Data security is a hot topic in today’s digital world with more sophisticated hackers, breaches, policies, requirements and private information moving to the cloud. Salesforce is one of the major cloud platforms companies are storing private information on, and as Salesforce Experts, we get asked a lot about the security of the platform.

Well Salesforce is just that – a platform, not a product. Salesforce does a great job of making their platform highly secure with fundamental security tools, BUT it’s a platform and you can still make mistakes on the platform that can increase your risk exposure.

This blog content was taken from our customer webinar "Is Salesforce CPQ Right for You?". Watch the webinar recording. 

Before we dig into the specifics, let’s quickly define CPQ:
Configure Price Quote (CPQ) software helps sales reps define and quote complex and configurable products/services with numerous and dynamic variables.

First, a little background

At RevCult, many of our clients work in highly secure and regulated industries (i.e. healthcare, financial services, etc.). With the close scrutiny involved with those industries comes an elevated focus on compliance and security. Almost all of our clients in those spaces have carefully defined and articulated data retention policies. When implementing a cloud solution, like Salesforce.com, to elevate your business and the processes that drive it, the platform often falls under the purview of Information Security teams. This is to ensure that the data stored within the platform adheres to the same standards as the rest of the IT systems.

Attending Dreamforce and interested in encryption? For those who have Salesforce Shield, or are just curious, here are 7 sessions you should definitely check out:

Hi Information Security professional,

Your organization has just acquired a great solution to encrypt the data stored within Salesforce - Shield Platform Encryption. Okay, so now what?

Now is the time to partner with your Salesforce Admin/Developer and help them understand what’s necessary to be secured from a regulatory/compliance perspective. But before you start, it's important to know where they're coming from. Their top priorities are: 

Hi Salesforce Expert,

You’re an amazing technologist and you’ve finally convinced the Business and CISO to buy the right solution for encryption within Salesforce – Shield Platform Encryption.  Now what?

This post was originally released on the Salesforce.com blog, written by Pete Thurston, RevCult's VP of Business Technology. View the original article.  

Salesforce Shield is a popular solution for many of our clients in highly regulated industries concerned about data encryption and security (for example, healthcare, financial services, and government). One of Shield’s core services, Platform Encryption, encrypts sensitive data at rest while preserving business application functionality (search, etc.). Salesforce delivers amazing product innovations on an ongoing basis, with 3 major releases per year that fully preserve existing functionality while enhancing the Shield feature set. Although there are always discussions around the initial implementation of Platform Encryption, however, what about ongoing maintenance to ensure regulatory compliance?  Here are three reasons why you should continuously monitor and update your Shield Platform Encryption configuration, even with seamless upgrades from Salesforce:

Salesforce.com is a tool, and tools are meant to make life easier. So if nobody is using your shiny new Salesforce.com instance, then it’s very likely that it’s not making people’s lives easier.

It's hard to address and improve low adoption without a strong understanding of how you got to where you are.  As you're starting to think through how to tackle this significant problem (or how to prevent it if you're just getting started with Salesforce.com), there are three major areas of focus.

As your business evolves and grows, it's important to make sure that your Salesforce.com implementation continues to align and work properly. But you're busy, and Salesforce.com is an intricate system with many parts, so it can be hard to know where to look for potential problems. Here are three red flags to watch out for that can let you know when your Salesforce.com implementation is not optimized. 

Our Co-Founder and Chief Business Technologist, Craig Probus, will be speaking at the Cloud Computing Conference to 400+ IT professionals about "The Salesforce you don't know… and why you should.".  Craig will explain how Salesforce.com can add tremendous value across the entire customer lifecycle, beyond sales and marketing--including delivery, client services, and financial reporting.