Government
Backup and Recovery
SaaS Data Protection
FedRAMP

Getting Ahead: Why Federal Government Agencies Need to Proactively Strengthen Salesforce Data

Eoghan Casey
|
Field CTO | Field Technology Strategist, Own from Salesforce
No items found.
A blue screen with a face and a bunch of numbers.

Two years ago, I left my strategic leadership role in the U.S. Department of Defense to join Own (formerly OwnBackup), motivated by the opportunity to protect the increasing amounts of data that government agencies store in the cloud, particularly Salesforce. As is often the case with data security, the greatest challenge is people, not technology. Many don’t realize that Salesforce operates under the Shared Responsibility Model so don’t understand the customer is responsible for protecting data stored in the cloud, including restricting access and maintaining backups. That is why I continue to be passionate about educating and empowering government agencies to ensure the security and compliance of their Salesforce data.

Anticipating Failure

Under the Shared Responsibility Model, Salesforce manages the security of the platform, while the customer maintains the security of data stored on the platform. This means that government agencies (and all organizations for that matter) using Salesforce are responsible for managing data classification, access control, disaster recovery, data retention, threat monitoring, and more. Unfortunately, most agencies lack visibility into their Salesforce data security and risks, don’t know what ‘bad’ looks like in these environments, and haven’t tested their ability to recover rapidly. These blindspots leave gaps in security compliance and can result in exposure of sensitive information and disruption of mission-critical operations. Untested backups can create a risk if they don’t work as expected.

Certain Salesforce backup products miss important information and have limited ability to restore data, making it both time-consuming and difficult (perhaps impossible) to get Salesforce data back into good condition after a data loss or corruption occurs. If they can’t be used to recover, then the backups are actually just increasing the attack surface by storing data in an additional location with the hope it will remain secure and be useful.

Furthermore, reliable Salesforce data recovery requires a combination of specialized expertise and fit-for-purpose tools to restore and reconstitute only the damaged data and metadata, leaving the bulk of ‘still good’ data untouched. Because of these challenges, when Own performs a Salesforce Security Risk Assessment and Data Recovery Readiness and Response (DR3) assessment for customers, they are initially at a lower maturity level than desired and require a Technical Account Manager support to improve.

For Federal agencies, not understanding their responsibility to protect Salesforce data can result in significant gaps in security controls defined in NIST SP 8000-53r5. Federal agencies are also counting the days until September 30 to meet the administration’s mandate to implement zero-trust cybersecurity requirements. Gartner predicts that 75% of U.S. federal agencies will fail to implement zero trust security policies due to funding and expertise shortfalls. Such failures increase the risk of government services being unavailable and sensitive information being exposed.

Government agencies have an opportunity to address such failures and require solutions that reduce the time and cost of compliance, which is where Own FedRAMP® authorized solutions can help with technical capabilities that are accelerated with automation. 

Rising Risks

Over the past year, we have observed significant increases in Salesforce vulnerability and data loss, resulting in data leaks and service disruptions. The most common causes of such data loss and corruption incidents are human mistakes, such as inadvertent deletion and integration errors. 

Insider threats have surged as remote work has grown, highlighting the importance of controlling access to data and maintaining least privilege access, including for contractors in development and test environments.

Cloud-conscious attacks have increased by 110% between 2022 and 2023, according to the Crowdstrike 2024 Global Threat Report.

“The most ubiquitous impact technique was actually destructive, with actors removing access to accounts, terminating services, destroying data and deleting resources.” (2023 CrowdStrike Global Threat Report).

These rising risks, combined with data protection gaps, is a recipe for disaster, disrupting government services and exposing sensitive information.

Strengthening Security

Own is the clear leader in Salesforce data security and ensuring compliance for the world’s most complex and highly regulated organizations. By providing FedRAMP® authorized and interoperable data protection solutions for Salesforce, Own delivers the visibility and control that government agencies need to not only comply with published requirements but go beyond to thrive in a "de-perimeterized" world in an efficient and cost-effective manner.

Own Secure, which is a native application available in the AppExchange that is interoperable with FedRAMP®, encodes years of specialized Salesforce expertise to significantly cut costs and speed up identifying what data is highest risk, assessing how well sensitive data is protected, who has access to it, and computing risk scoring to help prioritize what to fix first with limited available resources. 

Own Recover enables agencies to restore Salesforce data and metadata quickly and reliably, reducing downtime by 71% and increasing the efficiency of data recovery teams by 37%.

Own Archive helps agencies implement data retention and archival policies, which improves Salesforce performance, reduces storage costs by an average of 72%, and simplifies compliance and reporting.

Own Accelerate empowers agencies to innovate safely and securely in Salesforce with flexible data seeding and anonymization capabilities that help increase development efficiency, reduce costly errors, and protect sensitive information. 

Federal system integrators have an opportunity and, in some cases, a responsibility to help government agencies enhance data security with our guide to protecting data and implementing Zero Trust in Salesforce. Contact me if you want to learn more about delivering Security Risk Assessments fueled by Own FedRAMP® authorized solutions.

Get Started

Submit your details and we will contact you shortly to schedule a custom 25-minute demo.

Book a Demo
Get Started

Submit your details and we will contact you shortly to schedule a custom 25-minute demo.

Book a Demo
own salesforce logo
Eoghan Casey
Field CTO | Field Technology Strategist, Own from Salesforce

Eoghan Casey is Vice President of Cybersecurity Strategy & Product Development at Own, creating innovative solutions for SaaS data protection and security analytics. He has 25+ years of technical leadership experience in private and public sector organizations, and is an internationally recognized expert in cyber risk mitigation and digital forensic investigation. He is on the Board of DFRWS.org and has a PhD in Computer Science from University College Dublin.

Government
Government
Government
Backup and Recovery
SaaS Data Protection
FedRAMP

Get started

Share your details and we’ll contact you shortly to schedule a custom 25-minute demo.

Schedule a Demo