RevCult is now OwnBackup Secure! In 2021, OwnBackup acquired RevCult, enhancing the cloud data protection platform with proactive data security. With OwnBackup Secure, you will strengthen security posture by understanding data exposure risks and proactively taking action to protect and secure your data—all within Salesforce.
Digital transformation in the financial services (FS) industry is well underway, as banks and credit unions seek to develop the characteristics that define today’s top technology companies—traits like agility, resilience, and speed. In doing so, modern money managers are encountering many of the same issues that plagued their tech counterparts during the past decade.
Chief among these is keeping systems and data secure without compromising usability. Unlike the tech giants and disruptors of the 2010s, however, FS firms also have to contend with complex regulatory requirements that make change even more difficult to achieve. Thus, the conversation around industry-wide digital transformation as it applies to Salesforce begins and ends with effective governance, as managing these competing interests can’t happen without it.
There are three components of effective Salesforce governance, all of which are equally important when it comes to ensuring overall security. The first of these is org strategy.
It’s really easy to make changes in Salesforce. For FS firms, that amounts to a double-edged sword, often putting administrators at odds with IT and compliance teams. The former want to give customers what they’re asking for immediately (yesterday), while the latter need to account for process requirements and integration challenges.
Org strategy encompasses a lot of things—environmental strategy, sandboxes, QA approach, promotions strategy—but in short, it’s a framework for quality. Whether you’re implementing Salesforce for the first time or trying to get additional functionality out of your existing build, a robust org strategy allows you to maximize the value of your instance by obviating problems that arise from siloed and ad hoc decision-making.
Starting projects in alignment is critical to success, but so is understanding how project requirements (and Salesforce) might change in the future. That’s why having an adequate change management strategy is another key component of effective governance.
Change is inevitable in Salesforce; the platform is updated three times a year, and specific security-related updates are released even more frequently. Having a clear set of rules for how you’ll go about selecting admins, choosing a method to capture requests, achieving cohesion on requirements, and accomplishing other key tasks will help you be more adaptable.
Yet processes mean nothing if teams don’t know they exist, which brings us to the third essential ingredient of effective Salesforce governance: communication. Communication is both a driver and an outcome of digital transformation, which simply can’t occur if all business units aren’t on board. Whether you’re jumping into Salesforce for the first time, cracking open a new org, or expanding adoption throughout the enterprise, setting clear objectives from the start and regularly revisiting those as a team will help you stay on track.
Effective governance doesn’t happen by accident. Ensuring each of the above components is present requires ongoing oversight from someone with the ability and authority to do so. Actually, it usually takes more than just one person. That’s why establishing a Salesforce center of excellence (COE) early on is a good idea, especially for larger organizations.
The COE is simply a group of people from across business departments who serve as representatives for the users in each of those departments, including (and especially) IT and compliance.
You may not have a COE at the beginning of a project, but you should strive to develop one over time. Moreover, you can have multiple COEs. Some organizations may have a smaller one specifically for tackling security and IT challenges, and a larger one for handling broader governance issues.
Regardless of how you structure your Salesforce COE, just remember that if compliance and IT don’t have a seat at the table from the very start, they won’t be invested in the project. Getting their investment is critical because part of your COE’s role will be assessing security threats and tracking the evolution of those threats over time. These representatives should be able to communicate with the admins and system architects so that they can respond appropriately.
Salesforce is a cloud-based tool, which still creates trepidation among some IT teams that aren’t necessarily sold on cloud security. Your COE should be a source of ongoing education for these and other teams that aren’t familiar with the tool’s out-of-the-box security mechanisms. It should also help lead any conversation around whether upgraded security functionality (like platform encryption) is needed.
Whether you’re implementing Salesforce for the first time or you’re an experienced user looking to get more value out of your existing instance, OwnBackup is here to help. We’re proud to offer five-star products along with in-depth governance workshops specifically for users in the financial services industry.
Our client list includes some of the world’s largest banks and credit unions, as well as smaller organizations that have just a handful of joints and assets. Rest assured OwnBackup has the experience and expertise to assist you, no matter your specific challenges and unique objectives.
Interested in learning more? Request a free Guided Risk Assessment for Salesforce today, or schedule a demo below.