Salesforce and Security
Infrastructure as a Service, Platform as a Service and Software as a Service are being embraced broadly in both the public and private sector. In this video I focus primarily on Software as a Service but I’ll cover each a bit here.
Infrastructure as a Service leads to some efficiencies from a cost standpoint, but that it could also perpetuate and even accelerate some organizational problems by making it easier/cheaper to rapidly stand up new server instances, etc. This in turn simply adds to the complexity of what must be managed by the business, security staff, etc. On the other hand it also preserves the organizations ability to maintain much of the precise application profile it currently leverages. This can be a great comfort for organizations that have successful applications supporting capabilities but that are interested in the economics of the cloud.
Platform as a service is sort of the next logical step up from IaaS and helps address some of the complexity issues I mentioned earlier. Finally Software as a service is where I believe organizations have the most potential. There is a much more of a focused value proposition for the business and hopefully a better technology to business mapping. The downside of course is that it involves change and that of course change comes with its own issues. In this video I talk about the above factors and specifically about Software as a Service as embodied by Salesforce.com.
Our experience in getting into the AppEchange and talking to customers has included a lot of learning about how customers think about the cloud and I share some of that as well as our experience in dealing with security questions. One of the big things customers get concerned about with the cloud is the multi-tenancy aspect of it. Essentially your stuff is right next to someone else’s stuff, so how secure can it be? I think one of the keys is that essentially Saleforce.com manages a fairly homogenous technical environment. Saleforce.com benefits financially by developing economies of scale around hardware, software and even things like skills/HR, but that all of this lends itself to enhanced security because it reduces complexity and streamlines things like patching, etc. My first thought when he mentioned this was the 500+ systems that many cabinet level agencies in the federal government of the thousands of applications many Fortune 500 companies have within their organization. Most of these are built to purpose with limited standardization of hardware and software and diverse skill requirements. The level of complexity inherent in securing this is obvious when you look at it from this standpoint even before you think about the additional cost and inefficiency driven by this sort of environment. There is also a heavy incentive to align their security interests and that of their partners with their customers. The dangers of the fall out from a serious breach ensure that they are more likely to err on the side of secure.
Thanks as always for reading my blog, I hope you will join the conversation by commenting on this post.
If you liked this post, please consider subscribing to this blog and following me on twitter @jmillsapps. I regularly give talks via webinar and speak at events and other engagements. If you are interested in finding out where to see me next please look at the my events page on this blog. If you would interested in having me speak at your event please contact me at firstname.lastname@example.org.
If you are interested in consulting services please go to MB&A Online to learn more.