From a Chief Information Security Officer (CISO) perspective, Salesforce has cemented its spot as an invaluable and mission-critical tool. What’s been the primary driver of this shift? Over the past decade, Salesforce has added business-boosting capabilities – storefronts and customer experience systems for example – elevating its role from a mere support tool to a revenue driver.

With such high stakes on the line, we brought in Andy Ellis, Advisory CISO at Orca Security and author of 1% Leadership, to talk about Salesforce and more in a moderated discussion with Veroljub Mihajlovic, senior director of product marketing at Flosum. In this conversation, Ellis shines a spotlight on why and how it’s mission-critical to ensure that Salesforce remains online and secure. 

The value of what’s at stake, says Ellis, might be higher than you think. Listen in as Ellis and Veroljub discuss the ins and outs of Salesforce and security in this webinar: A CISO’s Guide to Salesforce.

Salesforce data is mission-critical

Why the focus on Salesforce? Because not only has its role been elevated, but it holds tremendous value and without it remaining online, that’s revenue lost. 

“If Salesforce goes down or we configure it incorrectly, that means our revenue stream might have just gone away for a while,” Ellis explains. “That changes the level at which we need to care about how we’re using Salesforce. We should make sure that we’re treating it like a revenue-generating app.”

The rationale for the emphasis on Salesforce is that rather than merely a back-office support tool, it’s now being used for everything from commission calculations to ticketing systems – and that ties Salesforce directly to revenue streams. Says Ellis, this should be an eye-opener as even a minor outage could lead to major problems.

What keeps a CISO up at night?

Ellis also illuminates the many factors and potential security threats that CISOs have to consider. To name just a few: access control, third-party apps, permissions and machine identity. All of these weigh heavily on the minds of today’s highest security officer.

None the least of these concerns: where does the buck really stop? And according to Ellis, this dilemma is even greater in the Salesforce realm. When it comes to Salesforce security, there are question marks as to who should be ultimately responsible. Is it IT, sales operations, or another function? That’s a real problem, Ellis notes.

Then there’s the conundrum of access controls. With joiners, movers and leavers to account for in every organization, this can be especially problematic. Add to that the presence of digital or machine identities, and CISOs really have a Pandora’s Box of issues with which to deal. The result can be many a sleepless night.

Address these top 5 security risks

Making security a top priority for your organization means leaders must address the topmost security concerns. According to Ellis, the top five security risks include:

  • SaaS apps
  • Broad access
  • Citizen developers
  • Unclear ownership
  • Machine identity


Taking action on these five risks today will enable organizations to safely reap all the benefits that Salesforce has to offer.

Protection is paramount: Why leave it to chance?

Is your organization serious about maximizing Salesforce and safeguarding data? Then take a look at Flosum. Flosum is 100% native to Salesforce and provides the tools needed to both secure and accelerate the development lifecycles.

In addition, Flosum offers a free organizational scanner feature – Trust Scan – that provides a quick means of not only checking your company’s security posture but also identifying potential vulnerabilities.

With Salesforce so instrumentally tied to revenue, why wait? Uplevel your organization’s security posture with Flosum. Schedule your free demo today.

For more insights from a CISO perspective, be sure to watch the complete moderated discussion with Andy Ellis and Veroljub Mihajlovic in this webinar: A CISO’s Guide to Salesforce.

signup for our blog


“Flosum is the best native release management tool that you will fall in love with. I have gained confidence in my role and has given me the ability to view release management from a whole different perspective.”

Faizan Ali

Faizan Ali
Salesforce Consultant at Turnitin