which is essential to perform their job. This not only creates a firewall between your data and your developers, it also helps facilitate employee access to appropriate resources with proper authorization. In addition, Salesforce provides tools like Data Mask which allows you to anonymize sensitive information in the development environment.
Keep in mind that security configuration is not “set it and forget it”—it requires continuous monitoring to ensure your users have the appropriate level of data access and that you have most current information on any cybersecurity threats.
The products needed to secure my data are expensive. Is it worth it?
In reality, you can’t afford not to invest in data security. If you take the path of least resistance and leave gaps in your environment, it’s likely you’ll experience a breach or malware. This can create a significant distraction from your business priorities and growth, and customer engagement and loyalty.
PwC’s “Trust by design” solution and associated tools and accelerators can help you implement a secure and trusted Salesforce solution that integrates with your enterprise security architecture, leverages right salesforce security products and is aligned with your security and privacy regulations, policies, and standards.
Contact us today to schedule a knowledge session and a rapid “Trust by design” diagnostics test that will help define a customized security and privacy roadmap for your Salesforce implementation.
1 PwC, Global Digital Trust Insights, 2021
2 Salesforce, State of the Connected Customer, 2019
3 Edelman, Trust Barometer Special Report: Brand Trust in 2020, 2020