Salesforce Shield Archives - gettectonic.com
SaaS Data Protection from Own

Salesforce Integrates Own Co. Capabilities

Salesforce Integrates Own Co. Capabilities to Strengthen Data Resilience, Security, and AI Readiness Salesforce has fully integrated Own Co.’s data backup, recovery, and security solutions into its platform, equipping partners and customers with enhanced tools for data resilience, compliance, and security—critical foundations as businesses adopt AI-driven solutions. Marla Hay, Vice President of Product Management for Security, Privacy, and Data Management at Salesforce, emphasized in an interview with CRN that these new capabilities are essential as partners guide customers through AI adoption. “Before launching any major AI initiative, ensuring robust data backup and hygiene is critical,” Hay said. “With AI and autonomous agents, the quality of insights depends entirely on the integrity of your data. These new tools help businesses minimize risk while maximizing AI’s potential.” Key Enhancements for AI and Security The integration empowers solution providers to: “Clean, well-managed data isn’t just about compliance—it accelerates operations, enhances customer experiences, and ensures accuracy,” Hay added. Salesforce announced its acquisition of Own Co. in September 2023, bringing over 7,000 customers into its ecosystem. The newly integrated features include: 1. Secure Data Masking & Sandbox Testing 2. Enhanced Monitoring & Threat Detection 3. Robust Backup & Recovery 4. AI-Ready Data Insights with Salesforce Discover 5. Cost-Efficient Data Archiving Why This Matters for AI Adoption As businesses increasingly rely on AI agents and predictive analytics, ensuring data integrity, security, and recoverability is non-negotiable. Salesforce’s integration of Own Co.’s capabilities provides a low-risk pathway to cleaner, more resilient data—ultimately leading to: For partners and customers, these enhancements mean smoother AI deployments, reduced risk, and better business outcomes. Interested in leveraging these new capabilities? Contact Tectonic today. Like Related Posts Salesforce OEM AppExchange Expanding its reach beyond CRM, Salesforce.com has launched a new service called AppExchange OEM Edition, aimed at non-CRM service providers. Read more The Salesforce Story In Marc Benioff’s own words How did salesforce.com grow from a start up in a rented apartment into the world’s Read more Salesforce Jigsaw Salesforce.com, a prominent figure in cloud computing, has finalized a deal to acquire Jigsaw, a wiki-style business contact database, for Read more Service Cloud with AI-Driven Intelligence Salesforce Enhances Service Cloud with AI-Driven Intelligence Engine Data science and analytics are rapidly becoming standard features in enterprise applications, Read more

Read More

Secure AI Innovation for CIOs

Secure AI Innovation for CIOs: Balancing Speed & Stability CIOs No Longer Choose Between Innovation and Security The role of the CIO has transformed. Once focused on maintaining infrastructure, today’s IT leaders are drivers of innovation—especially with AI reshaping business. But with great opportunity comes great responsibility: ✅ How do we innovate quickly without compromising security?✅ How do we protect customer data in an AI-driven world?✅ How do we optimize operations at scale? Salesforce Platform provides the secure, unified foundation CIOs need to lead AI adoption while maintaining governance. 3 Key Challenges for Modern CIOs 1. Innovate Fast—But With Guardrails AI’s potential is limitless, but implementation must be strategic: Salesforce Solution: 2. Protect Data to Build Trust AI runs on data—but unsecured data is a liability. CIOs must: Salesforce Solution: 3. Optimize Operations at Scale With 900+ SaaS apps per enterprise, visibility is critical. AI can: Salesforce Solution: Announcing: Enhanced Data Protection with Own Salesforce Platform now integrates Own Company—a leader in data management trusted by 7,000+ customers. New capabilities include: Product Key Benefit Backup & Recover Automated, scalable data restoration Salesforce Discover Feed clean data to BI tools—no prep needed Archive Store inactive data without bloating production Data Mask & Seed Anonymize sensitive data for safe testing The CIO’s AI Playbook With Salesforce Platform, you don’t choose between innovation and stability—you get both. Like Related Posts Salesforce OEM AppExchange Expanding its reach beyond CRM, Salesforce.com has launched a new service called AppExchange OEM Edition, aimed at non-CRM service providers. Read more The Salesforce Story In Marc Benioff’s own words How did salesforce.com grow from a start up in a rented apartment into the world’s Read more Salesforce Jigsaw Salesforce.com, a prominent figure in cloud computing, has finalized a deal to acquire Jigsaw, a wiki-style business contact database, for Read more Service Cloud with AI-Driven Intelligence Salesforce Enhances Service Cloud with AI-Driven Intelligence Engine Data science and analytics are rapidly becoming standard features in enterprise applications, Read more

Read More
Salesforce Managed Services

Key Signs Your Business Needs a Salesforce Support & Maintenance Partner

Salesforce is a powerful CRM platform, but simply implementing it doesn’t guarantee success. To maximize ROI, businesses need continuous optimization, expert guidance, and proactive maintenance—something an in-house team may struggle to provide alone. Discover the key signs your business needs a Salesforce support and maintenance partner. Many companies invest in Salesforce expecting high returns but end up facing: These challenges turn Salesforce into a cost center rather than a revenue-driving platform. If you’re noticing these issues, it’s time to consider a Salesforce support and maintenance partner. This insight explores the critical warning signs and how a managed services provider can help. What Is a Salesforce Support & Maintenance Partner? A Salesforce support and maintenance partner is a specialized provider that manages, optimizes, and secures your Salesforce org. They provide you: ✔ Proactive Monitoring – 24/7 performance checks to prevent downtime, security breaches, and data decay.✔ Expert Guidance – Certified professionals resolve feature stagnation (unused automation/AI tools) and boost user adoption.✔ Strategic Roadmaps – Align Salesforce with business goals for long-term success.✔ Elimination of Technical Debt – Reduce technology noise slowing down your org. Why Are They Crucial? ✅ Cost Efficiency – Avoid hiring full-time specialists.✅ Risk Mitigation – Ensure compliance, security, and data integrity.✅ ROI Maximization – Unlock advanced features and improve team efficiency. A trusted partner like Tectonic identifies warning signs early, preventing short- and long-term inefficiencies. 9 Key Signs You Need a Salesforce Support & Maintenance Partner 1. Declining User Adoption The Problem: Employees avoid Salesforce due to poor training, complex workflows, or inefficient processes.Why It Matters: Low adoption wastes your CRM investment. (Only 36% of agents upsell due to lack of training—Salesforce State of Service Report.)The Solution: 2. Security & Compliance Risks The Problem: Unclear GDPR/HIPAA compliance, outdated security settings, or unauthorized access attempts.Why It Matters: Data breaches lead to fines, legal risks, and lost trust. (Non-compliance costs $14.8M on average—Globalscape.)The Solution: 3. Rising Ticket Backlogs The Problem: IT teams are overwhelmed with unresolved requests, slowing operations.Why It Matters: Delays hurt sales cycles, employee morale, and customer satisfaction.The Solution: 4. Underutilized Salesforce Features The Problem: Only basic functions (leads/contacts) are used—AI, automation, and analytics are ignored.Why It Matters: Manual processes slow growth. (Only 49% of service orgs use AI—Salesforce.)The Solution: 5. Poor Data Quality & Duplicates The Problem: Duplicate leads, missing fields, and inaccurate reports lead to bad decisions.Why It Matters: Poor data costs $12.9M annually (Gartner).The Solution: 6. Increasing Downtime The Problem: Frequent crashes, slow reports, or integration failures.Why It Matters: Downtime = lost sales & productivity. (Meta lost $100M in 2 hours in 2024.)The Solution: 7. Lack of Strategic Roadmap The Problem: No clear upgrade plan, leading to disorganized workflows.Why It Matters: 30-70% of CRM projects fail due to poor planning.The Solution: 8. Unstable Customizations The Problem: Apex triggers, Flows, or Lightning components break after updates.Why It Matters: Patchwork fixes increase technical debt & admin workload.The Solution: 9. Slow Salesforce Performance The Problem: Reports load slowly, or users face “Service Unavailable” errors.Why It Matters: A 100ms delay can hurt conversions by 7% (Akamai).The Solution: Conclusion If you’re experiencing any of these issues, your Salesforce org needs expert care. A managed services partner like Tectonic helps:✔ Reduce downtime✔ Improve performance✔ Boost user adoption✔ Enhance security & compliance With 24/7 proactive support, strategic roadmaps, and advanced feature utilization, Tectonic ensures your Salesforce investment drives revenue—not costs. Need help optimizing Salesforce? Contact Tectonic today for a free assessment. Like1 Related Posts Salesforce OEM AppExchange Expanding its reach beyond CRM, Salesforce.com has launched a new service called AppExchange OEM Edition, aimed at non-CRM service providers. Read more The Salesforce Story In Marc Benioff’s own words How did salesforce.com grow from a start up in a rented apartment into the world’s Read more Salesforce Jigsaw Salesforce.com, a prominent figure in cloud computing, has finalized a deal to acquire Jigsaw, a wiki-style business contact database, for Read more Service Cloud with AI-Driven Intelligence Salesforce Enhances Service Cloud with AI-Driven Intelligence Engine Data science and analytics are rapidly becoming standard features in enterprise applications, Read more

Read More
HIPAA

Salesforce HIPAA Compliance

Compliance plays a critical role in managing sensitive information, especially under regulations like the Health Insurance Portability and Accountability Act (HIPAA). Salesforce HIPAA Compliance. Enacted in 1996, HIPAA establishes national standards for safeguarding sensitive health information. Organizations and individuals who store, manage, or transmit healthcare data are subject to these regulations, which prioritize the confidentiality, integrity, and availability of patient information. While Salesforce provides tools to support HIPAA compliance, the responsibility for ensuring compliance ultimately lies with the data-processing organization or individual—not solely the platform itself. This insight explores Salesforce’s role in HIPAA compliance, key features for safeguarding electronic Protected Health Information (ePHI), and best practices for adhering to regulatory requirements. Understanding HIPAA Salesforce’s flexibility as a CRM platform allows it to serve industries that require HIPAA compliance, particularly healthcare and life sciences. At its core, HIPAA protects Protected Health Information (PHI)—any patient-identifiable information in medical records. PHI extends beyond traditional medical data to include names, addresses, birth dates, Social Security numbers, and more. When PHI is managed or transmitted electronically, it’s classified as electronic Protected Health Information (ePHI), which is subject to additional safeguards. Entities Covered by HIPAA HIPAA applies to several types of entities: While Salesforce is classified as a Business Associate, organizations using the platform remain responsible for adhering to HIPAA’s security requirements. Salesforce and the Business Associate Agreement (BAA) As a Business Associate, Salesforce must enter into a Business Associate Agreement (BAA) with healthcare organizations and other Covered Entities to define responsibilities and security measures for handling ePHI. The BAA outlines the Salesforce features and services eligible for HIPAA compliance. Notably: Without a signed BAA, organizations face significant penalties for HIPAA violations, even in the absence of a data breach. HIPAA-Compliant Salesforce Solutions Salesforce offers various solutions and features to support HIPAA compliance. These are categorized into platform security measures and specific compliant services: Key Security Features HIPAA-Compliant Services It’s important to note that not all Salesforce features are HIPAA-compliant, and proper configuration is critical to ensure compliance. Restrictions and Challenges While Salesforce offers robust security tools, some limitations and risks exist: Additionally, some Salesforce services, like certain social or mobile features in Health Cloud, are not compliant by default and require explicit mention in the BAA to be used with ePHI. Best Practices for HIPAA Compliance To maximize HIPAA compliance with Salesforce, organizations should: HIPAA Compliance Checklist Here’s a concise checklist to guide your HIPAA compliance efforts: Leveraging Third-Party Tools Solutions like GRAX can enhance HIPAA compliance in Salesforce by adding capabilities such as data backup, archiving, and recovery. GRAX’s security features include: However, integrating third-party solutions requires careful vetting to avoid compliance risks. Salesforce HIPAA Compliance Salesforce is a powerful tool for healthcare organizations, but achieving HIPAA compliance requires understanding its capabilities and limitations. A well-configured Salesforce environment, combined with diligent user management and third-party tools, can help organizations meet regulatory requirements while safeguarding patient data. By embracing best practices and staying informed about shared responsibilities, organizations can ensure HIPAA compliance, avoid penalties, and build trust with patients and stakeholders. Like Related Posts Salesforce OEM AppExchange Expanding its reach beyond CRM, Salesforce.com has launched a new service called AppExchange OEM Edition, aimed at non-CRM service providers. Read more The Salesforce Story In Marc Benioff’s own words How did salesforce.com grow from a start up in a rented apartment into the world’s Read more Salesforce Jigsaw Salesforce.com, a prominent figure in cloud computing, has finalized a deal to acquire Jigsaw, a wiki-style business contact database, for Read more Service Cloud with AI-Driven Intelligence Salesforce Enhances Service Cloud with AI-Driven Intelligence Engine Data science and analytics are rapidly becoming standard features in enterprise applications, Read more

Read More
salesforce government digital transformation

Salesforce Drives Digital Transformation in Governmental Agencies

How Salesforce Drives Digital Transformation in Governmental Agencies in 2025 In the evolving digital age, government agencies face an increasing demand to modernize their services, improve citizen engagement, and deliver seamless digital experiences. These organizations require transformational technologies that not only streamline internal operations but also adopt a citizen-first approach. Salesforce emerges as a key enabler of this transformation, empowering government agencies with tools to build unified, transparent platforms while fostering efficiency and enhancing citizen interaction. Leveraging Salesforce Commerce Cloud and Salesforce CRM, agencies can overcome common challenges and embrace a more digitally enabled public sector. Let’s explore the pressing challenges government agencies face and how Salesforce provides practical, scalable solutions to address them. 1. Citizen Engagement and Accessibility: Bridging the Digital Divide Challenge: Citizens now expect government services to be as user-friendly and accessible as private-sector experiences. Lengthy response times, disconnected platforms, and inconsistent experiences across digital and physical touchpoints erode trust and hinder accessibility. Solution: 2. Data Security and Compliance: Safeguarding Citizen Trust Challenge: Handling sensitive citizen data requires robust security and strict compliance with regulations like GDPR, CCPA, and other local data privacy laws. Solution: 3. Legacy Systems and Integration: Modernizing Infrastructure Challenge: Legacy systems often limit agility, making it difficult to integrate new technologies and slowing the pace of digital transformation. Solution: 4. Budget Constraints: Implementing Cost-Effective Solutions Challenge: Budget limitations often hinder the adoption of new technologies, especially those requiring significant upfront investment. Solution: 5. Efficient Service Delivery: Streamlining Workflows Challenge: Paper-heavy, bureaucratic processes delay service delivery and frustrate both staff and citizens. Solution: 6. Data-Driven Decision-Making: Analytics for Informed Policies Challenge: Generating actionable insights from vast amounts of data is challenging, affecting policymaking and government efficiency. Solution: 7. Enhancing Collaboration: A Unified Workforce Challenge: Siloed departments hinder collaboration and reduce overall productivity, making it difficult to provide cohesive citizen services. Solution: 8. Real-Time Responsiveness: Meeting Citizen Expectations Challenge: Citizens expect real-time support and proactive communication from government agencies. Delays lead to frustration and diminished trust. Solution: Transforming Government Services with Salesforce Salesforce Commerce Cloud and Salesforce CRM are tailored to address public sector challenges in 2025. By leveraging these tools, government agencies can: Salesforce offers a clear path to a digitally empowered future, enabling government agencies to meet today’s demands while laying the foundation for innovation. Ready to Transform?If your agency is ready to embrace digital transformation, streamline operations, and enhance citizen services, Salesforce can help you get there. Let’s discuss how Salesforce solutions, supported by expert implementation, can drive meaningful change for your organization and your citizens. Like1 Related Posts Salesforce OEM AppExchange Expanding its reach beyond CRM, Salesforce.com has launched a new service called AppExchange OEM Edition, aimed at non-CRM service providers. Read more The Salesforce Story In Marc Benioff’s own words How did salesforce.com grow from a start up in a rented apartment into the world’s Read more Salesforce Jigsaw Salesforce.com, a prominent figure in cloud computing, has finalized a deal to acquire Jigsaw, a wiki-style business contact database, for Read more Service Cloud with AI-Driven Intelligence Salesforce Enhances Service Cloud with AI-Driven Intelligence Engine Data science and analytics are rapidly becoming standard features in enterprise applications, Read more

Read More
Cybersecurity

Cybersecurity Regulations for Hospitals

Beyond the 72-hour reporting requirement, which took effect on October 2, 2024, hospitals must implement key cybersecurity measures, such as multifactor authentication and a robust incident response plan, by October 2025. These regulations currently apply only to general hospitals, excluding other healthcare facilities like nursing homes and diagnostic centers.

Read More
Salesforce Success Story

Case Study: Children’s Hospital Use Cases

In need of help to implement requisite configuration updates to establish a usable data model for data segmentation that supports best practices utilization of Marketing Cloud features including Contact Builder, Email Studio and Journey Builder.

Read More
Data Governance for the AI Enterprise

Data Governance for the AI Enterprise

Salesforce Introduces Data Governance for the AI Enterprise Salesforce this month unveiled Data Governance for the AI Enterprise, a comprehensive suite of tools designed to help IT teams navigate the growing regulatory landscape surrounding generative AI. Why it matters: As governments worldwide work to implement stricter rules governing the use of AI, like the EU’s AI Act, data governance has become a top priority for businesses. According to Salesforce research, ensuring robust data security and governance is now the leading concern for Chief Data Officers. Cloud Data Security & Privacy SolutionsExplore the new suite: How Salesforce’s Data Governance for the AI Enterprise Can Help: Salesforce’s latest solution is designed to help companies proactively address both current and future regulations. Built on the Salesforce platform and integrated with Data Cloud, the suite offers advanced data management, enhanced security, and privacy features: Salesforce’s perspective:“Data governance is a top priority for every organization deploying AI, especially given the complexity of the regulatory landscape,” said Alice Steinglass, EVP and GM for Salesforce Platform. “Our Data Governance for the AI Enterprise suite equips businesses to tackle these challenges.” Customer success story:“Data encryption is essential to our data governance strategy,” said James Ferguson, Principal Security Architect at AWS. “With Salesforce’s flexible encryption solutions, we can maintain top-tier security while delivering innovative customer experiences.” Availability: For Data Cloud users: Like Related Posts Salesforce OEM AppExchange Expanding its reach beyond CRM, Salesforce.com has launched a new service called AppExchange OEM Edition, aimed at non-CRM service providers. Read more The Salesforce Story In Marc Benioff’s own words How did salesforce.com grow from a start up in a rented apartment into the world’s Read more Salesforce Jigsaw Salesforce.com, a prominent figure in cloud computing, has finalized a deal to acquire Jigsaw, a wiki-style business contact database, for Read more Service Cloud with AI-Driven Intelligence Salesforce Enhances Service Cloud with AI-Driven Intelligence Engine Data science and analytics are rapidly becoming standard features in enterprise applications, Read more

Read More
Liberty Bank and Salesforce

Liberty Bank and Salesforce

Liberty Bank, based in Middletown, Connecticut, announced on September 5th an expanded partnership with Salesforce, the world’s leading AI-powered CRM platform, to enhance its customer engagement efforts. Liberty Bank and Salesforce. By integrating Salesforce’s Financial Services Cloud, Marketing Cloud, MuleSoft, and Salesforce Shield, Liberty Bank aims to deliver more personalized, efficient, and enriched services. This strategic investment will further position Liberty Bank as a leader in customer satisfaction and loyalty within the community banking sector. “We set out to find a strategic partner that truly understands the unique nature of banking and puts the customer first,” said David W. Glidden, Liberty Bank President and CEO. “As we continue our mission to ‘Build the Community Bank of the Future,’ having the best partners is crucial to elevating our customer experience. With Salesforce’s innovative CRM solutions, we’re investing in the future to meet the evolving needs of our customers, team members, and communities, and to exceed their expectations.” Salesforce’s platform will enable Liberty Bank to streamline operations and gain deeper insights into customers’ financial journeys, ensuring a seamless and personalized banking experience. The Financial Services Cloud offers tools specifically tailored to the banking industry, allowing for faster time-to-value. Set to roll out next year, this transformation will allow Liberty Bank to prioritize customer financial goals while maintaining a high level of service and support. “Banks of all sizes are under pressure to innovate and deliver more personalized experiences. By leveraging CRM, data, and AI, Liberty Bank will gain a comprehensive view of its customers, enabling its teams to build stronger relationships and improve overall productivity.”Greg Jacobi, VP & GM of Banking and Lending at Salesforce. About Liberty Bank Founded in 1825, Liberty Bank is the nation’s oldest and largest independent mutual bank. With nearly $8 billion in assets, Liberty operates 56 branches across Connecticut and two in Massachusetts. It provides a full range of services, including consumer and commercial banking, cash management, home mortgages, business loans, insurance, and investment services. The bank has been named a ‘Top Workplace’ by the Hartford Courant every year since 2012 and recognized as a Best-In-State Bank in Connecticut by Forbes in 2021, 2022, and 2023. For more information, visit www.liberty-bank.com. Liberty Bank and Salesforce. Interested in discussing Salesforce for your financial institution? Contact Tectonic today. Like Related Posts Salesforce OEM AppExchange Expanding its reach beyond CRM, Salesforce.com has launched a new service called AppExchange OEM Edition, aimed at non-CRM service providers. Read more The Salesforce Story In Marc Benioff’s own words How did salesforce.com grow from a start up in a rented apartment into the world’s Read more Salesforce Jigsaw Salesforce.com, a prominent figure in cloud computing, has finalized a deal to acquire Jigsaw, a wiki-style business contact database, for Read more Service Cloud with AI-Driven Intelligence Salesforce Enhances Service Cloud with AI-Driven Intelligence Engine Data science and analytics are rapidly becoming standard features in enterprise applications, Read more

Read More
Adopting Salesforce Security Policies

Adopting Salesforce Security Policies

Data breaches reached an all-time high in 2023, affecting more than 234 million individuals, and there’s no sign of the trend slowing down. At the center of this challenge is how organizations allocate resources to safeguard customer data. One of the most critical systems for managing this data is CRM platforms like Salesforce, used by over 150,000 U.S. businesses. However, security blind spots within Salesforce continue to pose significant risks. To address these concerns, the National Institute of Standards and Technology (NIST) offers a strategic framework for Salesforce security teams. In February 2024, NIST released Version 2.0 of its Cybersecurity Framework (CSF), marking the first major update in a decade. Key improvements include the introduction of a new “Govern” function, streamlining of categories to simplify usability, and updates to the “Respond” function to enhance incident management. This framework now applies across all industries, not just critical infrastructure. For Salesforce security leaders, these changes will significantly affect how they manage security, from aligning Salesforce practices with enterprise risk strategies to strengthening oversight of third-party apps. Here’s how these updates will influence Salesforce security going forward. What is the NIST Cybersecurity Framework 2.0? The NIST Cybersecurity Framework, first launched in 2014, was developed after an executive order by President Obama, aiming to provide a standardized set of guidelines to improve cybersecurity across critical infrastructure. The framework’s objectives include: The newly updated NIST CSF 2.0, released in 2024, expands on the original framework, providing organizations with structured, yet flexible, guidance for managing cybersecurity risks. It revolves around three core components: the CSF Core, CSF Profiles, and CSF Tiers. Key Components of NIST Cybersecurity Framework 2.0 These components help organizations understand, assess, and improve their cybersecurity posture, forming the basis for risk-informed strategies that align with organizational needs and the evolving threat landscape. Key Updates in the NIST Cybersecurity Framework 2.0 and Their Impact on Salesforce Security The 2024 updates to NIST CSF offer insights that Salesforce security leaders can use to align their strategies with evolving cybersecurity risks. Implementation Strategies for Salesforce Security Leaders To incorporate CSF 2.0 into Salesforce security operations, leaders should: Conclusion: Embracing NIST CSF 2.0 to Strengthen Salesforce Security The 2024 NIST Cybersecurity Framework updates offer crucial insights for Salesforce security leaders. By adopting these practices, organizations can enhance data protection, strengthen incident response capabilities, and ensure business continuity—critical for those relying on Salesforce for managing sensitive customer data. Like Related Posts Salesforce OEM AppExchange Expanding its reach beyond CRM, Salesforce.com has launched a new service called AppExchange OEM Edition, aimed at non-CRM service providers. Read more The Salesforce Story In Marc Benioff’s own words How did salesforce.com grow from a start up in a rented apartment into the world’s Read more Salesforce Jigsaw Salesforce.com, a prominent figure in cloud computing, has finalized a deal to acquire Jigsaw, a wiki-style business contact database, for Read more Service Cloud with AI-Driven Intelligence Salesforce Enhances Service Cloud with AI-Driven Intelligence Engine Data science and analytics are rapidly becoming standard features in enterprise applications, Read more

Read More
Healthcare IT and CrowdStrike

Healthcare IT and CrowdStrike

Learning from the CrowdStrike Outage: Enhancing Resilience and Incident Response Overview: In the wake of the CrowdStrike outage, businesses around the globe are focusing on restoring business continuity and bolstering their resilience for future incidents. On Friday, July 19, 2024, a faulty content update triggered crashes across approximately 8.5 million Windows devices, displaying the infamous blue screen of death. This affected a range of sectors, including hospitals and airlines. Although less than 1% of all Windows machines were impacted, the outage caused significant disruptions, particularly in healthcare. For instance, Mass General Brigham hospitals and clinics canceled all non-urgent visits on the day of the outage. Other major healthcare providers, such as Memorial Sloan Kettering Cancer Center, Cleveland Clinic, and Mount Sinai, also faced operational challenges. This incident was not a result of a cyberattack but rather a defective content configuration update to CrowdStrike’s Falcon threat detection platform. According to the company’s preliminary post-incident review, a bug in the content validator allowed the faulty update to pass through validation despite containing errors. “What we’re hearing is that the recovery is well underway. Most healthcare organizations I’ve been talking to are back up and running,” said David Finn, Executive Vice President of Governance, Risk, and Compliance at First Health Advisory, in an interview with TechTarget Editorial. “The scope was much smaller than some of the other issues we’ve seen in the recent past in healthcare, but the response was healthy. Still, I think there are a lot of lessons learned.” Health IT security experts suggest that this incident can serve as a valuable learning opportunity for improving future response and recovery strategies. Planning for the Inevitable “The bad thing is always going to happen,” Finn stated, drawing on his 40 years of experience in health IT security and privacy. “The trick is to plan for it, be prepared, and ensure your ability to recover and remain resilient.” Whether it’s a large-scale cyberattack, like the one at Change Healthcare in February 2024, or a global IT outage without malicious origins, healthcare organizations of all sizes must be ready to respond to a variety of incidents that could disrupt critical systems. Finn emphasized the importance of proactive due diligence and thorough incident response planning, particularly in identifying and addressing single points of failure. Preparing for potential operational challenges in advance can make all the difference when an incident actually occurs. “We have to change the way we think about deploying this stuff,” Finn added. “Software, fortunately or not, is written by human beings, and human beings will always make mistakes. It’s our job to protect against those kinds of mistakes.” The Importance of Resilience Cyber-resilience is essential for enabling organizations to quickly recover and restore operations. By understanding that incidents like the CrowdStrike outage are bound to occur, organizations can focus on building resilience to effectively manage such events. Finn highlighted the need for resilience and redundancy in response to incidents like the CrowdStrike outage. “I still trust CrowdStrike, but that trust doesn’t mean they’re going to be perfect every time,” Finn noted. Healthcare organizations responded quickly to the incident, despite the disruptions it caused. For instance, Mass General Brigham activated its incident command to manage its response, keeping clinics and emergency departments open for urgent cases. By Monday, July 22, they had resumed scheduled appointments and procedures. According to Erik Weinick, co-head of the privacy and cybersecurity practice at New York-based law firm Otterbourg, the CrowdStrike incident underscores the need for organizations to reassess their legal and technical risk protocols. “Although initial reports indicate that the incident was an accident, not an attack, organizations should use this incident as motivation to conduct information audits, penetration testing, update system mapping and software, including security patches, and remind users about best security practices like multifactor authentication and frequently changing difficult-to-guess passwords,” Weinick said. Essentially, organizations can leverage incidents like the CrowdStrike outage to strengthen their risk management strategies and enhance their cyber-resilience. Third-Party Risk Management Challenges Even with strict security controls in place, organizations are still vulnerable to risks from third-party vendors. As the interconnectedness of healthcare systems grows, so does the potential for third-party risks. The global IT outage highlighted the importance of third-party risk management and the associated challenges. In 2023 and 2022, some of the largest healthcare data breaches were caused by third-party vendors. “People probably did a lot of risk analysis around CrowdStrike, but I’ll bet no one ever asked what tools they use to produce their software,” Finn speculated. “Until we get standards in place for software development and certifications for software sold to critical infrastructure sectors, we’re going to have to dig a little deeper.” In response to the incident, CrowdStrike announced plans to enhance its software resilience and testing processes, including adding more validation checks to its Content Validator for Rapid Response Content to prevent the deployment of faulty content. The company also plans to conduct multiple independent third-party security code reviews to prevent similar incidents in the future. “On the legal front, organizations should review their vendor agreements to understand their obligations regarding privacy and data security, who their partners are working with, and what limitations exist on liability for incidents like the CrowdStrike outage,” Weinick advised. He also recommended checking business disruption insurance coverage and conducting tabletop exercises to rehearse business continuity and recovery procedures in the event of a systems outage. Key Takeaways The CrowdStrike outage reinforced essential IT and security considerations for organizations worldwide, particularly in the areas of resilience, third-party risk management, and incident response and recovery. By learning from this event, organizations can better prepare for future challenges and improve their overall cyber-resilience. Like Related Posts Salesforce OEM AppExchange Expanding its reach beyond CRM, Salesforce.com has launched a new service called AppExchange OEM Edition, aimed at non-CRM service providers. Read more The Salesforce Story In Marc Benioff’s own words How did salesforce.com grow from a start up in a rented apartment into the world’s Read more Salesforce Jigsaw Salesforce.com, a prominent

Read More
What is Salesforce Health Cloud

Explore Salesforce Health Cloud

Empower Your Healthcare Team with Salesforce Health Cloud Equip your healthcare team with comprehensive 360-degree views that help connect and engage every patient, member, employee, and partner. Explore Salesforce Health Cloud Explore Health Cloud Understanding the capabilities of this platform is the first step to transforming your organization’s patient management. Let’s explore what Health Cloud offers to various types of healthcare organizations. Introducing Salesforce Health Cloud: A CRM Solution for Patient Management Over 600 companies, including industry leaders like Lilly, Pacific Clinics, United Healthcare, Progyny, Stanley Healthcare, and Humana, trust Salesforce Health Cloud for their patient management needs. As the healthcare industry rapidly evolves, effective patient information management is essential. This insight looks into Salesforce Health Cloud’s capabilities, features, integration options, and benefits, including its security architecture. What is Health Cloud? Salesforce Health Cloud is a cloud-based technology designed specifically for the healthcare industry. It centralizes patient information, giving healthcare professionals a complete view of patient records, enabling more effective treatments and better patient care. Key Capabilities of Salesforce Health Cloud Salesforce Health Cloud is a robust platform offering key capabilities such as: Salesforce in the Healthcare Industry Salesforce is increasingly popular among healthcare organizations for several reasons: Salesforce Health Platform Features Salesforce Health Cloud offers three main sets of features: Salesforce Health Cloud Architecture The architecture of Salesforce Health Cloud includes: Salesforce Health Cloud Security Salesforce Health Cloud is designed to securely manage healthcare data, featuring: Revolutionizing Healthcare Delivery with Salesforce Health Cloud Salesforce Health Cloud is designed for healthcare organizations to automate processes and provide personalized patient care. Since its launch in 2016, Health Cloud has evolved to address the complexities of the healthcare industry, including the introduction of Customer 360 for Health, an AI-driven healthcare solution. Why Choose Salesforce Health Cloud? Salesforce Health Cloud connects healthcare teams to ensure that patients receive the right care, supported by multi-layered security to protect sensitive patient data. It integrates clinical and non-clinical patient data, streamlining workflows and enhancing patient satisfaction. Top Features of Salesforce Health Cloud Key features include Patient 360, Care Plans, Care Coordination, Health Timeline, and Einstein Analytics for Healthcare, among others. Salesforce has also introduced AI-powered innovations under the Patient 360 for Health initiative, enhancing patient care and operational efficiency. Integration with MuleSoft Salesforce Health Cloud’s integration with MuleSoft allows organizations to connect with existing healthcare systems, ensuring accurate and up-to-date patient information, unlocking the full potential of their data, and improving decision-making. Conclusion Salesforce Health Cloud is more than just a platform—it’s a comprehensive solution for managing doctor-patient interactions, recordkeeping, and delivering personalized care. By leveraging Health Cloud, healthcare organizations can transform patient experiences, streamline processes, and ensure data security and compliance, positioning themselves for a brighter future in healthcare. Like Related Posts Salesforce OEM AppExchange Expanding its reach beyond CRM, Salesforce.com has launched a new service called AppExchange OEM Edition, aimed at non-CRM service providers. Read more The Salesforce Story In Marc Benioff’s own words How did salesforce.com grow from a start up in a rented apartment into the world’s Read more Salesforce Jigsaw Salesforce.com, a prominent figure in cloud computing, has finalized a deal to acquire Jigsaw, a wiki-style business contact database, for Read more Service Cloud with AI-Driven Intelligence Salesforce Enhances Service Cloud with AI-Driven Intelligence Engine Data science and analytics are rapidly becoming standard features in enterprise applications, Read more

Read More
Hubspot Hacked

Hubspot Hacked

HubSpot recently disclosed a “security incident” where unauthorized access was attempted on several customer accounts. HubSpot is an American software company that provides tools for inbound marketing, sales, and customer service. It was founded in 2006 by Brian Halligan and Dharmesh Shah, and is today best-known for its all-in-one growth platform that helps businesses attract visitors, convert leads, and close customers.. The CRM company detected the incident on June 22, though it was publicly acknowledged six days later by Alyssa Robinson, Chief Information Security Officer at HubSpot. HubSpot seems to have suffered a data breach, but claims to have everything in hand – for now. Robinson stated that the incident involved bad actors targeting a limited number of HubSpot customers, aiming to gain unauthorized access to their accounts. Upon detection, HubSpot promptly activated its incident response procedures and has since been in contact with affected customers, taking necessary steps to revoke unauthorized access and safeguard customer data. HubSpot Hacked With how the statement was worded, it would seem that the attackers, whoever they are, tried to break into the account – but not necessarily succeeded. Still, the company proceeded with the usual practice in case of a cyberattack: “HubSpot triggered our incident response procedures, and since June 22 we have been contacting impacted customers and taking necessary steps to revoke the unauthorized access and protect our customers and their data,” said Robinson. As of Friday, June 28, HubSpot has not disclosed any communication from the hacking group, nor has it specified the full scope of the incident or the exact number of impacted customers. Despite having over 100,000 paying customers and achieving significant financial milestones, such as breaking the billion annual recurring revenue (ARR) mark, HubSpot’s stock price remained stable amid the news, which surfaced through TechCrunch. Ironically, this incident follows HubSpot’s recent announcement of new data protection capabilities for its Smart CRM users. However, it underscores the ongoing challenges faced by major enterprise tech providers regarding cybersecurity. HubSpot says fewer than 50 customer accounts were victims of a breach in late June, all impacted customers were notified and all has been quiet since the initial incident. As of May 2024, HubSpot had more than 216,000 customers, so an incident that impacts fewer than 50 doesn’t seem like a big deal, unless of course you’re one of the accounts involved. What we know:  The company is not releasing many details about the incident other than the basic facts. The company said in a June 28 release that it detected a security incident on June 22, 2004, where bad actors were attempting to gain access to customer accounts without authorization. HubSpot’s detection of the breach triggered its incident response procedures and the company notified impacted accounts. On June 28 and again on July 1, 2024, the company reported no further signs of a problem. What’s not known at this time is whether the attack was targeting a specific group of HubSpot customers. Back in March 2022, fewer than 30 HubSpot customers were impacted by a data breach, but all of the impacted customers were in the cryptocurrency business. HubSpot joins a growing list of enterprise tech firms experiencing cybersecurity incidents. While recent arrests, such as that of the alleged ringleader behind attacks on Twilio, LastPass, and Mailchimp, offer some hope, cybersecurity threats continue to evolve with the proliferation of digital devices and AI accessibility. This trend poses new risks, including the misuse of AI technologies like deepfakes, as highlighted by concerns raised by organizations like OpenAI. As businesses expand their digital presence and adopt new technologies, they must remain vigilant against evolving cybersecurity threats to protect sensitive information and maintain customer trust. HubSpot is an American software company that provides tools for inbound marketing, sales, and customer service. It was founded in 2006 and is today best-known for its all-in-one growth platform that helps businesses attract visitors, convert leads, and close customers. Impact for Marketers As marketers, our martech stacks are heavily reliant on cloud-based SaaS applications (like HubSpot) and cloud-based data storage from vendors like Amazon’s AWS and Google Cloud. Even on-premise applications and data are a security risk. The applications running in the cloud and the data stored there are at arm’s length from your data security professionals. More than 80% of the data breaches recorded in 2023 involved data stored in the cloud, according to the Harvard Business Review. Big breaches impacting millions of consumers get a great deal of attention, like those that struck Sony or Target in years past. But smaller, targeted attacks can be devastating to the businesses that have their data exposed, though they fly under the radar of the national press. The number of reported data breaches increased 78% from 2022 to 2023. The cost of the average breach surpassed $4 million in 2023 and is up 15% since 2020. How secure is HubSpot? Is my data secure with HubSpot? All communications between a web client and HubSpot servers are protected using TLS (1.0, 1.1, 1.2) protocol encryption using 2048 bit keys. We also provide customers with the ability to enable Two-Phase Authentication (2FA) to prevent unauthorized use of their portals. Another July Hack One of the most significant data leaks in recent history is reported to have occurred on July 4. The leak, dubbed RockYou2024 by the original poster, “ObamaCare”, on a leading hacking forum, compiled 9,948,575,739 unique passwords into plain text. This means close to ten billion passwords were leaked. That said, the RockYou2024 is primarily a compilation of all previous password leaks and is built on a prior RockYou2021 compilation of 8.4 billion passwords. That means between RockYou2021 and RockYou2024, about 1.5 billion passwords were added to the list. Further, according to the hacker, at least a few of these passwords were cracked using RTX 4090, a tactic that was warned about earlier. According to Cybernews researchers, “In its essence, the RockYou2024 leak is a compilation of real-world passwords used by individuals all over the world. Revealing that many

Read More
  • 1
  • 2
gettectonic.com