Glass Class - Locking Down Salesforce


Glass Class - Locking Down Salesforce

Video Transcript

Hey, guys. This is Mike from Product Management, and I wanted to talk a little bit about protecting data inside of the cloud from a structured data perspective. So, I have a cloud application, the most common one that people typically talk about is Salesforce, and I have things like records inside of Salesforce, and there's all kinds of different tables and all kinds of different representations for various things. If you think about a contact object, for example, in Salesforce, it has a number of fields. You can create custom objects, custom fields, and things like that. Inside this environment, you may want to protect that data. There could be really sensitive fields you put inside of these records, custom, created, or just in general. Sometimes, people will want to encrypt the data by maintaining their own keys while still being able to support searching and sorting.

Bitglass has a patented solution for this that actually supports connection to your own HSMs or KMS integrations and sits between users and the data. There's a number of different ways that data can be put into Salesforce that we support from an integration perspective to encrypt the data on the fly. One is data that already exists in SalesForce – here, we use APIs to connect to data that might already exist and then actually encrypt it. We encrypt it using your own keys and then we build a search index that you can maintain here either on premises or in your own instance of AWS. We support, here, searching and sorting.

What this basically does is it can encrypt data on the fly, it can also encrypt with on-premises systems you might have. Let's say you have a server over here that does some analysis, some ETL type job that does extract, transform, and loading of data. It can pull data out through Bitglass, run reports, change it, augment it, and upload it back into Salesforce kind of on the fly here. What we've actually done from a technology perspective is, we've taken the technology that we built for Salesforce here and we actually extended this to support any application. While we can integrate with Salesforce on the fly, it's kind of a turnkey solution, and you get this capability, we've started porting over the solution to custom applications which you may have developed. We also have an SDK as well that you can roll out for your own custom apps to encrypt data in structured databases if you like.

We support the ability to control the security level of the data. You can do different types of policies like only decrypt data for a finance person that's accessing a particular record but not for someone else that's maybe coming from an off-premises location or is in a different group. We can also support, generically, APIs so it's not just these ETL jobs that are tied to Salesforce. It could be tied to things like XML or JSON type data and then we've also taken the four learning capabilities that we've built for Salesforce as well and extended those to other applications. We're working on things with companies that do things like ServiceNow, things like Marketo, actual custom integrations that people are building for their own application usage, as well, and, basically, all of this is possible because we took the knowledge of what we developed initially for one application and then extended it in our platform across many.

Now, instead of just a point solution for one of the top ten apps, being Salesforce here, you can extend this to all kinds of different apps and a lot of people are very interested in doing that today because they get to maintain the keys, maintain control of their data, without having the individual company control it. If you pay Salesforce to do encryption for you, then when they connect to some other application in the cloud, they want to be open, so they'll take the data and send it to other apps in the decrypted form. You may not want that. You probably want control over that data. So instead, by bringing an outside solution like Bitglass, you're able to control the data always and for any app. Thank you.