RevCult is now OwnBackup Secure! In 2021, OwnBackup acquired RevCult, enhancing the cloud data protection platform with proactive data security. With OwnBackup Secure, you will strengthen security posture by understanding data exposure risks and proactively taking action to protect and secure your data -- all within Salesforce.
Just a few short decades ago, cloud computing was the stuff of science fiction. Now, very few organizations of any size are operating without some kind of cloud services, and most are looking to eliminate legacy data storage systems and replace them with cloud solutions wherever possible. According to Right Scale’s 2019 State of the Cloud Report, 94% of enterprises were using the cloud, and Gartner research shows that almost 70% of organizations in the cloud in 2020 were planning to increase their investment in that area.
The oft-cited advantages of agility and scalability have certainly driven the cloud’s growth over the years, but its rise has also coincided with an easing of security concerns. Particularly for organizations in highly regulated industries that use and store sensitive data, security was one of the biggest barriers to cloud adoption for years, but many of the most common perceived risks have largely been debunked.
On-premise data storage used to be thought of as the gold standard for security, but that perception has all but disappeared. Finding and paying a team of full-time security experts is a tall order for any organization, and even Fortune 500 companies would struggle to keep up with the security investment that cloud providers like Amazon and Microsoft can bring to bear.
On-premise legacy systems also tend to rely more on manual processes, whether it’s keeping software updated or swapping out old hardware for newer models. These needs introduce the capacity for human error, and on-premise systems can’t offer anything close to the redundancy of public cloud providers.
For these and other reasons, the modern cloud is often a security upgrade for the organizations that embrace it, and data from the Office 365 arm of Microsoft indicates that 94% of SMBs see security improvements after a cloud migration. What’s more, when breaches and data loss do occur, providers are
almost never the ones to blame for the incident, and data from Gartner suggests that 99% of cloud security failures through 2025 will be the customer’s fault.
Why such a disparity? For most organizations, there’s a lack of understanding of the shared-responsibility security model. A survey of 550 IT leaders by Barracuda Networks found that 64% of IT leaders believe that their public IaaS provider is the one responsible for the security of customer data contained within the cloud. This pervasive notion is false, and combined with a large and growing number of interconnected cloud solutions, most organizations are finding it incredibly difficult to properly shore up security.
In 2010, the global SaaS market amounted to $13.4 billion, and that market consisted of far fewer options. Fast forward to 2020, when data from CardConnect suggested there were some 15,529 SaaS companies around the globe worth upwards of $155 billion, and the problem begins to take shape. Cloud infrastructure is always in flux, and as newer, more capable solutions emerge, organizations will eliminate one subscription in favor of another.
The ease of adding or switching to a new SaaS solution is part of the cloud’s appeal, but it can also add quite a bit of complexity. A small firm with fewer than 50 employees will use an average of 25 to 50 SaaS solutions, according to BMC. Tools like Slack, Zoom, HubSpot, and Jira are just the tip of the iceberg. Increase the size of the organization to 250+ employees, and you can expect the number of SaaS applications to more than double. Add in SurveyMonkey, Asana, Adobe, and many more. And those 137 unique apps used in the average enterprise? They’re constantly changing. Research from Blissfully aimed at companies with 101 to 200 employees illustrates that 42% of an organization’s SaaS stack turns over every two years and that the average company has three orphaned subscriptions and four duplicates.
Each of these solutions will have its own security quirks to manage and varying types and quantities of data contained within them. Even individual pieces of software are altered and updated constantly, and this kind of continuous evolution demands continuous attention to security. If an organization doesn’t even realize that it has two subscriptions for the same app, you can hardly assume that both of them will have all the security configuration needs met. Ultimately, it’s these misconfigurations that pose the biggest threat, and data from Gartner demonstrates that they’ll represent 99% of cloud security shortcomings by 2023. Salesforce, for example, has created a solution with robust security measures characteristic of a Fortune 100 software giant, but that doesn’t mean the company can force your organization to use them.
Many of our clients consider Salesforce a SaaS company, but we put them more into the platform-as-a-service (PaaS) category. Salesforce is often a business’s first step toward cloud computing, but you can expect the huge number of capabilities included in the software to quickly extend across many different departments in your organization. Salesforce revenue was at $5.37 billion back in 2015, when the company had more than 150,000 customers. Today, revenue has reached $21.25 billion, which means Salesforce implementations are incredibly common, and they’re a great starting point to improve your overall platform security posture management (PSPM).
There are a few key steps you’ll want to take to shore up PSPM, which we’ve outlined below. These steps mention Salesforce specifically because that’s our primary area of expertise, but they can nonetheless apply to a broad range of different PaaS solutions. No matter what platform you rely on, it’s vital to strengthen your security strategy with the following five steps.
Salesforce is unique in its flexibility, and the same trait that makes it a powerful tool can also increase security risks if you’re not mindful of how the solution is being used. In many organizations, Salesforce is a black box, which is why RevCult’s Cloud Security Cockpit® was designed to offer a single-pane-of-glass view into Salesforce security configurations, as you get visibility into your security posture along with the tooling that enables you to both find and fix security issues.
This kind of command center is vital to help your company implement security controls in hours instead of weeks. With rapid and accurate security configurations, you can prevent the interruption of crucial development cycles and make ongoing management and compliance reporting a breeze.
For more information about Cloud Security Cockpit® or to start a free trial, visit us at https://revcult.com/product/products-cloud-security-cockpit/.
Interested in learning more? Request a free Guided Risk Assessment for Salesforce today, or schedule a demo below.