Salesforce: Drive Value without Compromising Security – Life Sciences Dreamin’ Webinar

Salesforce: Drive Value without Compromising Security – Life Sciences Dreamin’ Webinar

In this unmissable session on “Driving Salesforce Value without Compromising Security,” you’ll discover the secrets to maximizing the potential of Salesforce while ensuring the highest level of data protection.

Join Rebecca Gray from Capstorm as she guides you through the best practices and strategies to leverage Salesforce’s full capabilities while maintaining stringent security measures. This is a live webinar based on Rebecca’s amazing session at the 2023 Life Sciences Dreamin’ conference. Register now for 2024 at www.lifesciencesdreamin.com – this event will sell out!

…and while you’re here: if you’re having Salesforce user adoption challenges, we have a brand new guide that takes you step by step through the principles of teaching adults technology, and drives you to develop a plan for implementation. It’s got room for you to make your own plan – check it out: https://cloudadoption.solutions/teach…

Contact us with your Salesforce challenges at info@cloudadoption.solutions – we love to help!

Cloud Adoption Solutions is a 100% woman-owned registered Salesforce partner, specializing in implementation, integration, and optimization for Technology, Healthcare/ Life Sciences, and Financial Services/ Professional Services organizations in the small and mid-commercial sectors.

 

VIDEO TRANSCRIPT:

Speakers – David Smallhoover, Shannon Gregg, Rebecca Gray

Shannon Gregg
Hello, everybody, and welcome to a very exciting installment of the life sciences dreaming webinar series. Life Sciences dreaming was an event that was held in August that really helped to marry the intersection of Life Sciences and Salesforce. And we learned so much. One of the things that we found during that conference is we had so many incredible sessions that everybody couldn’t attend them all. So we went through our survey responses and said, these are the most requested topics. And that is how we are bringing Rebecca gray to you today. In one second day, small whoever is going to introduce her. But first I want to say welcome everybody. My name is Shannon Gregg. I’m the president of cloud adoption solutions, which is a woman owned Salesforce partner focused on regulated industries like the life sciences. I’d love to thank the sponsors of the 2023 life sciences dreamin series, which includes stocks, elements, cloud cap, Storm, customer times, recipe pro mind matrix, easy protect by adaptiveness, Salesforce, steady state media, I know SEO wise wolves, and cloud adoption solutions. So without further ado, I’m going to hand it over to Dave small Hoover, please, everybody, this is live. We’re here live, we’re interactive. So if you’ve got questions, toss them in the q&a, Rebecca’s very, very good at picking those up. And we’ll have time for you to ask even more at the end. So Dave, I’m going to hand it over to you. Hey,

David Smallhoover
everyone, it is my absolute pleasure to introduce Rebecca gray to you. I met Rebecca this past summer and was immediately struck by her. She’s a bright spot to anyone who knows her. And I admire so much for what she brings to the community. And so just as Rebecca goes around, making the her community a bit better, so TOS capstar, making the Salesforce Salesforce ecosystem better. And what could be better than security that comes with a great user experience. So with that, I hand it over to Rebecca.

Speaker 1
Thank you, David. So David, when you said I struck you? Did you mean I walked by you and snacked you with my big hair? Is that what you’re talking about? No,

David Smallhoover
it was the energy you brought up out of energy in the group. And I’ll always remember that because I was a little guarded. And so it was good to you helped me get me out of my shell at the conference. I appreciate that

Speaker 1
line. So I’m going to tell putting up cracker or getting people out of my shell other shells on my resume. All right, welcome. Welcome to driving Salesforce value without compromising security. This session is focused on how to maximize your investment in Salesforce, while also protecting one of your business’s most valuable assets, the data. As David said, I’m Rebecca, I’ve spent the past seven years helping businesses, especially in the life sciences, thin surf and pub set communities, increase the value that they get from Salesforce, increasing the value of that investment, while also increasing the level of data security. Now, this is a Salesforce conversation today. So I’m going to assume that those of us that are here know how to control access for data inside Salesforce. First, you set org wide defaults, like can data be viewed by everyone or just there owners, then you have things like roles, sharing rules, etc. Now, we want this talk to be interesting. So we’re not going to focus that much on the Salesforce side. But instead, we’ll spend our time leading into what happens beyond Salesforce. But first, we’re going to tell a story about what bad can look like for Salesforce data enablement. And then we’ll do a deeper dive into what good can look like for your teams. Increasing value, maintaining control. Let’s go. Now, obviously, this tale of data management gone wrong is going to be done by your competitor, because an organization like yours would never make these mistakes. Let’s introduce our actors. First we have our Salesforce admin. Hint that’s me have my firefighter hat on today because Salesforce admins are always putting out those fires. Next, we have our boss fresh off the golf course and ready to give some instructions to his team. Next, we have our security architect. Oh, we don’t have one. We’re just going to figure this out. But in the corner, we also have our little cyber pirate. You don’t know who this person is, but they are waiting for an opportunity to take your business’s valuable day Yeah. So it’s Friday afternoon, we have Christmas holidays coming up in just a few days, but the boss is gonna walk in the office and say, Hey, admin, before you leave for the day. And here comes that list of requests are boss has acquired. Tableau, they want you to set that up. Also his added a backup solution for Salesforce his as the boss says it’s SAS, it should only take you a few minutes, right? Can you do that before you leave? Take a deep breath, or admin says, as our admins do, absolutely, sir, I will get on that right now. And one more thing. After you get those two things done, I did get a call from our VP of sales. And he really doesn’t like that our salespeople have to actually enter their emails in Salesforce. So could you make them just show up? Admin sighs takes a big drink of water and says, Sure, I’ll do it. And as our boss walks out the door says, Well, I’m heading home Call me if you need anything. Oh, wait, I forgot. We hired this consulting company to fix our clunky quoted process. They start on Monday, could you please give them a big full copy sandbox to work in or just somewhere they can do their work? Well, our admin wants to leave for the day. It is Friday afternoon after all. So we connect our Salesforce to our backup solution admin credentials. Connect our Tableau implementation to Salesforce admin credentials, turned on Einstein email capture, with a quick email to our reps and created a login for our full copy sandbox. Also, admin credentials, pass it off to the consulting group. Problem solved. Out we go though, go. Does anybody see any issues here? Let’s point out a couple obvious red flags. We trusted a lot of people, the data from our core Salesforce is now existing in our SaaS providers backup, we didn’t vet security, we didn’t vet encryption. It’s existing in Tableau, we have another copy of our data stored there. It’s existing in a sandbox, we granted access. Now, if you’re counting, we have Salesforce, and 123 copies of all of our sensitive data that now or existing completely outside our control. Plus, we have Einstein email capture, where our emails are replicated to Salesforce, but off platform, so we can’t query the data. We can’t report on it, back it up or redact it think GDPR. We’ve trusted many, and thus we’ve made ourselves vulnerable, because there’s multiple areas that are cybercriminal can attack. Now, we don’t know who this cyber criminal is, but we know they’re there. Like any organization, there’s always someone that wants to steal your business’s data. And we have done nothing to verify access. Now, we’re gonna redo this scenario. And here’s our agenda for today, we’re going to accomplish those same outcomes, we are going to add value to our business. But this time, we’re going to tackle it from a security first mindset. And that’s what we’ll do with the rest of our time. We’re going to talk about backup analytics data sitting DevOps. And avoid making security compromises like we made in that past story. Now, as Shannon mentioned, we do I do love an interactive session. I also love to talk so I’ll keep talking. But if you have a question, please post that in the chat. And the team will pick that up and let me know there something there. So interrupt if you like. First, we’re gonna talk about backup. Now. Backup isn’t sexy. It’s insurance. Now I have a house. And I live in Florida, and I live in a Panhandle right on the Gulf of Mexico. So my house is important to me, I pay for insurance. I have a lot of options. For example, I’m not typically in a floodplain I have, I have a good 12 feet above sea level. But I to pay for flood insurance. It’s optional, but I want it because if there’s a hurricane, I want the ability to actually get house back. Now, I can choose the different levels of insurance I want, but I need it. My mortgage requires I have an insurance just like your auditing teams probably require you have some form of backup in place. So let’s do some comparison here. And I’ll provide some practical examples as well. On my left If you have your more full coverage option, I have a reputable national insurance provider that covers floods, hurricanes, termites, you name it, they’ll pay for it, I’m confident that my claim is going to get paid if I have a disaster. Now, these are backup providers that can be SAS, they can be self hosted where you actually own the data set. But there’s three things we’re going to have in common, accessible data, you are able to get to an actual copy of your data to validate that that backup is actually complete. Secondly, it’s encrypted. Data in plain text is dangerous. Even if you have data in your own data center, you need to encrypt at least those sensitive fields.

Speaker 1
And finally, a validated restore. Now, just like insurance, it’s great to write that insurance check. I don’t feel good about it, but I need to, but I’m not really paying for insurance. What I’m paying for is that claim reimbursement. I’m writing my checks so that if I have a disaster, I get that big check and get my house back. If you have a backup, it’s not validated, well, you have no guarantee that that check will actually get written back to you if you need it. My company cap storm is an example of a company that provides this type of backup. Now, you might be asking, how does this add value? This, this topic feels a little bit more like risk avoidance versus a true value add. But the power of having an accessible copy of your data off platform means not only do you have a backup, you also have a method for archival, potentially staging area for analytics. We’ll talk more about that in a minute. And more critically, you keep your job if you have a cyber attack, a data disaster or a ransomware attack, because you have your data. And you’ve proven that you can recover it. Now, let’s pivot. Let’s take a look at the approach that our example company took the minimum coverage. This is my local insurer who only covers my little town of Santa Rosa Beach. And if I tick the box, my insurance, my mortgage will be happy. Yes, I have insurance. But it’s not going to add value. And even worse, this may increase my organizational risk. Because if I have a hurricane hit my house, and it hits this entire regional area, my insurance company is not going to stay in business, they will not be able to pay my claim. These are backups where you have verifiable data or view my apologies viewable data, technically, I can see it. But I can’t really verify that all my data is actually in the backup. I may be able to query a field here or they are looking at a record. But you’ll see this with a lot of SaaS providers that have these on demand export. But they’re sending that data to snowflake and s3 bucket but this exports are pretty limited in scope. I can’t say I have this many accounts in Salesforce and this many accounts in the database. Also, in the worst case scenario, you have a C x CSV export from Salesforce, it’s considered a backup. It’s an encrypted and it’s sitting on someone’s laptop. It’s a vulnerability. And it’s untested. The most common fallacy of the Salesforce backup world is that restore doesn’t need to be vigorously tested. an untested unvalidated backup is like driving a new Porsche with only collision coverage, or buying a multimillion dollar mansion on the beach and buying my insurance from Bob’s insurance that only covers my zip code. Since we’ve walked through how to increase security for backups, let’s move on to our next topic. This is when will truly start adding value for or our organization in the area of analytics. Looping back to that original story, we want to get Tableau connected to Salesforce. Now there’s two key approaches. Either we take Salesforce, we connect it directly to Tableau with credentials. Or we pass that data through a middle staging area first. This is similar to the philosophy you’ll have to select anytime you want to leverage a non Salesforce native analytics solution. Now some of you might be thinking, why would you use anything other than Salesforce? Don’t they have excellent analytics options and reporting on platform? Well, the answer is yes. Salesforce does have some very good options for analytics, but there’s limitations. And when you’re in the life sciences world and you’re incorporating all these different things into your org, but Particularly if you’re working with Aviva, you have managed packages, you will quickly exceed the scope of what goes on platform reporting options and support. For example, you may want to do historical trend reporting, or combine Salesforce data with other data. Now in our risky scenario, our customer decided our company decided, we’re gonna go straight to Tableau, we’re gonna use our administrator login, make sense, admins already set up admin knows the password. It’s easy to do. But there’s a few risks for this approach that are really common. And you’ll see them across most replications, or most connections, we’re near directly tying into Salesforce. First problem, we’re going to be replicating sensitive data. Because our administrator credentials have wide sweeping view access into our org. We don’t necessarily have data masking when we’re an administrator. So we’re pulling in data into our analytics platform. And the users in that analytics platform can see data that they really wouldn’t typically see. And we also have access issue. So we take our Salesforce data, we put it in Tableau, connect them together. Now we have to reconfigure all the visibility setup that we have in Salesforce, all of those org wide defaults, roles, sharing rules, that’s the Salesforce language. But we have to set that up again. This time, we have to set it up in Tableau. Now, I don’t know about you, but if I have to maintain something to be the same in more than two spots, eventually, I’m going to miss something. This is tedious, hard to validate, it’s near impossible to keep in step and definitely using a staging area, like a database as control, and it limits your access, because you can use things like views field level encryption, and gain control over who has access to what data. Now our data sync scenario, our third thing that we had to do on Friday, get our backup connects to Tableau and get those emails synced into Salesforce. This is more of a one way sync than a true bi directional. But there’s similar considerations anytime you hook a system into Salesforce. Now I introduced Einstein, for one core reason, which is data storage, we’re going to take a quick peek at the Einstein email capture architecture, which is going to reveal some of those security vulnerabilities that you can choose to accept, or you can choose to tackle from a different approach. Now this is Einsteins, back and architecture pulled it directly from salesforce.com. That data flows into an s3 bucket owned by Salesforce. Highlight that here so we can all take a peek at it. Now this data, this data storage is on by Salesforce, and you don’t have access to it. So you can’t query it can’t report on it. If you get a request to forget someone. So forget a clip customer, forget a patient, you’re fully dependent on Salesforce, and it puts you in a position where you can’t necessarily prove that deletion actually occurred well, not 100% true, because all of your Einstein activity capture data is deleted. Because your attention is only six months by default, or 24 months, if you have that paid version. After the data retention period is passed, that data is removed from the system permanently. Now, if you’re in compliance, take a deep breath. There are other alternatives, you can configure these type of things to be much safer. You can use a database that you own, for example, as a backup of your systems to ensure you have proper retention. You don’t have to surrender to gaping vulnerabilities to add value to your Salesforce implementation. Now it will cost you time not implementing these easy direct connections that are pointing click and require no additional technical involvement take time. But like analytics can set up some staging or some off platform storage, and you can greatly reduce your overall risk. Now if you’re looking for a simple example, how do I how do I work without this? How do I automate without this? This is just an example. But you can have a Chrome extension for Salesforce syncs emails, little more work, but it creates a record. Now I’m not suggesting you do that. up. But I am suggesting that when we want to add value to our implementation, sometimes we need to put a little bit more thought into security first. Now, our next step is to address that worth problem if anyone was listening with our last thing, great that sandbox for our off shore consulting group that’s going to be doing our project for us. After we go through that, we’re going to wrap all this up in a better architecture, one that adds value without compromising security. But first, I’m going to pause take a drink of water from my Lego they and Florida cup and ask team, is there anything in the chat window that I may have missed? Shannon, would you mind checking for me?

Shannon Gregg
Rebecca, so far, there’s nothing in the chat window. But this is a great time for me to remind everybody, please use the chat or the q&a to put some questions in. I know, we had some ahead. And they will be questions that I will serve as at the end. And this is one of those topics. I think Rebecca that everybody gets really bamboozled by they may get confused. They get frustrated. And I love the way that you’re telling the story. Thank you so much. Absolutely.

Speaker 1
We will wrap it up in very plain language. My theory is that if you can’t explain it to your child, I have a first grader and a kindergartner. If you can’t explain it to a kindergartener, then you don’t really know it. So we’re going to try to get this down to very simple terms to make it a little bit less complex. But finally, let’s talk about some DevOps. Now, this is the scenario that terrifies me the most, because we took a carbon copy of our Salesforce, a carbon copy a clone, and we gave access to another group. And it’s also another group that’s temporarily hired to support our company, not a person that’s actually on our team. Now, we have a couple things we could have done instead, we could have told our boss No, no thank you figure it out another way, probably not good because we want to keep our job. We could have masked our full copy sandbox to protect some of that data. Or, ideally, we create a seeded obfuscated sandbox that meets the needs of our group that we’re supporting. But it also gives us zero risk of data leak. Ideally, we’re going to give them a seated dev org or a seated partial copy so that our bigger environments, our UA T our system integration testing environments aren’t tied up to a project for the next six months. How do we accomplish this? There’s a lot of vendors, they’ll support sandbox eating and Salesforce has some and Capstone can do that as well. I’m not going to do a Google search for you. But the main point is, there’s a better way to do this. Now, let’s wrap all this up and talk about a value architecture. Our safer architecture, we’ll start with the same requirements, Sandbach fires a consulting team, connecting Salesforce to an analytics engine, getting emails, things for our sales team, and making sure that Salesforce is backed up. Now, if you remember, for our from our more dangerous architecture slide a whole 20 minutes ago, we had all these direct connections, pulling data out of Salesforce and pushing it into a bunch of different data repositories. In this new architecture, there is one and exactly one, direct replication from Salesforce stored in one database. And for security, this one database is located on the business’s AWS platform. So the business and only that business can access the data. Or that database lives in the customers own data center in their physical architecture. Most important thing, the organization controls who has access to that core data set. Now, of course, that database could also be housed in the SAS vendor. But the key considerations here are is that data is accessible and usable. And this circle is right here. This solves our backup problem in one swoop, backup problem, staging area for analytics, staging area to seed sandboxes with mass data. And we’ll probably do a little workaround for this. We can also create a secondary database where we’re just going to backup our email. Maybe we’re backing up Outlook or Gmail. But that way we can actually use some of those Einstein features without being risks having the risk of not having that system not backed up as well. In the database here is our secret. It’s the Core of Data Protection. It’s one place where we have a copy of our data, not six, not seven, not three, but one. Now, before we wrap up with a little bit of q&a, I’m going to run through one more approach. And this is the capstone method, we’re going to add another layer of restriction to tighten our control. Once again, restricting access, controlling risk, but also adding value. Let’s a tiny change. Did anybody catch it? Right, I added a lock, tiny little lock on here. Once again, we’re starting with Salesforce. But this time, we’re going to use cap storm, which is going to incrementally replicate our data from Salesforce into a relational database, it’s going to pull our metadata, it’s going to pull down our data, incrementally is a key word, because we’re only picking up data that’s new or changed. Which means that this entire process is fast, fast, like within a few minutes, and we need data within a few minutes, because we need that database to be really in step with Salesforce for our analytics connection. Now, our fictitious company, like many of us, is not exactly bursting with lots of extra time. So instead of having to do that sandbox seed for our consulting group ourselves, we’re gonna just give the team access to our database. Now, doesn’t that sound a little dangerous? Just a little bit, but we have a solution. And that’s that lock. Our database is a replica of production. But it doesn’t mean we have to let our plain text data just sit there, we have two things we can do. One, we can encrypt the whole database, we’re not going to do that, because then the data is not that useful. Or two, we could implement field level encryption and compliance categorization. So we pick a field, maybe email address, we encrypt the field, we put it in our PII bucket, and then we encrypt last name. We’re going to put that into PII in proprietary buckets, our consulting team doesn’t have access to plain text for any of that sensitive data. But we can give our Tableau connection, a little bit of advanced credit, advanced access. So we can look up things like our customer names. Something that Capstone provides is the ability to mirror those Salesforce shield encrypted fields, and implement that in a database of your choosing. So that you have end to end encryption, without having to go back and do lots of manual security tweaks as your Salesforce evolves over time. So now it’s safe for our consulting group to have a level of read access into the database, see their own sandboxes update them as needed. But only with the data that we’re able to see our production recovery team, they can get to everything they have to Salesforce goes down or breaks, goes down as little scary. Salesforce breaks, we corrupted it, we broke it, we can go in and fix that, because we have access to the data in our Tableau integration is also connected to that same database with its own assigned credentials, that controls what that integration is able to access. We have no places our datasets without encryption, we have simple ways to verify access, because we own the primary data storage. And that final piece of the puzzle, our email system, I’m talking about Capstone right now, we’re a Salesforce only company. So we’re not going to touch that for you. But there’s a lot of companies that can backup your emails, put them in a separate database. So you can also use that Einstein analytics. So what do we do? We establish a foundation to drive business value with our own CRM data by starting with a database that we control.

Speaker 1
Anytime we have a webinar over lunch, I was promised to wrap it up a few minutes early. So let’s pause. And if there’s any questions now, it’d be a great time to say them. Well,

Shannon Gregg
Rebecca, I can tell you we got a barrage of questions. And they all came privately to me. So I think that just supports my idea that security is hard. Security is hard to understand. And it feels a little embarrassing. In fact, one of the questions started with I don’t know if this is dumb, but so I would encourage everyone else. If you feel a little bit anxious about your questions, you can send it to me privately. And I won’t tell you but I also want to tell you, I do think security is the most challenging part about Salesforce. So, you know, I think when you take your admin exam, that’s the hardest part. And so Rebecca, I have a bunch of questions for you. And I will tell you I got word from the floor at Salesforce where pulled toward New York this morning. And now we’re before we jumped on that they were announcing free data, cloud and Tableau. And so I think more and more people are going to be thinking about this, you know, data security data problems. So I’ll start with the first one, Rebecca. That is, I don’t know if this is dumb. But what if Salesforce is my only place I store my data? Will Capstone help with setting up that database of our choosing?

Speaker 1
That’s an excellent question. Absolutely. So not all of my customers have massive database teams. Some of them do, I work with huge sales forces that have, they have database teams, and AWS teams, and five DevOps teams. But that’s not everybody. If your core need is backup, we do have a backup option for you, that requires no setup on your side. It’s a SaaS based backup. But what makes it different than other options is that you can maintain full visibility into your backup, meaning you don’t have to host a database don’t have to host a software, you have to manage it will even restore it for you if you need to. But you still have the ability to make sure that backup is complete. So yep, we can help you. Or I can help you set up your own database if you want that to.

Shannon Gregg
That is awesome. Thank you. So the person that asked that question will definitely make sure you can get in touch with Rebecca. She’ll share her details at the end. The next question, I think is a little more of a statement, but we’d love to hear your take on it because I don’t disagree. It says small companies often make the most of their users, system admins, and ignore security altogether.

Speaker 1
Sadly, guess we see this all the time. But the good news is, you can always change that any day you want to, for example, even if you’re not a huge organization, even if you have to have some of these direct connects into various systems, because that’s the limitations you have to work with. You can always use an integration user should relatively inexpensive to think about think intelligently about what type of data is going to be flowing out of your systems. If you put a little bit of forethought in that, you can prevent a lot of heartache down the road, when you realize that oh my goodness, we’ve done this thing that then comes back and bite you in the butt.

Shannon Gregg
Perfect. Thank you so much. The next question that we have is I know a lot of companies that are adjacent and I’m wondering how Capstone compares to other folks in the space. I’m thinking of own backup and gearset. You don’t have to talk about them. Specifically, Rebecca, but I know Capstone is huge. It is so big and hard to understand. So I guess if you could spend a couple of minutes telling us what else Capstone brings to the table besides what you presented to us today?

Speaker 1
Absolutely happy to. So depends on the topic. Anytime I’m asked what makes Capstone different than x, I always frame it in terms of what do you want to do. Because sometimes are a great fit. Sometimes we’re not in the pure backup space. What sets us apart. In addition, of course, to some technical things, like a lot of items we backup that others don’t like big objects, is a concept that a backup that you can’t validate and verify is not a great backup. It’s very difficult when your data is fully living on someone else’s platform to actually make sure that that backup is fully complete. Now, in addition to handling that disaster recovery scenario, Cap storm also enables our customers with things like sandboxing, how else do you validate your backup validate your recovery process unless you actually test it, support data governance, so that end to end encryption between Salesforce and your database. And then I could give you probably a 15 page list of what our customers do, because we support taking your Salesforce and replicating a copy of it in a database. Now, this is not a pull of CSVs out of your Salesforce that is dumping them in some s3 bucket. This is a true replica of your Salesforce data structure table for table field for field in a non proprietary format that you own. For example, I have a big Salesforce, and I’m going to be querying My Account object. Or I’m going to be queering name the object, my org gets big enough, those queries get slower and slower. But if I have a copy of the data, and it’s mine, well, I can control the horsepower I put behind that database. I have customers that do things like run near real time reporting that drives payroll solely off that database, payroll and bonuses. I have a big university that does that. I have a government organization that uses that database is a staging area to actually power a citizen facing web portal. They give status updates and service requests. Now those citizens don’t have Salesforce access, they have you access into that Salesforce data because of CAP storm, specifically for the life sciences to set up which I’ve seen a lot, backups huge because it’s backup of data, you oh and GXP data, PII data, HIPAA compliance, that’s huge. But you also with a governance piece, have the ability to bring data into a system where you can then encrypt things like links. And I’ll give you a better example. I’m running a clinical trial, I have patients, I have patient results, I have patient demographics, I have this clinical trial result information, I need to run analytics, but I cannot have the results tied to the patient’s. If I bring that data down to the database and encrypt the link, I can then run all kinds of different reports on that dataset, while still preserving the integrity of what I’m doing. Now, I know it’s a long winded answer. If you want to leave a longer one, send me an email, I will give you a very long explanation. But first, I will ask you what do you want to accomplish? Because that’s where the root of it starts.

Shannon Gregg
That’s incredible. Rebecca, of course, my brain was like, Whoa, there’s so many things that I think a lot of people will want to ask because that’s exciting. I have another one. That is I’d love to know what costs are associated to security risks, or how does that drive ROI for Capstone users?

Speaker 1
Absolutely. That comes that kind of question comes up a lot when you talk about backup, because when you’re writing an insurance check, it’s really hard to convince your boss you need insurance, it’s a lot easier to convince somebody to insurance if you had a big tree limb fall on your house and say now we need insurance, aka we had a data breach, we probably should have done something about this. But if you’re wanting to implement a solution like cap storm, that can support a fairly wide range of things. Usually, the ROI can be found in looking at how could I be adding business value with my Salesforce implementation. If I had my data doing x, x could be integration. X could be archival. So huge thing, my Salesforce data storage is getting a little bloated and kind of expensive, let’s pull it off. X could be sandbox seeding, or buying multiple full copy sandboxes are a little pricey. Let’s actually use some of our development environments that were already paying for and actually see that data. If you’d like to get a little bit more detail, I’d love to talk to you about your project and see if that value is there that makes sense for you.

Shannon Gregg
That is wonderful. Thank you. The next question that I have, and it looks like there’s two left is what happens when we want to restore data using cap storm? Will it trigger all my flows? And VCRs? Oh,

Speaker 1
goodness, no, you don’t want that to happen. Now, you can choose most of the time, you’re going to go into the application and tell it to disable those things, disable my flows. And even beyond that my validation rules my restricted picklists. I may have required lookups that were not required when the data was created. My triggers my process builders, I still have them. I don’t blame me if you do. My workflow rules, etc. capstones applications provide a way for you to disable that. And it will also automatically re enable those automations as a standard part of your recovery process.

Shannon Gregg
That is wonderful. And then I think our last question, before we let everybody go back and think really hard about the things that are happening in their Salesforce instances, because I know they will is. And this is a big heavy one, Rebecca. So good luck. What’s the biggest mistake you see in Salesforce orgs in terms of data security?

Speaker 1
Oh, that’s heavy. The biggest mistake, I’ve seen some doozies. Let me let me put it like this, because this is something I’ve actually seen happen several times. And it caused some pretty nasty production recovery problems on tested deployments. So doing metadata work, writing triggers, whatever it is doing that and validating it a little bit, using some great solutions because there’s some great solutions for it. But not validating well, and not making sure they had a backup before they deployed it. I have had customers do really nasty things. I saw one the other day that copied some addresses from one address field to another Address field didn’t think about the fact that some of their source data was blank over read ons of addresses in their org. I personally made a big mistake with an integration and unhooked our opportunities from our accounts. And we’ve been in business 12 years. So I’d hook them all, just to be efficient by accident had a rollback. So it’s that type of on tested development work, an untested integration work, that tends to be the biggest vulnerability. And I say it’s a security vulnerability. Because you can cause massive corruption of your data and massive access to your data with those, those type of things if you’re not careful and vetting it first. Now, I’m not going to talk about people who chat me their password, because that would be that’s even, that’s just two bullet.

Shannon Gregg
Yikes. Oh, that’s amazing. Thank you for that answer, Rebecca. And I will tell you, this has been a wonderful amount of time listening to you hearing from you. Every time I hear you speak, I learned something new. And I love that. And I would like to echo what Dave said, which is thank you for all that you do and all that you give to the community because I think there are loads of people that are much smarter about Salesforce security. Thanks, specifically to you, and also to cap storms. So thanks, everybody, for joining us today. We’ve been running this life sciences webinar series for about a year. And we have many more continuing but I will tell you, Rebecca, this is the first time ever that we’ve had every single person stay on for the entire webinars. So I know that they were sitting on the edge of their seat listening to the things that you had to say, can you tell everybody how they can get in touch with you? Because I guarantee there are going to be many, many more questions that you can answer for our audience. Absolutely,

Speaker 1
Shannon, I will tell you I didn’t put it in my slides. If you want to find me, just look me up on LinkedIn, Rebecca Gray, I run the St. Louis Salesforce user group and work at CAP storm. Not that hard to find. And of course, I’m happy to give you a little bit more direct contact details. I’m gonna stop sharing I’ll drop that in the chat.

Shannon Gregg
Thank you so much, Rebecca. And while she’s doing that, everybody, we will send out the recording because I know that now that you’ve heard this, there will be other people in your organization that you would like to hear the same information. We welcome you to join the rest of our series for Life Sciences dreamin and definitely head over to the life sciences dreamin.com website to sign up for our waitlist. So you can be the very first to hear our announcement of exactly when and where the life sciences dream and live conference will be in fall of 2024. Thank you again to Rebecca gray for taking her time and for capstone for allowing her to spend this time with us. And thank you to all of you for joining. I love that this is a group of lifelong learners always looking to make their Salesforce orgs and their users a better place to be. Thanks everybody. Have a great day.