Thales Blog

Encryption For SaaS – Salesforce Sets A High Bar

July 16, 2015

Salesforce sets a high barEarlier this week, Salesforce announced Salesforce Shield, a new set of services available to their customers that includes a strong set of data security features targeted directly at the needs of their enterprise customers.  Include capabilities for auditing, encryption, access controls, event monitoring and data archiving.

The most interesting to me are the new capabilities add for protecting data at rest – for customers who either have a specific compliance requirement, or a real need to more deeply protect data because of prevalence of data breaches and cyberattacks.  As recent breaches at Sony and the US OPM have shown, not keeping sensitive data private can have far ranging consequences to organizations.  And Salesforce has thousands of customers that have these needs. What they’ve done is made available a strong, well thought out encryption and access control capability built into their applications that enables enterprises to meet these needs, without the sacrifice of functionality that previous third party gateways and applications required in the past.

ClickToTweet: A new high bar high bar for #Encryption and #SaaS from @Salesforce

This is a game changer.  It sets a very high expectation bar that enterprises are going to be requiring as a capability from all of their SaaS vendors.  To meet this need, SaaS providers have very basic choices that every enterprise has had to make since the dawn of IT – Build?  Buy? Or Partner?

In this case, do you (as a SaaS provider):

  1. Create a team that develops and maintains your own unique solution – Creating and managing encryption libraries, roadmaps, key management, certifications, supporting infrastructure, personnel and more (This is what Salesforce has done)
  2. Or, do you leverage third party solutions to provide as much of this as possible, and integrate that solution into your environment.  Letting the vendor or partner worry about the complexity of the encryption pieces, while your development organization worries about simply integrating another capability into the environment

It’s an interesting question.  For Salesforce we already clearly know the answer – as one of, if not the, largest scale SaaS provider on the planet, they clearly have the resources to tilt the decision in the “Buy” and “Build” direction.  On the “buy” decision, remember when Salesforce announced the purchase of Navajo Systems in 2011? 451 reported that Salesforce ended up killing that project due to technical problems. “Build” decisions work best for very large scale, custom infrastructures with well understood software and hardware sets. In these cases the investment almost always favors “build”.  In this case Salesforce has hired or “grown” the expertise, and made the systematic, deep investments needed to put this capability into their SaaS offering.  As a result of their size, it’s cheaper to make these investments then to work with a partner or vendor to protect the tens of thousands of VMs and data storage environments that underlies their application.

But as we all know, every world changing new SaaS solution has to start somewhere – and that will mean smaller resource sets and a need to leverage third party know-how and solutions for smaller SaaS environments.  Markets sizes or fragmentation for some SaaS applications will also limit their maximum available market, and the size of their implementations as well – in these cases – “Partner” is the right decision.

In the case where you as a SaaS provider would like to partner, Vormetric can help.

At Vormetric, we’re already helping organizations with solutions for Infrastructure/Managed Hosting as a Service (IaaS/Managed Hosting), Platform as a Service (PaaS) and SaaS to offer these same capabilities.  On the IaaS side, look at Rackspace, who is a member of the Vormetric Cloud Partner Program – they make available to their customers our system level, file/folder encryption and access control capabilities to organizations that need extended data security capabilities.

Vormetric makes available all the capabilities, APIs, interfaces and infrastructure that SaaS providers need to build field, file and folder level encryption and access controls (as well as data access reporting) into their applications without having to fund a whole new department to create, update, manage and control these solutions.  We have a team that can make your implementation go smoothly, and the partner and business models that are designed to work in “pay as you go” environments.

It’s a great way for SaaS providers to meet these new expectations, expand their offerings, and fully realize enterprise business. Ready to get started? We’re ready to roll and can be contacted at for all your SaaS encryption and key management needs.

Defending your data in the cloud with Vormetric?  Have a different perspective on this Salesforce announcement?  Let us know if you have any feedback.  I can be reached at or twitter @cjrad.