Yes, Clouds Can Be Secure Peter Coffee Director of Platform Research salesforce.com
Jan 15, 2015
Yes, Clouds Can Be Secure
Peter Coffee
Director of Platform Research
salesforce.com
Safe Harbor Statement
“Safe harbor” statement under the Private Securities Litigation Reform Act of 1995: This presentation may contain forward-
looking statements including but not limited to statements concerning the potential market for our existing service offerings
and future offerings. All of our forward looking statements involve risks, uncertainties and assumptions. If any such risks or
uncertainties materialize or if any of the assumptions proves incorrect, our results could differ materially from the results
expressed or implied by the forward-looking statements we make.
The risks and uncertainties referred to above include - but are not limited to - risks associated with possible fluctuations in
our operating results and cash flows, rate of growth and anticipated revenue run rate, errors, interruptions or delays in our
service or our Web hosting, our new business model, our history of operating losses, the possibility that we will not remain
profitable, breach of our security measures, the emerging market in which we operate, our relatively limited operating
history, our ability to hire, retain and motivate our employees and manage our growth, competition, our ability to continue to
release and gain customer acceptance of new and improved versions of our service, customer and partner acceptance of
the AppExchange, successful customer deployment and utilization of our services, unanticipated changes in our effective
tax rate, fluctuations in the number of shares outstanding, the price of such shares, foreign currency exchange rates and
interest rates.
Further information on these and other factors that could affect our financial results is included in reports on Forms 10-K,
10-Q and 8-K and in other filings we make with the Securities and Exchange Commission from time to time. These
documents are available in the SEC Filings section under Investor Information at www.salesforce.com/investor.
Salesforce.com, inc. assumes no obligation and does not intend to update these forward-looking statements, except as
required by law.
What is “secure”?
The Nouns and Verbs of Security
� Preserve integrity, availability & access
� Permit authentication and authorization
� Assure confidentiality & control
� Promote awareness and accountability
� Perform inspection; maintain protection;
afford detection; enable reaction; build on
reflection
The Nouns and Verbs of Security
� Preserve integrity, availability & access
� Permit authentication and authorization
� Assure confidentiality & control
� Promote awareness and accountability
� Perform inspection; maintain protection;
afford detection; enable reaction; build on
reflection
The Nouns and Verbs of Security
� If all you want is data protection, put it on
tape and store it in a Kansas cavern
� The point of security is to maximize the
risk-adjusted value of the asset: money in
a bank, not under a mattress
� Infosec is therefore a process, not a
product; a mode of travel, not a destination
“Secure” against what?
“Who” Matters So Much More than “Where”
"There are five common factors that lead
to the compromise of database
information":
• ignorance
• poor password management
• rampant account sharing
• unfettered access to data
• excessive portability of data
DarkReading.com, October 2009
Clouds Can Be
Usefully Secure
Single-Tenant vs. Multi-Tenant Clouds
In a multi-tenant environment, all
applications run under a common trust
model: more manageable, more consistent,
more subject to rigorous scrutiny by trained
specialists (internal & customer)
Shared infrastructure
Other apps
Single tenancy entails creation of multiple
software stacks, whether real or virtual:
each layer in each stack represents a
distinct opportunity for misconfiguration or
other sources of security risk
Server
OS
Database
App Server
Storage
Network
App 1
Server
OS
Database
App Server
Storage
Network
App 2
Server
OS
Database
App Server
Storage
Network
App 3
Every Act an Invocation: Granular Privilege
� Password security policies
� Rich Sharing Rules
�User Profiles
� SSO/2-factor solutions
Login… Authenticate…Apply Data Security Rules… View Filtered Content
Bottom-Up Design to be “Shared and Secure”
� Expanding legislation, regulation, mainstream mind share
� Rising standard of due diligence
� Desktop/laptop systems carry far too much “state”
– More data than people actually use
– Far too much data that user may easily lose
– More than one version of what should be one shared truth
� Cloud’s Solutions:
– Logical view of exactly one database
– Profile definitions manage privilege sets
– Activity logs precisely record actions
Governance: More Eyes, More Agendas
Strong Session Management
Every row in the database contains an ORG_ID - Unique encoded string
Session Tokens – user unique, non-predictable long random value generated for each session combined with a routing “hint” and checksum, base64 encoded
Contains no user-identifiable information
Session Timeout – 15 Mins to 8 Hrs
Lock Sessions to IP – prevent hijacking and replay attacks
SSLv3/TLS used to prevent token capture / session hijacking
Session Logout – Explicitly expire and destroy the session
Common Controls + Customer Choices
4 Months
(Oct ’06- Feb ’07)
1 Month
(Dec ’06)
5 Months
(Dec ’06 – May ’07)
2Q07
Deployments
“This is process lite. It gives my business users what they want,
a unique app for each sales team, fundamentally reflecting their own personality.
“And yes, I get a single standard SAP integration. It’s a terrific success.”
–CIO, Fortune 500 Firm
SAP back-end
integration
Customized for
Diverse Sales Groups
Sales
Distributors
Sales
Distributors
EMEA
Inside Sales
EMEA
Inside Sales
AFS Global
Sales
AFS Global
Sales
FLPR Field
Sales
FLPR Field
Sales
Put What You Want, Where You Want
• SSL data encryption
• Optional strict password policies
• SAS 70 Type II & SysTrust Certification
• Security certifications from Fortune 50
financial services customers
• May 2008: ISO 27001 Certification
Platform Security
• Fault tolerant external firewall
• Intrusion detection systems
• Best practices secure systems mgmt
• 3rd party vulnerability assessments
Network Security
• 24x365 on site security
• Biometric readers, man traps
• Anonymous exterior
• Silent alarm
• CCTV
• Motion detection
• N+1 infrastructure
Facility Security
World-Class Defense in Depth
“There are some strong technical security arguments in favor of Cloud
Computing… (Craig Balding, Fortune 500 security practitioner)
Trust is a Product of Transparency
How salesforce.com Achieves Trust
� Robust infrastructure security
� Rigorous operational security
� Granular customer controls
– Role-based privilege sets
– Convenient access control & audit
� “Sum of all fears” scrutiny and response
– Multi-tenancy reduces opportunities for error
– The most demanding customer sets the bar
Peter CoffeeDirector of Platform Research
facebook.com/peter.coffee
twitter.com/petercoffee
Next?