Cloud Leaders Q&A: Overcoming Security Challenges and Enabling Trust

August 23, 2018

On this interactive FairWarning Executive Series Webinar, “Cloud Leaders Q&A: Overcoming 2018 Cloud Security Challenges and Enabling Trust,” the audience had the opportunity to ask what top technology and security leaders at Coastal Cloud, Novanta, Thomson Reuters, and Midland IRA are doing to make the most of their cloud applications, secure data, and build a culture of trust and empowerment in their workforces.

Cloud applications like Salesforce allow organizations to remain nimble, deliver exceptional customer service, and drive bottom-line growth. They also create a new set of opportunities for businesses to transform their approach to data security and privacy, demonstrate the ROI of mission-critical systems, and encourage usage and adoption organization-wide.

The panelists were:

  • Steve Early, Global Administrator, Novanta, where he manages a single Salesforce instance used by multiple companies owned by Novanta, creating a complex ecosystem.
  • Mike Ackerman, Senior Technical Architect, Coastal Cloud, a Salesforce consultant. Mike helps design solutions to enable customers to run on Salesforce.
  • Andy Louca, Head of CRM and Business Information Systems, Thomson Reuters, one of the oldest customers in the Salesforce platform. Andy is responsible for innovation on Thomson Reuters’ Salesforce platform.
  • Joe Stolz, Business Systems Manager, Midland IRA, where he is responsible for all CRM and tech-related applications.

During the event, panelists answered questions submitted by audience members, to give a full picture of their cloud landscape and how they’re managing the handling of sensitive data and more. Watch the replay to find out about their cloud security challenges and answers to questions like:

How are you using cloud applications in your business today?

At Novanta, Steve oversees the use of Salesforce for everything from typical pipeline management to design approval process and key sales objectives. Similarly, Thomson Reuters uses cloud applications for collaboration and HR, along with Salesforce for both internal and external-facing documentation. The consensus was clear: “The drive to reduce costs, to simplify access, to simplify processes, and integrate everything, has been really big for building our cloud-first policy,” Andy explained.

What’s the most important issue on your cloud security roadmap — and how has that changed since last year?

Among the cloud security challenges are tactics like phishing and social engineering. The panelists emphasized training in their cloud security priorities and discussed valuable tools for helping them train and test employees on their understanding of security policies and procedures. In addition, Midland IRA is developing an intelligent system that notifies the compliance team when a transaction might have a greater risk of fraudulence. Their hope is to make it easier for their compliance officer to effectively allocate time and resources to potential issues.

Steve from Novanta talked about how training has been a significant priority for them this year — “You can only do so much with antivirus software.” And Andy at Thomson Reuters discussed the company’s shift from gaining visibility to taking action on the insights derived from that visibility.

What specific regulations or security frameworks are you most focused on meeting?

Here, Mike from Coastal Cloud outlined the benefits of adhering to the NIST security framework, while Andy and Steve revealed how GDPR has impacted their policies and procedures, along with the Canadian PIPEDA regulation.

Are there any suggestions for managing security in Salesforce in an org where we’re required to enable API access to all users?

Mike Ackerman and Andy Louca both emphasized the need to monitor the APIs accessing their applications to ensure there’s no unauthorized access or transfer of data. In addition, reviewing the policies of the API and ensuring an appropriate permission level will be important in making sure your instance remains under your control.

What are some mission-critical solutions that help mitigate risk in your business?

Panelists discussed a wide range of solutions. These include encryption, security training/testing, and Salesforce Shield Event Monitoring with FairWarning to monitor for potential access or usage issues.

How do you manage the usage and adoption of cloud applications like Salesforce?

Steve, Joe, and Andy discussed how they’re ensuring their workforce fully benefits from mission-critical applications and is using them in a way that encourages business growth and innovation. Panelists also talked about breaking barriers to ensure the technology is adopted widely, and effectively.

What are your tips for getting executive buy-in on security and other tools for Salesforce?

A wide range of tactics might be helpful when approaching senior leadership with a business case for security and monitoring tools. Some discussed by panelists include stories, statistics, and asking questions to encourage leadership to fully internalize the issues and necessary solutions.

If you could monitor one thing in real time in Salesforce or another cloud application, what would it be?

As Salesforce specifically continues to innovate, real-time monitoring for specific events is becoming available on a case-by-case basis. Here, the panelists talked about their monitoring priorities.

To learn more about how FairWarning can fit into your cloud security and ROI strategies, contact us for a demo.

Previous Article
Cloud Leaders Reveal Their Top Cloud Security Priorities, Compliance Focus
Cloud Leaders Reveal Their Top Cloud Security Priorities, Compliance Focus

According to Intel Security, 49% of cloud security professionals have slowed cloud adoption due to a lack o...

Next Video
Financial Services Firm Expands Salesforce Usage, Security with Event Monitoring
Financial Services Firm Expands Salesforce Usage, Security with Event Monitoring

As a financial services firm facing exponential growth, United Capital must also meet regulatory compliance...