Peter Coffee Open Group Cloud Security Debate Seattle 2010/02/03

Yes, Clouds Can Be Secure

Peter Coffee

Director of Platform Research

salesforce.com

Safe Harbor Statement

“Safe harbor” statement under the Private Securities Litigation Reform Act of 1995: This presentation may contain forward-

looking statements including but not limited to statements concerning the potential market for our existing service offerings

and future offerings. All of our forward looking statements involve risks, uncertainties and assumptions. If any such risks or

uncertainties materialize or if any of the assumptions proves incorrect, our results could differ materially from the results

expressed or implied by the forward-looking statements we make.

The risks and uncertainties referred to above include - but are not limited to - risks associated with possible fluctuations in

our operating results and cash flows, rate of growth and anticipated revenue run rate, errors, interruptions or delays in our

service or our Web hosting, our new business model, our history of operating losses, the possibility that we will not remain

profitable, breach of our security measures, the emerging market in which we operate, our relatively limited operating

history, our ability to hire, retain and motivate our employees and manage our growth, competition, our ability to continue to

release and gain customer acceptance of new and improved versions of our service, customer and partner acceptance of

the AppExchange, successful customer deployment and utilization of our services, unanticipated changes in our effective

tax rate, fluctuations in the number of shares outstanding, the price of such shares, foreign currency exchange rates and

interest rates.

Further information on these and other factors that could affect our financial results is included in reports on Forms 10-K,

10-Q and 8-K and in other filings we make with the Securities and Exchange Commission from time to time. These

documents are available in the SEC Filings section under Investor Information at www.salesforce.com/investor.

Salesforce.com, inc. assumes no obligation and does not intend to update these forward-looking statements, except as

required by law.

What is “secure”?

The Nouns and Verbs of Security

� Preserve integrity, availability & access

� Permit authentication and authorization

� Assure confidentiality & control

� Promote awareness and accountability

� Perform inspection; maintain protection;

afford detection; enable reaction; build on

reflection

The Nouns and Verbs of Security

� Preserve integrity, availability & access

� Permit authentication and authorization

� Assure confidentiality & control

� Promote awareness and accountability

� Perform inspection; maintain protection;

afford detection; enable reaction; build on

reflection

The Nouns and Verbs of Security

� If all you want is data protection, put it on

tape and store it in a Kansas cavern

� The point of security is to maximize the

risk-adjusted value of the asset: money in

a bank, not under a mattress

� Infosec is therefore a process, not a

product; a mode of travel, not a destination

“Secure” against what?

“Who” Matters So Much More than “Where”

"There are five common factors that lead

to the compromise of database

information":

• ignorance

• poor password management

• rampant account sharing

• unfettered access to data

• excessive portability of data

DarkReading.com, October 2009

Clouds Can Be

Usefully Secure

Single-Tenant vs. Multi-Tenant Clouds

In a multi-tenant environment, all

applications run under a common trust

model: more manageable, more consistent,

more subject to rigorous scrutiny by trained

specialists (internal & customer)

Shared infrastructure

Other apps

Single tenancy entails creation of multiple

software stacks, whether real or virtual:

each layer in each stack represents a

distinct opportunity for misconfiguration or

other sources of security risk

Server

OS

Database

App Server

Storage

Network

App 1

Server

OS

Database

App Server

Storage

Network

App 2

Server

OS

Database

App Server

Storage

Network

App 3

Every Act an Invocation: Granular Privilege

� Password security policies

� Rich Sharing Rules

�User Profiles

� SSO/2-factor solutions

Login… Authenticate…Apply Data Security Rules… View Filtered Content

Bottom-Up Design to be “Shared and Secure”

� Expanding legislation, regulation, mainstream mind share

� Rising standard of due diligence

� Desktop/laptop systems carry far too much “state”

– More data than people actually use

– Far too much data that user may easily lose

– More than one version of what should be one shared truth

� Cloud’s Solutions:

– Logical view of exactly one database

– Profile definitions manage privilege sets

– Activity logs precisely record actions

Governance: More Eyes, More Agendas

Strong Session Management

Every row in the database contains an ORG_ID - Unique encoded string

Session Tokens – user unique, non-predictable long random value generated for each session combined with a routing “hint” and checksum, base64 encoded

Contains no user-identifiable information

Session Timeout – 15 Mins to 8 Hrs

Lock Sessions to IP – prevent hijacking and replay attacks

SSLv3/TLS used to prevent token capture / session hijacking

Session Logout – Explicitly expire and destroy the session

Common Controls + Customer Choices

4 Months

(Oct ’06- Feb ’07)

1 Month

(Dec ’06)

5 Months

(Dec ’06 – May ’07)

2Q07

Deployments

“This is process lite. It gives my business users what they want,

a unique app for each sales team, fundamentally reflecting their own personality.

“And yes, I get a single standard SAP integration. It’s a terrific success.”

–CIO, Fortune 500 Firm

SAP back-end

integration

Customized for

Diverse Sales Groups

Sales

Distributors

Sales

Distributors

EMEA

Inside Sales

EMEA

Inside Sales

AFS Global

Sales

AFS Global

Sales

FLPR Field

Sales

FLPR Field

Sales

Put What You Want, Where You Want

• SSL data encryption

• Optional strict password policies

• SAS 70 Type II & SysTrust Certification

• Security certifications from Fortune 50

financial services customers

• May 2008: ISO 27001 Certification

Platform Security

• Fault tolerant external firewall

• Intrusion detection systems

• Best practices secure systems mgmt

• 3rd party vulnerability assessments

Network Security

• 24x365 on site security

• Biometric readers, man traps

• Anonymous exterior

• Silent alarm

• CCTV

• Motion detection

• N+1 infrastructure

Facility Security

World-Class Defense in Depth

“There are some strong technical security arguments in favor of Cloud

Computing… (Craig Balding, Fortune 500 security practitioner)

Trust is a Product of Transparency

How salesforce.com Achieves Trust

� Robust infrastructure security

� Rigorous operational security

� Granular customer controls

– Role-based privilege sets

– Convenient access control & audit

� “Sum of all fears” scrutiny and response

– Multi-tenancy reduces opportunities for error

– The most demanding customer sets the bar

Peter CoffeeDirector of Platform Research

[email protected]

facebook.com/peter.coffee

twitter.com/petercoffee

Next?