THE FBI KNOCKS ON MY DOOR
The FairWarning for Salesforce back story starts years earlier with a knock on my door on a Monday morning by the FBI at a company I founded named “OpenNetwork.” The FBI was asking for our cooperation in investigating a computer crime committed from our network.
I was the founder and young CEO of OpenNetwork, an information security company. We had very recently raised venture capital and had a board meeting scheduled for later in the week. Cooperating with the FBI had not been part of the plan.
We were told later that false information about a celebrity lawyer was sent from our network to a local radio personality, who read the information on-air to listeners. The information was about the celebrity lawyer’s opinions and involvement in financing 9/11. None of it was true, and the lawyer was none too pleased.
At the time, I didn’t know that. I only knew that FBI agents wanted us to cooperate. All things considered, our immediate cooperation made the most sense. We needed to quickly discover if we had someone dangerous on staff.
Our key IT person was a super hard working guy I will call Ken. Every time we had a security investigation, Ken suffered the brunt of it. This case was no exception: For the next three days, Ken worked around the clock investigating IP addresses and logs of all kinds and painstakingly pieced the puzzle together. He got the FBI what they needed, and everything pointed to an employee I will call “Don.”
Early on the day of our board meeting, I brought Don into my office and said, “Just tell me the truth — if you didn’t do it, we will defend you while you still work here, and if you did it, we will make sure you get the legal defense you need.” Don’s response was stunning to me: “I would really rather not say anything.”
That low moment ultimately became the inspiration for FairWarning. I needed a “Magic Button” that a business-minded person could push that would deliver the truth about what Don had done using our computers. Don was willing to put our investor’s money at risk, jeopardize all of our incomes, risk my reputation, and let Ken work for hours-on-end under massive stress — all because he wouldn’t own up to the truth. From that moment, I realized we all need to trust, but we also need to verify. While starting FairWarning, I later trademarked “Trust but Verify,” and FairWarning still owns the mark today.
So we took Don off the network and sent him home indefinitely. Over the next weeks, our involvement lessened. Don resigned, resolved his legal and criminal matters, and left the community. By the way, Don was a seemingly great guy, had no other bad history, and no one would have ever picked him out of a lineup.
THE IMPACT AND STRESS
The incident was hard on everyone, but especially Ken; the stress of the investigation under pressure while he was performing his normal business and IT duties was incredible. Over time, the pressure of these kinds of incidents takes a physical toll on IT professionals like Ken, as well as a toll on family life.
But it wasn’t just Ken. The investigation took a toll on me, knowing investors could have been burnt and our team members could have been impacted. Even our customers would have suffered if we had to cut back staff due to lawsuits. The celebrity lawyer was furious, the radio personality and station narrowly escaped disaster, and Don — who was a really good team member — had to leave the community. There were no winners.
A couple of years later, OpenNetwork was acquired by BMC Software. I moved on having learned a lot of incredible lessons.
CUSTOMER RELATIONSHIP MANAGEMENT SYSTEMS
Every CEO knows sales executives have a tendency to take customer and prospect lists on their way out the door, and this behavior leads to major problems. In fact, when doing research for a patent application after OpenNetwork, I arranged a meeting with a fellow CEO who is a successful, seasoned entrepreneur. When I went to his office, he apologized and said he couldn’t meet. A departing employee had exported all of the customer data from their CRM, took it with him, and my colleague was at the start of a big legal mess. I told him, “No problem — I got what I needed from the visit.”
So it wasn’t just me — data theft and misuse from departing employees and other insiders have a big impact on many businesses, causing stress, financial loss, and distraction. The more I researched, the more examples I found in every industry.
After months more of market research, I applied for a patent on “Fraud Detection Using Application Audit Logs” in 2005. There were many vendors in the security information and event management (SIEM) category that were looking at infrastructure logs for security, but no one was looking at mission-critical applications, which hold the most sensitive data about a business and its customers.
EHRs and CRMs were undergoing extreme growth and were wide open to vulnerabilities. The 2005 patent application covered both EHRs and CRMs in detail. I saw this as a big opportunity and wanted my “Magic Button” and other features like analytics, alerting, and dashboards. This would give businesses the ability to protect themselves against insider breaches, as well as remediate quickly.
As part of the product and business strategy, I was determined to deliver software that was easy enough for a business-minded person like myself to use. Having seen how our IT expert, Ken, suffered during investigations, I was really hoping to get him some relief and fill a market need.
In healthcare, we struck gold with this strategy. FairWarning was a bit too early but kept at it and came to dominate the market of “patient privacy monitoring.” Our business-minded persons are privacy analysts in healthcare, and we have saved many CISOs from the stresses of manual forensic investigations involving their EHRs.
My bias with CRMs has always been toward Salesforce; I adopted them early at OpenNetwork and we had instant success with the platform. Salesforce was also the first purchase we made at FairWarning, and it has worked fantastically here, as well. When the right time came, we would build our first CRM security offering for the platform we used in our business.
The need for FairWarning for Salesforce was driven home hard in 2010. We had to conduct our own Salesforce forensic investigation on an internal security matter. Salesforce required us to pay $1,500 per user per month for the audit logs and then use an Excel spreadsheet to decrypt the logs. It was incredibly slow, expensive and frustrating. Simply put, Salesforce customers had to purchase Excel spreadsheet-based audit logs on a “one-off” basis. We felt this was not sustainable for Salesforce customers.
I have always been determined to capitalize on really frustrating experiences, realize others must go through the same, and then turn the experience into a massively positive outcome. So now, I was more determined than ever to get Salesforce to produce daily audit logs automatically. I knew FairWarning could add immense insights and value to Salesforce’s approach and make it super easy for a business-minded person to conduct an investigation. We then began pursuing Salesforce product management more aggressively than ever.
FAIRWARNING FOR SALESFORCE – FINALLY !
Finally, it all came together, and in late 2013, Salesforce asked FairWarning to participate in trials for Event Monitoring, a component of Salesforce Shield that automates the production of auditing events. It was a complete no-brainer and nine years in the making. In 2015, we had our first FairWarning for Salesforce release, and a series of high-profile financial customers have adopted and given us great reviews. We have also quickly gathered lessons learned and best practices and built them into the product.
Next, we released our next-generation FairWarning for Salesforce cloud-based solution, and it really takes into mind our vision and mission, which are both firmly grounded in real-world experiences.
It all started with a knock on the door from the FBI, my desire for a magic button that could detail who had accessed which records, and a desire to save other businesses from the damage a single “insider” can have on their business.
Kurt J. Long