So you want to build a giant enterprise platform. Great.
You want mission critical and private data to flow between CRMs and other critical applications flawlessly, with no leaks, no breaches, and no compromises.
You also want to build infinite user controls and optionality, and also smooth and seamless user identification to access these business apps.
No pressure right?
Marla Hay is the Senior Director of Product, Security and Privacy at Salesforce and she knows how to balance critical security with smooth identity management. It’s actually one of the key reasons she’s in the field.
“We’ve seen an increased focus on data security and privacy over the last like 15 years. One of the things that makes me really excited, and one of the one of the reasons I loved and picked this area to work is that intersection of data security, privacy, and usability. That’s a place where I think we’ve seen a lot of evolution.”
Data and privacy are two hot-button issues right now, but a company’s concerns over these two topics isn’t insular. The worry goes beyond the data on internal networks and into the idea of what’s happening to the information that gets sent out to other services as well. On this episode of IT Visionaries, Marla explains how Salesforce designs its products and services, including a detailed look at the feedback loops her team has in place to ensure product quality. Plus, Marla touches on the evolution of digital identities and how Salesforce is managing those permissions.
Main Takeaways
- Can I Get Access to That? Managing digital identities is a two-way street: employers must be able to make sure that the permissions they are granting to a group of employees are the appropriate permissions, but that they are securing those identities depending on where that data is going. On the other side is the employee, who is responsible for knowing where their permissions are being used and remaining conscious of the risks associated with sharing data.
- Designed to Fail: Your customers are your biggest asset, so make sure you are constantly asking them what is working and what is not working with your products and services. When you are consistently communicating with your customers, gain an idea of big picture themes that are coming down the pipeline, but you are gaining ideas on how to fix thousands of problems, not just one.
- Intersection of Data and Privacy: Over the last 15 years, there has been an increased focus on data and privacy and how that data is managed on internal services, but also the group of products that a company’s data is being fed to.
For a more in-depth look at this episode, check out the article below.
Article
So you want to build a giant enterprise platform. Great.
You want mission critical and private data to flow between CRMs and other critical applications flawlessly, with no leaks, no breaches, and no compromises.
You also want to build infinite user controls and optionality, and also smooth and seamless user identification to access these business apps.
No pressure right?.
Marla Hay is the Senior Director of Product, Security and Privacy at Salesforce and she knows all about toeing that fine line. It’s actually one of the key reasons she’s in the field.
“We’ve seen an increased focus on data security and privacy over the last like 15 years. One of the things that makes me really excited, and one of the one of the reasons I loved and picked this area to work is that intersection of data security, privacy, and usability. That’s a place where I think we’ve seen a lot of evolution.”
Data and privacy are two hot-button issues right now, but a company’s concerns over these two topics isn’t insular. The worry goes beyond the data on internal networks and into the idea of what’s happening to the information that gets sent out to other services as well. On this episode of IT Visionaries, Marla explains how Salesforce designs its products and services, including a detailed look at the feedback loops her team has in place to ensure product quality. Plus, Marla touches on the evolution of digital identities and how Salesforce is managing those permissions.
One of the key tasks that Marla oversees is how Salesforce can create additional security and privacy around it’s customer’s applications— this includes serving as an organization’s gatekeeper and overseeing who gets access to what.
“We are a steward of our customer’s data,” Hay said. “Our data belongs to our customers. What we want to do is put in place things that make it really easy for our customers to control and manage access to that data. We put in place a very robust set of things like user permissions and app-level permissions, page-level permission so that our customers can create exactly the degree of access that they want for their entire ecosystem.”
But managing permissions when it comes to hundreds and possible thousands of employees is tricky. It’s a process that can’t be defined by simply setting a rule based on if an employee has a certain level of clearance.
“It’s a robust process, but there’s a bit of an art to it as well,” Hay said. “First is deciding if there’s going to be resource constraints. We really listen to the community and we do a lot of meet-ups, and customer advisory groups. We have boards where customers can request feature enhancements. And then of course, customers of the security and privacy products that are the add-on products, we’ll have dedicated customers and we’ve got a built-in base that is paying for these additional products that are always feeding us fantastic requests.”
Those requests and customer one-on-ones help her team develop feedback loops that are integral when it comes to managing the infrastructure of Salesforce’s vast portfolio of products. But out of those feedback loops, Hay mentioned that Salesforce has seen some common themes develop from its customer base.
“We’ve seen an increased focus on data security and privacy over the last 15 years,” she said. “Safeguarding the things that need to be safeguarded and protecting employees, those are the things that are critical infrastructure and ensuring that those things are only accessible through additional step-up authentication, and those things are not accessible by any app that’s just sitting on the device unless it has been pre-approved or authenticated.”
But in a world of cloud-based applications, where companies are using Salesforce’s SaaS-based applications, but hundreds of other pieces of software, managing what data gets sent and received is another big obstacle.
“From the employer perspective, ensure that you understand when, how, and why data is exfiltrating your system or infiltrating.” Hay said. “With something like Salesforce, you can have things like transaction security. So transaction security will basically let you know if you can or if you want to stop data from leaving the system based on this criteria. That’s the employer’s responsibility. Then the next set of responsibility is with the employee. This is just a matter of trust and training.”
To hear more about Marla, her journey to Salesforce and some of the exciting new products and services the company is building, check out the full episode of IT Visionaries!
To hear the entire discussion, tune into IT Visionaries here.