Salesforce Raises Governance Shield
In a development that has broad implications for how compliance with be managed in the era of the cloud, Salesforce today unfurled Salesforce Shield, a set of data governance services optimized for Salesforce applications.
For the first time organizations using Salesforce applications will have access to encryption, audit trail and event monitoring services that are tightly integrated with individual customer records within both Salesforce applications and any third-party application provider that makes use of Salesforce application programming interfaces (APIs) to tap into those records.
Next year Salesforce announced that it will also make available a data archiving service in the cloud via which Seema Kumar, senior director of product marketing for Salesforce, said organizations will be able to retrieve data from an archive in about 120 seconds. That Salesforce Data Archive platform is based on Big Data backend that Salesforce is currently build out as a complement to its existing cloud services.
Based on technology that Salesforce gained when it acquired Navajo Systems way back in 2011, Kumar said rather than relying on a third-party database to implement encryption and compliance rules, Salesforce decided to start from scratch to embed those capabilities as seamlessly as possible within its applications, including enabling any authorized user to be able to search encrypted records.
Assuming other providers of SaaS applications follow suit, the implications of that capability are profound for IT service providers. On the one hand IT security across a SaaS application environment will be substantially better. At the same time, each SaaS implementation will have to be reconciled with one another. Kumar said Salesforce will continue to work with third-party providers of compliance services in environments where multiple SaaS applications exist.
For the most part, however, Salesforce envision most organizations will rely on Salesforce Shield because rather than having to write code to apply encryption and governance, those capabilities will now be a single click of a button away from the end user. That means that not only will it be simpler to apply IT policies, the IT organization itself may soon find the amount of work required by it to enforce those policies to be greatly reduced.
Naturally, those types of capabilities have significant implications for IT service providers that specialize in governance and compliance. It’s clear that in terms of the underlying technology providers of SaaS applications such as Salesforce are gearing up to make a substantial leap forward. As that process continues to occur most IT services providers across the channel would do well reevaluate how their governance and compliance practices need to evolve from here.