At AppOmni we’re proud to partner with Accenture to help clients ensure their SaaS environments, Salesforce in particular, remain secure.
We recently sat down with Rex Thexton and Andrew Triplett, both senior executives with Accenture’s Security Practice, to talk about the security trends they’re seeing and to get their suggestions for all companies that are using SaaS applications. Here’s the slightly shortened version of our conversation:
Accenture has a huge Salesforce consulting practice. Tell me about the work you do and about the role of Accenture Security.
RT/AT:
Accenture is the largest global Salesforce partner with thousands of clients and over 25,000 employees that are Salesforce-skilled.
No matter what type of Salesforce project we’re doing, our goal is to ensure that our clients are secure. That’s the inherent value that Accenture Security brings to broader Accenture. We make sure that projects are secure from the very beginning, and that they continue to be secure on an ongoing basis. The security of our clients is critically important to us.
But it’s important that security doesn’t create bottlenecks or unnecessarily slow down implementations. So we’re always looking for new processes and technologies that enable us to work more efficiently throughout our engagements.
What types of trends have you been seeing when it comes to security?
RT/AT:
We are starting to see a lot of our clients suffering, I won’t say catastrophic events, but significant security events due to misconfiguration of their Salesforce environments.
Unfortunately, SaaS security is an important issue that has flown under the radar for many companies. We’ve found that most of our clients don’t realize they have this problem, so they haven’t budgeted for this type of security. Instead, they’ve been managing SaaS configuration manually, and often deprioritize it in favor of other security needs. But as I said, this is where we’re seeing more and more security breaches happening.
I think we’re doing a good job now of educating our clients about configuration risk and getting things moving in the right direction. Our goal is to get clients to understand that SaaS security – especially when it comes to configuration – is a must-have versus a nice-to-have solution.
How is Accenture solving the problem of SaaS misconfiguration?
RT/AT:
The short answer is with automation. We had been looking for a solution that could help as we’re deploying our Salesforce implementations for our clients, so we can ensure that they’re secure from the start and that they’re configured properly. Instead of doing hundreds or thousands of manual configuration checks, we wanted to automate nearly all of that so that it’s complete in a much shorter period of time.
So this is where AppOmni comes in.
RT/AT:
Yes. With AppOmni, we’re able to do in a couple of days what used to take us a month. It has drastically sped up our implementation timelines while adding a higher level of security to our clients’ Salesforce implementations.
Right now, we’re using AppOmni to inform and execute initial configuration settings during the implementation process. Going forward, we plan to extend this service to provide clients continuous monitoring of their Salesforce configurations on an ongoing basis to prevent configuration drift over time.
We’re also looking to expand our use of AppOmni beyond Salesforce to other major SaaS applications like Microsoft 365, ServiceNow, and Workday.
In short, we’ve been very impressed with AppOmni first as a partner and now as a customer.
Any final advice for readers looking to improve security in their organizations?
RT/AT:
I’d break it down into four key takeaways:
- Prioritize SaaS security and managing configuration risk. This is where we’re increasingly seeing breaches.
- Use automated tools. Security teams are already falling behind when it comes to managing SaaS configurations, and the complexity of these systems is increasing every day. The automated tools that are now available lead to more secure environments and pay for themselves with the time they save versus attempting to manage this process manually.
- Make SaaS security part of your implementation process. You want your environment to be secure from the beginning. Don’t wait for a breach to get started.
- Avoid configuration drift by monitoring over time. SaaS environments are changing all the time, so it’s important to continuously monitor security configurations to ensure that a high level of security is maintained over the entire application lifecycle.