SaaS Archives - gettectonic.com

12Aug

Everyone Is Implementing AI

AI is undoubtedly a generational change in software, with its full trajectory still unpredictable. There is a perceived divide between the “Haves” and “Have Nots.” Companies like OpenAI, Microsoft, and Databricks are seen as understanding AI’s potential, with Nvidia providing the necessary hardware support. Many hot start-ups are Gen AI native, continuing to attract unicorn valuations. Meanwhile, several SaaS leaders appear to be lagging behind. We say, Everyone Is Implementing AI. Marc Benioff stated in their latest quarterly call: “Now, we’re working with thousands of customers to power generative AI use cases with our Einstein Copilot, our prompt builder, our Einstein Studio, all of which went live in the first quarter. And we’ve closed hundreds of copilot deals since this incredible technology has gone GA. And in just the last few months, we’re seeing Einstein Copilot develop higher levels of capability. We are absolutely delighted and cannot be more excited about the success that we’re seeing with our customers with this great new capability.” Everyone Is Implementing AI However, it remains unclear whether simply adding AI to classic B2B SaaS products accelerates growth. Despite significant investments in AI, companies like Salesforce, Asana, and ZoomInfo are growing at less than 10% annually. The main point is that while “AI Washing” might impress some investors, AI must significantly accelerate revenue growth to achieve more than market parity. It is essential to see how AI can add real value and integrate it effectively. But AI alone may not be a growth accelerant. Everyone Is Implementing AI Recent data from Emergence Capital shows that 60% of VC-backed SaaS companies have already released GenAI features, with another 24% planning to do so. Achieving “AI Parity” is crucial, but simply adding GenAI features may not be disruptive in the B2B space. Companies must go further to stand out, despite the challenges. Like Related Posts Salesforce OEM AppExchange Expanding its reach beyond CRM, Salesforce.com has launched a new service called AppExchange OEM Edition, aimed at non-CRM service providers. Read more The Salesforce Story In Marc Benioff’s own words How did salesforce.com grow from a start up in a rented apartment into the world’s Read more Salesforce Jigsaw Salesforce.com, a prominent figure in cloud computing, has finalized a deal to acquire Jigsaw, a wiki-style business contact database, for Read more Service Cloud with AI-Driven Intelligence Salesforce Enhances Service Cloud with AI-Driven Intelligence Engine Data science and analytics are rapidly becoming standard features in enterprise applications, Read more

August 12, 2024in Generative AI

11Aug

Rubrick and Salesforce

According to Gartner®, by 2028, 75% of enterprises will view the backup of SaaS applications as a critical necessity, up from just 15% in 2024. Salesforce, a key CRM tool for many of the world’s largest organizations, plays a pivotal role in driving business operations and accelerating revenue growth. Given its central role as the single source of truth for many financial applications, Salesforce users must safeguard against costly downtime caused by accidental errors or cyber events, which can have a cascading impact on interconnected systems. To support these organizations, Rubrik is launching Salesforce Data Protection. Rubrik’s Data Protection Capabilities The new Salesforce Data Protection solution by Rubrik leverages robust security features from Rubrik Security Cloud—a unified platform that integrates data protection across SaaS, cloud, and on-premises environments. This advanced offering builds on Rubrik’s existing data protection solutions for SaaS tools like M365 and Jira. Key Features of Rubrik’s Salesforce Data Protection: Rubrik’s Salesforce Data Protection is now available on the AppExchange and will be showcased at Dreamforce 2024, scheduled for September 17-19 in San Francisco. Like Related Posts Salesforce OEM AppExchange Expanding its reach beyond CRM, Salesforce.com has launched a new service called AppExchange OEM Edition, aimed at non-CRM service providers. Read more The Salesforce Story In Marc Benioff’s own words How did salesforce.com grow from a start up in a rented apartment into the world’s Read more Salesforce Jigsaw Salesforce.com, a prominent figure in cloud computing, has finalized a deal to acquire Jigsaw, a wiki-style business contact database, for Read more Service Cloud with AI-Driven Intelligence Salesforce Enhances Service Cloud with AI-Driven Intelligence Engine Data science and analytics are rapidly becoming standard features in enterprise applications, Read more

August 11, 2024in Salesforce

22Jul

Einstein Code Generation and Amazon SageMaker

Salesforce and the Evolution of AI-Driven CRM Solutions Salesforce, Inc., headquartered in San Francisco, California, is a leading American cloud-based software company specializing in customer relationship management (CRM) software and applications. Their offerings include sales, customer service, marketing automation, e-commerce, analytics, and application development. Salesforce is at the forefront of integrating artificial general intelligence (AGI) into its services, enhancing its flagship SaaS CRM platform with predictive and generative AI capabilities and advanced automation features. Einstein Code Generation and Amazon SageMaker. Salesforce Einstein: Pioneering AI in Business Applications Salesforce Einstein represents a suite of AI technologies embedded within Salesforce’s Customer Success Platform, designed to enhance productivity and client engagement. With over 60 features available across different pricing tiers, Einstein’s capabilities are categorized into machine learning (ML), natural language processing (NLP), computer vision, and automatic speech recognition. These tools empower businesses to deliver personalized and predictive customer experiences across various functions, such as sales and customer service. Key components include out-of-the-box AI features like sales email generation in Sales Cloud and service replies in Service Cloud, along with tools like Copilot, Prompt, and Model Builder within Einstein 1 Studio for custom AI development. The Salesforce Einstein AI Platform Team: Enhancing AI Capabilities The Salesforce Einstein AI Platform team is responsible for the ongoing development and enhancement of Einstein’s AI applications. They focus on advancing large language models (LLMs) to support a wide range of business applications, aiming to provide cutting-edge NLP capabilities. By partnering with leading technology providers and leveraging open-source communities and cloud services like AWS, the team ensures Salesforce customers have access to the latest AI technologies. Optimizing LLM Performance with Amazon SageMaker In early 2023, the Einstein team sought a solution to host CodeGen, Salesforce’s in-house open-source LLM for code understanding and generation. CodeGen enables translation from natural language to programming languages like Python and is particularly tuned for the Apex programming language, integral to Salesforce’s CRM functionality. The team required a hosting solution that could handle a high volume of inference requests and multiple concurrent sessions while meeting strict throughput and latency requirements for their EinsteinGPT for Developers tool, which aids in code generation and review. After evaluating various hosting solutions, the team selected Amazon SageMaker for its robust GPU access, scalability, flexibility, and performance optimization features. SageMaker’s specialized deep learning containers (DLCs), including the Large Model Inference (LMI) containers, provided a comprehensive solution for efficient LLM hosting and deployment. Key features included advanced batching strategies, efficient request routing, and access to high-end GPUs, which significantly enhanced the model’s performance. Key Achievements and Learnings Einstein Code Generation and Amazon SageMaker The integration of SageMaker resulted in a dramatic improvement in the performance of the CodeGen model, boosting throughput by over 6,500% and reducing latency significantly. The use of SageMaker’s tools and resources enabled the team to optimize their models, streamline deployment, and effectively manage resource use, setting a benchmark for future projects. Conclusion and Future Directions Salesforce’s experience with SageMaker highlights the critical importance of leveraging advanced tools and strategies in AI model optimization. The successful collaboration underscores the need for continuous innovation and adaptation in AI technologies, ensuring that Salesforce remains at the cutting edge of CRM solutions. For those interested in deploying their LLMs on SageMaker, Salesforce’s experience serves as a valuable case study, demonstrating the platform’s capabilities in enhancing AI performance and scalability. To begin hosting your own LLMs on SageMaker, consider exploring their detailed guides and resources. Like Related Posts Salesforce OEM AppExchange Expanding its reach beyond CRM, Salesforce.com has launched a new service called AppExchange OEM Edition, aimed at non-CRM service providers. Read more The Salesforce Story In Marc Benioff’s own words How did salesforce.com grow from a start up in a rented apartment into the world’s Read more Salesforce Jigsaw Salesforce.com, a prominent figure in cloud computing, has finalized a deal to acquire Jigsaw, a wiki-style business contact database, for Read more Service Cloud with AI-Driven Intelligence Salesforce Enhances Service Cloud with AI-Driven Intelligence Engine Data science and analytics are rapidly becoming standard features in enterprise applications, Read more

July 22, 2024in Generative AI, Salesforce Einstein

11Jul

Data Protection Improvements from Next DLP

Insider risk and data protection company Next DLP has unveiled its new Secure Data Flow technology, designed to enhance data protection for customers. Integrated into the company’s Reveal Platform, Secure Data Flow monitors the origin, movement, and modification of data to provide comprehensive protection. Data Protection Improvements from Next DLP. This technology can secure critical business data flow from any SaaS application, including Salesforce, Workday, SAP, and GitHub, to prevent accidental data loss and malicious theft. “In modern IT environments, intellectual property often resides in SaaS applications and cloud data stores,” said John Stringer, head of product at Next DLP. “The challenge is that identifying high-impact data in these locations based on its content is difficult. Secure Data Flow, through Reveal, ensures that firms can confidently protect their most critical data assets, regardless of their location or application.” Next DLP argues that legacy data protection technologies are inadequate, relying on pattern matching, regular expressions, keywords, user-applied tags, and fingerprinting, which only cover a limited range of text-based data types. The company highlights that recent studies indicate employees download an average of 30 GB of data each month from SaaS applications to their endpoints, such as mobile phones, laptops, and desktops, emphasizing the need for advanced data protection measures. Secure Data Flow tracks data as it moves through both sanctioned and unsanctioned channels within an organization. By complementing traditional content and sensitivity classification-based approaches with origin-based data identification, manipulation detection, and data egress controls, it effectively prevents data theft and misuse. This approach results in an “all-encompassing, 100 percent effective, false-positive-free solution that simplifies the lives of security analysts,” claims Next DLP. “Secure Data Flow represents a novel approach to data protection and insider risk management,” said Ken Buckler, research director at Enterprise Management Associates. “It not only enhances detection and protection capabilities but also streamlines data management processes. This improves the accuracy of data sensitivity recognition and reduces endpoint content inspection costs in today’s diverse technological environments.” Like Related Posts Salesforce OEM AppExchange Expanding its reach beyond CRM, Salesforce.com has launched a new service called AppExchange OEM Edition, aimed at non-CRM service providers. Read more The Salesforce Story In Marc Benioff’s own words How did salesforce.com grow from a start up in a rented apartment into the world’s Read more Salesforce Jigsaw Salesforce.com, a prominent figure in cloud computing, has finalized a deal to acquire Jigsaw, a wiki-style business contact database, for Read more Service Cloud with AI-Driven Intelligence Salesforce Enhances Service Cloud with AI-Driven Intelligence Engine Data science and analytics are rapidly becoming standard features in enterprise applications, Read more

July 11, 2024in Generative AI, Salesforce Data Cloud, Salesforce Optimization

01Jul

Hubspot Hacked

HubSpot recently disclosed a “security incident” where unauthorized access was attempted on several customer accounts. HubSpot is an American software company that provides tools for inbound marketing, sales, and customer service. It was founded in 2006 by Brian Halligan and Dharmesh Shah, and is today best-known for its all-in-one growth platform that helps businesses attract visitors, convert leads, and close customers.. The CRM company detected the incident on June 22, though it was publicly acknowledged six days later by Alyssa Robinson, Chief Information Security Officer at HubSpot. HubSpot seems to have suffered a data breach, but claims to have everything in hand – for now. Robinson stated that the incident involved bad actors targeting a limited number of HubSpot customers, aiming to gain unauthorized access to their accounts. Upon detection, HubSpot promptly activated its incident response procedures and has since been in contact with affected customers, taking necessary steps to revoke unauthorized access and safeguard customer data. HubSpot Hacked With how the statement was worded, it would seem that the attackers, whoever they are, tried to break into the account – but not necessarily succeeded. Still, the company proceeded with the usual practice in case of a cyberattack: “HubSpot triggered our incident response procedures, and since June 22 we have been contacting impacted customers and taking necessary steps to revoke the unauthorized access and protect our customers and their data,” said Robinson. As of Friday, June 28, HubSpot has not disclosed any communication from the hacking group, nor has it specified the full scope of the incident or the exact number of impacted customers. Despite having over 100,000 paying customers and achieving significant financial milestones, such as breaking the billion annual recurring revenue (ARR) mark, HubSpot’s stock price remained stable amid the news, which surfaced through TechCrunch. Ironically, this incident follows HubSpot’s recent announcement of new data protection capabilities for its Smart CRM users. However, it underscores the ongoing challenges faced by major enterprise tech providers regarding cybersecurity. HubSpot says fewer than 50 customer accounts were victims of a breach in late June, all impacted customers were notified and all has been quiet since the initial incident. As of May 2024, HubSpot had more than 216,000 customers, so an incident that impacts fewer than 50 doesn’t seem like a big deal, unless of course you’re one of the accounts involved. What we know: The company is not releasing many details about the incident other than the basic facts. The company said in a June 28 release that it detected a security incident on June 22, 2004, where bad actors were attempting to gain access to customer accounts without authorization. HubSpot’s detection of the breach triggered its incident response procedures and the company notified impacted accounts. On June 28 and again on July 1, 2024, the company reported no further signs of a problem. What’s not known at this time is whether the attack was targeting a specific group of HubSpot customers. Back in March 2022, fewer than 30 HubSpot customers were impacted by a data breach, but all of the impacted customers were in the cryptocurrency business. HubSpot joins a growing list of enterprise tech firms experiencing cybersecurity incidents. While recent arrests, such as that of the alleged ringleader behind attacks on Twilio, LastPass, and Mailchimp, offer some hope, cybersecurity threats continue to evolve with the proliferation of digital devices and AI accessibility. This trend poses new risks, including the misuse of AI technologies like deepfakes, as highlighted by concerns raised by organizations like OpenAI. As businesses expand their digital presence and adopt new technologies, they must remain vigilant against evolving cybersecurity threats to protect sensitive information and maintain customer trust. HubSpot is an American software company that provides tools for inbound marketing, sales, and customer service. It was founded in 2006 and is today best-known for its all-in-one growth platform that helps businesses attract visitors, convert leads, and close customers. Impact for Marketers As marketers, our martech stacks are heavily reliant on cloud-based SaaS applications (like HubSpot) and cloud-based data storage from vendors like Amazon’s AWS and Google Cloud. Even on-premise applications and data are a security risk. The applications running in the cloud and the data stored there are at arm’s length from your data security professionals. More than 80% of the data breaches recorded in 2023 involved data stored in the cloud, according to the Harvard Business Review. Big breaches impacting millions of consumers get a great deal of attention, like those that struck Sony or Target in years past. But smaller, targeted attacks can be devastating to the businesses that have their data exposed, though they fly under the radar of the national press. The number of reported data breaches increased 78% from 2022 to 2023. The cost of the average breach surpassed $4 million in 2023 and is up 15% since 2020. How secure is HubSpot? Is my data secure with HubSpot? All communications between a web client and HubSpot servers are protected using TLS (1.0, 1.1, 1.2) protocol encryption using 2048 bit keys. We also provide customers with the ability to enable Two-Phase Authentication (2FA) to prevent unauthorized use of their portals. Another July Hack One of the most significant data leaks in recent history is reported to have occurred on July 4. The leak, dubbed RockYou2024 by the original poster, “ObamaCare”, on a leading hacking forum, compiled 9,948,575,739 unique passwords into plain text. This means close to ten billion passwords were leaked. That said, the RockYou2024 is primarily a compilation of all previous password leaks and is built on a prior RockYou2021 compilation of 8.4 billion passwords. That means between RockYou2021 and RockYou2024, about 1.5 billion passwords were added to the list. Further, according to the hacker, at least a few of these passwords were cracked using RTX 4090, a tactic that was warned about earlier. According to Cybernews researchers, “In its essence, the RockYou2024 leak is a compilation of real-world passwords used by individuals all over the world. Revealing that many

July 1, 2024in Salesforce Shield

27Jun

Stay Ahead of SaaS Threats

The modern kill chain is eluding enterprises because they are not adequately protecting the infrastructure of modern business: SaaS. Stay Ahead of SaaS Threats. SaaS continues to dominate software adoption, accounting for the greatest share of public cloud spending. However, enterprises and SMBs alike have not revised their security programs or adopted security tooling designed for SaaS environments. Security Teams Struggle with SaaS Security Traditional security controls that CISOs and their teams relied on during the era of on-premise dominance have become obsolete. Firewalls now protect a much smaller perimeter, visibility is limited, and even if SaaS vendors offer logs, security teams need custom middleware to process them into their SIEM. SaaS vendors define security scopes for their products, but customers must manage SaaS compliance, data governance, identity and access management (IAM), and application controls—areas where most incidents occur. While the SaaS shared responsibility model is universal among SaaS apps, no two SaaS applications have identical security settings. Understanding the SaaS Kill Chain In the context of SaaS security, the application provider is responsible for physical infrastructure, the network, OS, and the application itself. Customers are responsible for data security and identity management. This shared responsibility model requires SaaS customers to take ownership of components that threat actors target most frequently. Research by AppOmni indicates that a single SaaS instance typically has 256 SaaS-to-SaaS connections, many of which are no longer in use but still retain excessive permissions to core business applications like Salesforce, Okta, and GitHub. With the multitude of different SaaS security settings and constant updates, security teams struggle to monitor these connections effectively. The number of entry points multiplies exponentially as employees enable SaaS-to-SaaS connections, using machine identities like API keys and digital certificates. As the attack surface migrated outside the network perimeter, so did the kill chain—threat actors orchestrate their attacks through various phases: Case Study: Scattered Spider/Starfraud In a recent attack by the Scattered Spider/Starfraud groups, a user opened a phishing email and logged into a spoofed IdP page. Through social engineering, the attackers obtained the user’s TOTP token, tricked the MFA protocol, and gained access to Amazon S3, Azure AD, and Citrix VDI. They then deployed a malicious server in the IaaS environment and executed a privileged Azure AD escalation attack, eventually encrypting all accessible data and delivering a ransom note. Growing SaaS Attack Activity SaaS breaches, though not always making headlines, have significant consequences. IBM reports that the average cost of data breaches in 2023 was $4.45 million per incident, a 15% increase over three years. Threat actors frequently use tactics similar to those seen in the Scattered Spider/Starfraud kill chain, targeting SaaS tenants and exploiting configuration issues. Protecting SaaS Environments With these measures, security teams can gain the visibility and intelligence needed to identify intruders early in the kill chain and prevent breaches before they become devastating. Like Related Posts Salesforce OEM AppExchange Expanding its reach beyond CRM, Salesforce.com has launched a new service called AppExchange OEM Edition, aimed at non-CRM service providers. Read more The Salesforce Story In Marc Benioff’s own words How did salesforce.com grow from a start up in a rented apartment into the world’s Read more Salesforce Jigsaw Salesforce.com, a prominent figure in cloud computing, has finalized a deal to acquire Jigsaw, a wiki-style business contact database, for Read more Service Cloud with AI-Driven Intelligence Salesforce Enhances Service Cloud with AI-Driven Intelligence Engine Data science and analytics are rapidly becoming standard features in enterprise applications, Read more

June 27, 2024in Salesforce

26Jun

Tableau Cloud Hyperforce

What to Know About Tableau Cloud Migration to Hyperforce Tableau Cloud is transitioning to Hyperforce, Salesforce’s next-generation infrastructure for the public cloud, in the second half of 2024. This shift promises enhanced security, scalability, and compliance, allowing customers to better manage data residency and adhere to local regulations. Here’s a closer look at what Hyperforce is, the benefits it brings to Tableau Cloud, and how to learn more about this significant upgrade. What is Hyperforce? Hyperforce is Salesforce’s advanced infrastructure architecture tailored for the public cloud. It marks a significant technological advancement, enabling applications to perform with greater security and efficiency. Unlike traditional hardware-dependent setups, Hyperforce is built on a foundation of code, allowing seamless deployment across global regions. This flexibility ensures effective data residency management and compliance with local laws. This might be a good time to consider moving to Tableau Cloud. Shifting workloads to software-as-a-service (SaaS) solutions has been an increasing priority for organizations for years. As we build for a world facing new economic challenges and uncertainty, executives have increasingly looked to Tableau Cloud, our SaaS offering, to help them develop their own competitive advantages, easily scale, and maximize efficiency. Flexera’s 2023 State of the Cloud reports that 51% of data is now in the public cloud, and nearly half of their survey respondents indicated their organization plans to move from on-premises software to SaaS. More and more organizations are turning to cloud solutions to reduce operational costs and drive their own digital transformation. Benefits of Tableau Cloud on Hyperforce When Tableau Cloud transitions to Hyperforce, customers will experience immediate benefits while retaining the familiar user experience and functionality. Here’s what to expect: Leveraging Salesforce Innovations Hyperforce enables Tableau Cloud to integrate more effectively with Salesforce’s existing innovations and integrations, fostering faster innovation. A notable example is Tableau Cloud Private Connect, which allows secure connections between Tableau Cloud and popular cloud data warehouses and lakes via a private connection, enhancing data transit security. Learning More About the Migration To delve deeper into Salesforce’s Hyperforce platform and the Tableau Cloud migration, refer to the Hyperforce FAQ and the Tableau Cloud Hyperforce Migration article. This migration marks an exciting phase for Tableau Cloud, promising unparalleled scalability, security, and compliance. The enhanced regional availability and compliance standards will enable more organizations worldwide to leverage Tableau Cloud, while the platform’s flexibility will spur faster AI-powered analytics innovations. For those interested in the technical details and implications of this transition, contact Tectonic today. Tableau Cloud is always on the latest version Tableau, which means you get access all of the innovations as soon as they’re available. That means all Tableau AI features that we develop are available to your data community right away. As transformational technologies like LLMs are integrated into Tableau Pulse, your teams can use them to stay up to date on all the most essential metrics immediately. Like Related Posts Salesforce OEM AppExchange Expanding its reach beyond CRM, Salesforce.com has launched a new service called AppExchange OEM Edition, aimed at non-CRM service providers. Read more The Salesforce Story In Marc Benioff’s own words How did salesforce.com grow from a start up in a rented apartment into the world’s Read more Salesforce Jigsaw Salesforce.com, a prominent figure in cloud computing, has finalized a deal to acquire Jigsaw, a wiki-style business contact database, for Read more Service Cloud with AI-Driven Intelligence Salesforce Enhances Service Cloud with AI-Driven Intelligence Engine Data science and analytics are rapidly becoming standard features in enterprise applications, Read more

June 26, 2024in Hyperforce, Salesforce Optimization, Salesforce Tableau

22Jun

Single Digit Members

The Single Digit Growth Club: A Surge in New Members What Do Salesforce and Asana Have in Common? Both Salesforce and Asana: They have now joined the ranks of The Single Digit Growth Club, projecting growth below 10% for the coming year. It Wasn’t Supposed to Be This Way Why not? Mainly due to historically high Net Revenue Retention (NRR). Salesforce traditionally maintained an NRR well above 110%. Asana, despite catering to many SMBs (where high NRR is harder to achieve), also had high NRR until recently. With an NRR of 110%, growth expectations were typically around 20%-30% annually. With an NRR of 120% or more, as many companies had until recently (and some, like Databricks, still have at 140%+), 40% annual growth seemed attainable even at $1B ARR. However, while NRR is still strong, often at least 100%, it is no longer overperforming in many cases. Even high fliers like Monday.com have seen dips in NRR. Despite their smaller deal sizes, Monday.com’s NRR is the lowest it has been in over four years. The Impact of NRR Declines A drop of 10%-20% in NRR is significantly hampering growth, pushing even market leaders into The Single Digit Growth Club. But not everyone is struggling. The Haves and Have Nots in SaaS In today’s SaaS landscape, there is a stark contrast between the Haves and the Have Nots. Companies operating outside of B2B, those that are truly AI-native, and others are experiencing remarkable growth. However, within tech sales, a decline in NRR is severely impacting growth. Conclusion The shift to single-digit growth is a reality many SaaS companies are grappling with. As we navigate this new landscape, it’s clear that maintaining high NRR and adapting to market changes are crucial for sustaining growth. Like Related Posts Salesforce OEM AppExchange Expanding its reach beyond CRM, Salesforce.com has launched a new service called AppExchange OEM Edition, aimed at non-CRM service providers. Read more The Salesforce Story In Marc Benioff’s own words How did salesforce.com grow from a start up in a rented apartment into the world’s Read more Salesforce Jigsaw Salesforce.com, a prominent figure in cloud computing, has finalized a deal to acquire Jigsaw, a wiki-style business contact database, for Read more Service Cloud with AI-Driven Intelligence Salesforce Enhances Service Cloud with AI-Driven Intelligence Engine Data science and analytics are rapidly becoming standard features in enterprise applications, Read more

June 22, 2024in Salesforce

18Jun

Cyber Group Targets SaaS Platforms

Cyber Group UNC3944 Targets SaaS Platforms like Azure, Salesforce, vSphere, AWS, and Google Cloud UNC3944, also known as “0ktapus” and “Scattered Spider,” has shifted its focus to attacking Software-as-a-Service (SaaS) applications, as reported by Google Cloud’s Mandiant threat intelligence team. This hacking group, previously linked to incidents involving companies such as Snowflake and MGM Entertainment, has evolved its strategies to concentrate on data theft and extortion. Cyber Group Targets SaaS Platforms Attack Techniques UNC3944 exploits legitimate third-party tools for remote access and leverages Okta permissions to expand their intrusion capabilities. One notable aspect of their attacks involves creating new virtual machines in VMware vSphere and Microsoft Azure, using administrative permissions linked through SSO applications for further activities. The group uses commonly available utilities to reconfigure virtual machines (VMs), disable security protocols, and download tools such as Mimikatz and ADRecon, which extract and combine various artifacts from Active Directory (AD) and Microsoft Entra ID environments. Evolving Methods Initially, UNC3944 employed a variety of techniques, but over time, their methods have expanded to include ransomware and data theft extortion. Active since at least May 2022, the group has developed resilience mechanisms against virtualization platforms and improved their ability to move laterally by abusing SaaS permissions. The group also uses SMS phishing to reset passwords and bypass multi-factor authentication (MFA). Once inside, they conduct thorough reconnaissance of Microsoft applications like SharePoint to understand remote connection needs. According to Google Cloud’s Mandiant team, UNC3944’s primary activity is now data theft without using ransomware. They employ expert social engineering tactics, using detailed personal information to bypass identity checks and target employees with high-level access. Social Engineering and Threats Attackers often pose as employees, contacting help desks to request MFA resets for setting up new phones. If help desk staff comply, attackers can easily bypass MFA and reset passwords. If social engineering fails, UNC3944 resorts to threats, including doxxing, physical threats, or releasing compromising material to coerce credentials from victims. Once access is gained, they gather information on tools like VPNs, virtual desktops, and remote work utilities to maintain consistent access. Targeting SaaS and Cloud Platforms UNC3944 targets Okta’s single sign-on (SSO) tools, allowing them to create accounts that facilitate access to multiple systems. Their attacks extend to VMware’s vSphere hybrid cloud management tool and Microsoft Azure, where they create virtual machines for malicious purposes. By operating within a trusted IP address range, they complicate detection. Additional targets include SaaS applications like VMware’s vCenter, CyberArk, Salesforce, CrowdStrike, Amazon Web Services (AWS), and Google Cloud. Office 365 is another focus, with attackers using Microsoft’s Delve tool to identify valuable information. To exfiltrate data, they use synchronization utilities such as Airbyte and Fivetran to transfer information to their own cloud storage. The group also targets Active Directory Federation Services (ADFS) to extract certificates and employ Golden SAML attacks for continued access to cloud applications. They leverage Microsoft 365 capabilities like Office Delve for quick reconnaissance and data mining. Recommendations – Cyber Group Targets SaaS Platforms Mandiant advises deploying host-based certificates with MFA for VPN access, implementing stricter conditional access policies, and enhancing monitoring for SaaS applications. Consolidating logs from crucial SaaS applications and monitoring virtual machine setups can help identify potential breaches. Like1 Related Posts Salesforce OEM AppExchange Expanding its reach beyond CRM, Salesforce.com has launched a new service called AppExchange OEM Edition, aimed at non-CRM service providers. Read more The Salesforce Story In Marc Benioff’s own words How did salesforce.com grow from a start up in a rented apartment into the world’s Read more Salesforce Jigsaw Salesforce.com, a prominent figure in cloud computing, has finalized a deal to acquire Jigsaw, a wiki-style business contact database, for Read more Service Cloud with AI-Driven Intelligence Salesforce Enhances Service Cloud with AI-Driven Intelligence Engine Data science and analytics are rapidly becoming standard features in enterprise applications, Read more

June 18, 2024in Salesforce, Salesforce Managed Services, Snowflake

16Jun

Transactional Operational Emails and Account Engagement

Summer ’24 Salesforce Release: A Game-Changer for Marketing Cloud Account Engagement, formerly Pardot The Salesforce Summer ’24 release notes are here, bringing with them one of the most anticipated features for Marketing Cloud Account Engagement (MCAE/Pardot). The ability to send operational emails in Engagement Studio has long been requested, earning the fifth most points in the Account Engagement category on the IdeaExchange. Transactional Operational Emails and Account Engagement are here! What is an Operational Email? Operational emails are informational and differ from marketing emails. Operational emails include transactional emails such as receipts, shipping acknowledgements, etc. But when using the label operational or transactional you must refrain from including marketing content. Marking an email as “operational” allows it to bypass the recipient’s opt-in status, ensuring delivery even if the subscriber has opted out. However, it’s crucial to use operational emails correctly to maintain your sending reputation and comply with the CAN-SPAM Act. Enabling Transactional Operational Emails and Account Engagement To enable operational emails in MCAE: Only Account Engagement Admin users and custom user roles can send operational emails. Sending Operational Emails with Engagement Studio Previously, operational emails could only be sent through list sends, requiring manual audience selection, email content creation, and sending. Now, operational emails can be sent directly from Engagement Studio, where recipients are enrolled based on user-defined criteria, and emails are automatically sent according to your parameters. Practical Applications Imagine you’re a SaaS company needing to communicate about planned system outages. Instead of setting up multiple operational list sends, you can create an Engagement Studio program to automate outage and issue-resolved notifications. Another scenario could involve notifying customers about upcoming product license expirations. An Engagement Studio program can be set to send timely renewal reminders, eliminating the need for manual list sends. Other potential use cases include: Effective use of operational emails in Engagement Studio requires planning: crafting appropriate email content, ensuring accurate data for recipient targeting, and complying with the Marketing Cloud Account Engagement Permission Based Marketing Policy. Limitations Salesforce has outlined several limitations for using operational emails in Engagement Studio: A Significant Advancement in Email Marketing This new feature greatly enhances efficiency for marketers and improves customer experiences by ensuring timely delivery of crucial information without manual intervention. Like Related Posts Salesforce OEM AppExchange Expanding its reach beyond CRM, Salesforce.com has launched a new service called AppExchange OEM Edition, aimed at non-CRM service providers. Read more The Salesforce Story In Marc Benioff’s own words How did salesforce.com grow from a start up in a rented apartment into the world’s Read more Salesforce Jigsaw Salesforce.com, a prominent figure in cloud computing, has finalized a deal to acquire Jigsaw, a wiki-style business contact database, for Read more Service Cloud with AI-Driven Intelligence Salesforce Enhances Service Cloud with AI-Driven Intelligence Engine Data science and analytics are rapidly becoming standard features in enterprise applications, Read more

June 16, 2024in Marketing Automation, Salesforce Implementation Services, Salesforce Marketing Cloud Account Engagement (Pardot)

26May

Securing SaaS

Obsidian Security recently discussed the complexity of enforcing Single Sign-On (SSO) within Salesforce and frequently encountering misconfigurations. Notably, 60% of Obsidian’s customers initially have local access without Multi-Factor Authentication (MFA) configured for Salesforce, highlighting a significant security gap that Obsidian diligently works to secure. Securing SaaS. The Hidden Vulnerability Application owners who manage Salesforce daily often remain unaware of this misconfiguration. Despite their deep knowledge of Salesforce management, local access without MFA presents an overlooked vulnerability. This situation raises concerns about the security of other SaaS applications, especially those without developed expertise or knowledge. If you have concerns about your configuration, Tectonic can help. Attacker Focus and Trends Attackers have historically targeted the Identity Provider (IdP) space, focusing on providers like Okta, Microsoft Entra, and Ping. This strategy offers maximal impact, as compromising an IdP grants broad access across multiple applications. Developing expertise to breach a few IdPs is more efficient than learning the diverse local access pathways of numerous SaaS vendors. Over the past 12 months, nearly 100% of the breaches that required Obsidian’s intervention through CrowdStrike or other incident response partners were IdP-focused. Notably, 70% of these breaches involved subverting MFA, often through methods like SIM swapping. In instances where local access bypasses the IdP, 95% of the time it lacks MFA. Recent discussions around Snowflake have brought attention to “shadow authentication,” defined as unsanctioned means to authenticate a user within an application. Obsidian Security has observed an increase in brute force attacks against SaaS applications via local access pathways over the last two weeks, indicating a growing awareness of this attack vector. Future Expectations Attackers continually seek easy and efficient pathways. Over the next 12 months, local access or shadow authentication is expected to become a major attack vector. Organizations must proactively secure these pathways as attackers shift their focus. What You Can Do How Obsidian Helps Salesforce Security partners offers robust solutions to address these challenges: By leveraging partner capabilities, organizations can enhance their security posture, protecting against evolving threats targeting local access and shadow authentication. The post “The Growing Importance of Securing Local Access in SaaS Applications” appeared first on Obsidian Security. Like Related Posts Salesforce OEM AppExchange Expanding its reach beyond CRM, Salesforce.com has launched a new service called AppExchange OEM Edition, aimed at non-CRM service providers. Read more The Salesforce Story In Marc Benioff’s own words How did salesforce.com grow from a start up in a rented apartment into the world’s Read more Salesforce Jigsaw Salesforce.com, a prominent figure in cloud computing, has finalized a deal to acquire Jigsaw, a wiki-style business contact database, for Read more Service Cloud with AI-Driven Intelligence Salesforce Enhances Service Cloud with AI-Driven Intelligence Engine Data science and analytics are rapidly becoming standard features in enterprise applications, Read more

May 26, 2024in Salesforce, Salesforce Einstein, Snowflake

16May

AI Agents and Open APIs

How AI Agents and Open APIs Are Unlocking New Rebundling Opportunities While much of the 2023-24 excitement surrounding AI has focused on the capabilities of foundational models, the true potential of AI lies in reconfiguring value creation across vertical value chains, not just generating average marketing content. The Vertical AI Opportunity Most AI hype has centered on horizontal B2C applications, but the real transformative power of AI is in vertical B2B industries. This article delves into the opportunities within vertical AI and explores how companies can excel in this emerging space. Short-Term and Long-Term Strategies in Vertical AI In the short term, many vertical AI players focus on developing proprietary, fine-tuned models and user experiences to gain a competitive advantage. These niche models, trained on domain-specific data, often outperform larger foundational models in latency, accuracy, and cost. As models become more fine-tuned, changes in user experience (UX) must integrate these benefits into daily workflows, creating a flywheel effect. Vertical AI companies tend to operate as full-stack providers, integrating interfaces, proprietary models, and proprietary data. This level of integration enhances their defensibility because owning the user interface allows them to continually collect and refine data, improving the model. While this approach is effective in the short term, vertical AI players must consider the broader ecosystem to ensure long-term success. The Shift from Vertical to Horizontal Though vertical AI solutions may dominate in specific niches, long-term success requires moving beyond isolated verticals. Users ultimately prefer unified experiences that minimize switching between multiple platforms. To stay competitive in the long run, vertical AI players will need to evolve into horizontal solutions that integrate across broader ecosystems. Vertical Strategies and AI-Driven Rebundling Looking at the success of vertical SaaS over the last decade provides insight into the future of vertical AI. Companies like Square, Toast, and ServiceTitan have grown by first gaining adoption in a focused use case, then rapidly expanding by rebundling adjacent capabilities. This “rebundling” process—consolidating multiple unbundled capabilities into a comprehensive, customer-centric offering—helps vertical players establish themselves as the hub. The same principle applies to vertical AI, where the end game involves going vertical to later expand horizontally. AI’s Role in Rebundling The key to long-term competitive advantage in vertical AI lies not just in addressing a single pain point but in using AI agents to rebundle workflows. AI agents serve as a new hub for rebundling, enabling vertical AI players to integrate and coordinate diverse workflows across their solutions. Rebundling Workflows with AI Business workflows are often fragmented, spread across siloed software systems. Managers currently bundle these workflows together to meet business goals by coordinating across silos. But with advances in technology, B2B workflows are being transformed by increasing interoperability and the rise of AI agents. The Rebundling Power of AI Agents Unlike traditional software that automates specific tasks, AI agents focus on achieving broader goals. This enables them to take over the goal-seeking functions traditionally managed by humans, effectively unbundling goals from specific roles and establishing a new locus for rebundling. Vertical AI Players: Winners and Losers The effectiveness of vertical AI players will depend on the sophistication of their AI agents and the level of interoperability with third-party resources. Industries that offer high interoperability and sophisticated AI agents present the most significant opportunities for value creation. The End Game: From Vertical to Horizontal Ultimately, the goal for vertical AI players is to leverage their vertical advantage to develop a horizontal hub position. By using AI agents to rebundle workflows and integrate adjacent capabilities, vertical AI companies can transition from niche providers to central players in the broader ecosystem. This path—going vertical first to then expand horizontally—will define the winners in the AI-driven future of business transformation. Like Related Posts Salesforce OEM AppExchange Expanding its reach beyond CRM, Salesforce.com has launched a new service called AppExchange OEM Edition, aimed at non-CRM service providers. Read more The Salesforce Story In Marc Benioff’s own words How did salesforce.com grow from a start up in a rented apartment into the world’s Read more Salesforce Jigsaw Salesforce.com, a prominent figure in cloud computing, has finalized a deal to acquire Jigsaw, a wiki-style business contact database, for Read more Service Cloud with AI-Driven Intelligence Salesforce Enhances Service Cloud with AI-Driven Intelligence Engine Data science and analytics are rapidly becoming standard features in enterprise applications, Read more

May 16, 2024in Data, Salesforce, Technology

04Apr

Build a Culture of Data

What is a Data Culture? A Data Culture is the collective behaviors and beliefs of people who value, practice, and encourage the use of data to improve decision-making. As a result, data is woven into the operations, mindset, and identity of an organization. Why is a data culture important? It enables more informed decision-making. With a data culture in place, decisions at all levels of the organization are based on data-driven insights rather than intuition or guesswork. This leads to more effective strategies and better outcomes. What is the difference in data culture and data strategy? Gartner defines data strategy as “a highly dynamic process employed to support the acquisition, organization, analysis, and delivery of data in support of business objectives.” In contrast, the culture around data comes together with data talent, data literacy, and data tools. Build a Culture of Data Building a data culture is crucial for companies to unlock valuable insights and make smarter, more strategic decisions. Here’s what leaders need to know to foster a data-driven environment: By following these steps and prioritizing the development of a data culture, leaders can empower their organizations to make informed decisions, drive growth, and stay ahead of the competition in today’s data-driven world. Data Maturity Understanding data maturity is crucial for organizations as it provides a framework for assessing their current state of data management and analytics capabilities. It serves as a tool to guide decision-making and prioritize initiatives aimed at advancing the organization’s data capabilities. By evaluating data maturity, organizations can identify gaps, set goals, and determine the necessary steps to progress along their data journey. Data maturity assessment typically involves evaluating various aspects of data management, including data governance, data quality, data infrastructure, analytics capabilities, and organizational culture around data. Based on the assessment, organizations can identify areas of strength and weakness and develop a roadmap for improvement. Furthermore, understanding data maturity enables organizations to track their progress over time. By periodically reassessing data maturity, organizations can measure how much they have advanced and identify areas that still require attention. This iterative process allows organizations to continuously improve their data capabilities and adapt to evolving business needs and technological advancements. In summary, understanding data maturity allows organizations to: Like1 Related Posts Salesforce OEM AppExchange Expanding its reach beyond CRM, Salesforce.com has launched a new service called AppExchange OEM Edition, aimed at non-CRM service providers. Read more The Salesforce Story In Marc Benioff’s own words How did salesforce.com grow from a start up in a rented apartment into the world’s Read more Salesforce Jigsaw Salesforce.com, a prominent figure in cloud computing, has finalized a deal to acquire Jigsaw, a wiki-style business contact database, for Read more Service Cloud with AI-Driven Intelligence Salesforce Enhances Service Cloud with AI-Driven Intelligence Engine Data science and analytics are rapidly becoming standard features in enterprise applications, Read more

April 4, 2024in Einstein 1 Platform, Salesforce

07Feb

Healthcare Cloud Marketplace

Healthcare Cloud Computing Market: A Comprehensive Overview and Future Outlook Vantage Market Research Report: Insights into Healthcare Cloud Computing by 2030 WASHINGTON, D.C., February 6, 2024 /EINPresswire.com/ — The global Healthcare Cloud Marketplace was valued at USD 38.25 billion in 2022 and is projected to grow at a compound annual growth rate (CAGR) of 18.2% from 2023 to 2030, reaching approximately USD 145.86 billion by 2030, according to Vantage Market Research. This technology allows healthcare organizations to utilize cloud-based services for data storage, management, and analysis, providing numerous benefits such as cost efficiency, scalability, flexibility, security, and interoperability. It enhances healthcare delivery by enabling seamless data access and sharing across various locations, devices, and networks. Additionally, cloud computing supports the integration of advanced technologies like artificial intelligence, big data analytics, telehealth, and mobile health, driving progress in disease diagnosis, treatment, and prevention. Market Dynamics The market’s growth is fueled by several key factors, including the increasing demand for healthcare IT solutions, the rising prevalence of chronic diseases, the widespread adoption of electronic health records (EHRs), and evolving payment models and regulatory frameworks. The exponential increase in healthcare data, encompassing patient records, imaging scans, and research findings, necessitates scalable storage and analysis solutions. Cloud computing meets this need by providing flexible and scalable infrastructure, accommodating data growth without overburdening IT systems. The rise of telehealth and remote patient monitoring further boosts the demand for secure, cloud-based platforms that facilitate efficient data exchange. However, stringent data privacy regulations like HIPAA and GDPR require robust security measures, compelling healthcare organizations to seek cloud providers that offer strong compliance and access controls. This need for a balance between agility and security shapes the healthcare cloud computing market’s future trajectory. Leading Companies in the Global Healthcare Cloud Computing Market Market Segmentation By Product: By Deployment: By Component: By Pricing Model: By Service Model: Key Trends and Opportunities The healthcare cloud computing market is witnessing significant trends, including the adoption of hybrid and multi-cloud models, which combine the benefits of both public and private clouds. The integration of artificial intelligence (AI) and machine learning (ML) into cloud-based healthcare applications is opening new avenues for personalized medicine, clinical decision support, and drug discovery. Moreover, blockchain technology is emerging as a solution to enhance data security and patient privacy, addressing critical industry concerns. Key Findings: Opportunities: Healthcare Cloud Marketplace The healthcare cloud computing market is poised for robust growth, driven by the increasing demand for scalable and secure data management solutions. As healthcare organizations navigate challenges related to data privacy and security, robust cloud solutions and supportive government policies will be essential in unlocking the full potential of cloud computing in healthcare. Like Related Posts Salesforce OEM AppExchange Expanding its reach beyond CRM, Salesforce.com has launched a new service called AppExchange OEM Edition, aimed at non-CRM service providers. Read more The Salesforce Story In Marc Benioff’s own words How did salesforce.com grow from a start up in a rented apartment into the world’s Read more Salesforce Jigsaw Salesforce.com, a prominent figure in cloud computing, has finalized a deal to acquire Jigsaw, a wiki-style business contact database, for Read more Service Cloud with AI-Driven Intelligence Salesforce Enhances Service Cloud with AI-Driven Intelligence Engine Data science and analytics are rapidly becoming standard features in enterprise applications, Read more

February 7, 2024in Salesforce

25Jan

Salesforce Revenue Lifecycle Management

Seamless Revenue Lifecycle Management Powered by Salesforce Revenue Cloud Is your company struggling to manage complex revenue streams, manual billing processes, or compliance with ASC 606 and IFRS 15 standards? Tectonic specializes in implementing Salesforce Revenue Lifecycle Management solutions through Salesforce Revenue Cloud. We offer tailored strategies for mid-market and enterprise companies across industries like High Tech, SaaS, Manufacturing, Hospitality, and Life Sciences. Industries We Serve The Challenges You Face Managing complex revenue streams can be overwhelming without the right systems. If your business is facing challenges like: Tectonic’s Tailored Solutions – Salesforce Revenue Lifecycle Management We leverage Salesforce Revenue Cloud to automate and streamline your Salesforce Revenue Lifecycle Management, helping companies overcome these challenges with ease. Key Use Cases for Salesforce Revenue Lifecycle Management (RLM) Content updated September 2024. Like Related Posts Salesforce OEM AppExchange Expanding its reach beyond CRM, Salesforce.com has launched a new service called AppExchange OEM Edition, aimed at non-CRM service providers. Read more The Salesforce Story In Marc Benioff’s own words How did salesforce.com grow from a start up in a rented apartment into the world’s Read more Salesforce Jigsaw Salesforce.com, a prominent figure in cloud computing, has finalized a deal to acquire Jigsaw, a wiki-style business contact database, for Read more Service Cloud with AI-Driven Intelligence Salesforce Enhances Service Cloud with AI-Driven Intelligence Engine Data science and analytics are rapidly becoming standard features in enterprise applications, Read more

January 25, 2024in Data, Enterprise, Salesforce, Salesforce CPQ, Salesforce Revenue Cloud

SaaS

Single Digit Members

Transactional Operational Emails and Account Engagement

Securing SaaS

AI Agents and Open APIs

Build a Culture of Data

Recent Posts

Where is AI Going?

Enabling API Projects for Agent Topics and Actions with MuleSoft

AI Agent Revolution

Advancing AI Capabilities: The Next Evolution

Digital Experience and Ecommerce Dictionary

Contact Us

Be in touch today — and start your business on a path to success.

Category

Archives