In the age of AI, evolving regulations, and ever-more sophisticated threat actors, Salesforce data security is once again front and center. Read our 2024 predictions for Salesforce data security trends below, including how organizations can and will address each trend.
Prefer video format? Odaseva CISO Arnaud Treps, and Chief Product Officer Francois Lopitaux, cover these trends in a webinar which you can access here.
The rise of AI within Salesforce will cause significant challenges related to data security.
One major challenge is that once an AI model is run on data, the model cannot be easily changed. For that reason, organizations must ensure that sensitive data is not included in the prompt or the dataset used to train the AI model. Otherwise, if sensitive data is accidentally included such as a customer’s Social Security number, there’s a risk exposing it to unwanted parties and this error cannot be undone without wasting significant amounts of time, money, and energy on re-running the model.
To help ensure AI models are not exposed to sensitive data, enterprises will explore minimization, anonymization and tokenization solutions.
The solution enterprises will prefer is pseudonymization. This very strong technique for removing Personally Identifiable Information (PII) from data is a form of anonymization because it protects against accidentally exposing sensitive data in a prompt, while still enabling the data to have business relevance.
This is because machine learning requires data that accurately represents reality, but does not require complete personal details such as exact address, credit score, and date of birth. By transforming this data with pseudonymization, the prompt sent to the AI model includes a representative of the actual data without exposing the real data to the model.
For example, data on a 41 year old male living in Memphis, TN named Elvis Presley can be pseudonymized in the prompt as an anonymous American male in his 40s. The output of the AI model would be representative of a real person but without the risk of revealing specific personal information. This helps enterprises gain business intelligence without risking exposure of sensitive data.
These pseudonymization methods will be crucial in preserving data privacy while allowing enterprises to leverage the power of AI within Salesforce. By implementing these pseudonymization techniques, companies can strike a balance between harnessing the benefits of AI-driven insights and maintaining the security and privacy of their customers’ information, thereby upholding both legal requirements and customer trust.
Security regulations will accelerate, and trend towards industry-specific regulations.
Industries like financial services, healthcare, and defense are continuing to modernize through digital transformation. As a result, industry-specific data security regulations are accelerating. One example is The Digital Operational Resilience Act (DORA), which is an EU-based financial services regulation “for the protection, detection, containment, recovery and repair capabilities against [information and communication technology]-related incidents.” Another example is FedRamp, a United States federal government-wide compliance program, which evolved from FedRamp Rev 4 to FedRamp Rev 5 in 2023.
This is compared to regulations that have been regional and focused on privacy for the past few years, for example GDPR in 2018.
These new security regulations tend to be more specific and prescriptive, detailing technical impacts and architectural requirements such as how data must be stored, transmitted, etc. By explaining exactly what terms like “processing,” “moving,” and “viewing” mean, regulations are less ambiguous and leave very little room for interpretation.
Enterprises will adopt platform solutions to address these regulatory requirements, rather than addressing each compliance challenge one-by-one. And by doing so, organizations will gain a better framework for serving their customers as these new security regulations will provide more detailed guidance for securing sensitive customer data (and therefore helping organizations align on data security best practices).
Salesforce data will increase in criticality, business relevance, and volume. This is an ongoing trend, but will escalate further in 2024 and lead to an increase in data security measures taken by organizations, especially at enterprise scale.
Data growth is accelerating in criticality, business relevance, and volume because:
This data growth in Salesforce means an increased data risk surface. Enterprises will take measures to ensure that the data security solutions in their Salesforce ecosystem can address such Large Data Volumes, complex data models, and sensitive data.
A top priority will be ensuring backups remain consistent and complete even on Large Data Volumes so that critical data can be restored to a previous version if it’s lost or corrupted. Another priority will be implementing archiving solutions that simultaneously remove data from Salesforce so that it does not need to be secured in Salesforce anymore, while improving Salesforce performance and system availability. This minimization technique secures data by reducing the data that users have the ability to access.
Also, critical data requires high integrity and availability so that organizations can leverage the data at all times. For this reason, organizations will turn to Cloud Replication to duplicate critical data so it can be used in a data lake like Salesforce Data Cloud or a BI system for analytics and AI.
Enterprises will adopt a zero-trust security model, as it is the most advanced solution for solving the above Salesforce data security challenges that organizations will face in 2024.
Implementing custom, point solutions for each of these security challenges will leave organizations constantly playing catch-up. The most effective approach is a holistic zero-trust security model, which will solve for the varied and complex security obstacles with a single solution, and so it will continue to gain traction among global enterprises.
Furthermore, a zero-trust solution will be needed because organizations are integrating more and more external parties that can access their Salesforce data, whether it’s third-party or even fourth-party vendors, partners etc. This access introduces security risks that a zero-trust model will solve.
Enterprises will invest in implementing zero-trust frameworks for their Salesforce environments, ensuring that strict access controls, continuous authentication, and encryption protocols are in place to protect sensitive data. This will involve selecting “no-view” providers when looking for third-party solutions for the data stewardship and data pipeline. According to IBM’s Cost of a Data Breach Report 2023, 15% of organizations identified a supply chain compromise as the source of a data breach. The cost of a data breach due to a business partner supply chain compromise averaged USD 4.76 million, approximately 11.8% higher than the average cost of a data breach that was due to another cause. With more AI investments being made in the enterprises’ IT realm, it is of the utmost importance to manage data securities with third-party vendors. A “no-view” provider ensures that no unencrypted data is transferred to the third-party. Hence data stays safe even when a breach happens.
One example of a zero-trust security model is Odaseva Zero Trust Connect, a new security product introduced last year. Odaseva Zero Trust Connect is a private cloud solution that ensures that public cloud vendors such as Salesforce, Odaseva, Amazon, or Google never have access to ultra-sensitive information in clear text and ensures that data never leaves the customer’s premises unencrypted. It secures ultra-sensitive data by applying an end-to-end encryption protocol.
Do these trends sound familiar? Get in touch with Odaseva today to learn how we can help protect and secure Salesforce data for your enterprise.