Source: Annie Sprat/Unsplash.
Salesforce Inc. announced interrelated updates and launches at its annual Dreamforce 2024 event. Underlying its desire to build greater artificial intelligence and automation into its platforms, its Einstein Trust Layer and Shield offerings included many trust, privacy and security guardrails and controls aimed at safely accelerating GenAI adoption for improved customer acquisition and experience. This report reviews some of the announcements and their strategic implications.
The take
High expectations for trust, safety, privacy and confidentiality continue to be the top concerns for customer experience initiatives using GenAI, according to survey data. Announcements around Data Cloud, the Einstein Trust Layer and Salesforce Shield further unified safety, trust and security. The immense scale and challenge for unifying data, governing its usage and applying controls against abuses, theft or loss were also extensively shown at Dreamforce. Salesforce remains in an enviable and market-leading position, not just to accelerate its customers’ marketing, sales, service and commerce initiatives, but to accelerate that growth with trust and privacy as inherent and mandatory functions. Innovations such as Agentforce are not possible without the guardrails of Einstein Trust Layer. Away from the lines of business driving marketing, sales and service, security, governance and risk teams have long considered the risks without context for the reward. Bringing these parties together could make business and security improvements more synonymous, with Salesforce at the forefront of the convergence.
Technology
Underscoring its momentum in GenAI and automation, Salesforce has issued significant updates to its Einstein Trust Layer. Although Einstein as the AI/machine learning layer has been offered since 2016, the Einstein Trust Layer sits between agents, GenAI applications and various language models. Einstein Trust Layer combines multiple capabilities, from secure data retrieval to automatic citation generation, to unify governance between every single prompt and response from a GenAI session. Agent guardrails such as Allowed Topics or Allowed Actions are also featured. For example, a conversation with a GenAI customer service agent may conclude that a refund should be issued, but because refunds are not on the Allowed Actions, no refund will be issued.
Road maps for other controls such as prompt injection and toxicity detection were also discussed, with certain features being released in upcoming seasons. Einstein Trust Layer protections support hosted models within the Salesforce trust boundary, a bring-your-own-model on an enterprise’s private infrastructure and external models with shared trust boundaries. Einstein Trust Layer’s integration with CRM, Knowledge Base and Data Cloud enables better AI grounding, and ensures that sensitive data can be masked for third-party models, or that no model ever retains or trains against sensitive data. Under these controls, governance features such as full audit trails and AI asset and app management are provided.
Salesforce announced several updates and previews in its Shield security portfolio. Previewed at Dreamforce 2024 with an expected GA launch in 2025, Data Detect features sensitive data discovery and classification, and will be included for existing Salesforce Shield subscribers. Enhancements include support for more sensitive data types and improved performance. Event Monitoring will support one year of event history for user activity and full threat detection capabilities. Event Monitoring support now includes Event Log Objects for further programmatic integration into other security operations workflows. Shield Platform Encryption showed continued maturity with the GA release of Platform Encryption for Data Cloud in September 2024, and Full Hyperforce Database Encryption planned for GA in early 2025. Full Hyperforce database encryption further augments data and operational sovereignty requirements in certain jurisdictions.
Observations
Security has become a major component of Salesforce’s revenue. The Salesforce Shield platform is nominally priced at 30% of a customer’s total salesforce spending. Privacy Center and Data Masking may, respectively, add 15% and 10% of additional Salesforce spending.
According to a recent survey conducted by 451 Research, a part of S&P Global Market Intelligencey, Data Security and Data Privacy were the top concerns enterprises had for GenAI, voted by 52% and 46%, respectively, of martech decision-makers.
From the same study, 81% of respondents either purchased CX applications as a suite or acquired individual tools for specific use cases. The ability to upgrade or add new features was the top reason to adopt either individual tools or suites of tools. Although CX practitioners and leaders may have security and privacy as their top concerns, they generally do not build or buy separate security or privacy controls, but rather rely on those inherent within their CX toolset. With security and trust built into its platform, Salesforce has implicitly become one of the largest data security vendors.
Other industry trends point to a convergence and positive industry progression. Covered in 451 Research’s two-part compliance automation report, more enterprises will need to attest to how their digital services and apps handle sensitive and confidential information. Privacy and confidentiality initiatives driven by SOC 2 Type 2 or ISO27K compliance require enterprises to attest to their controls. As more of these organizations build on the Salesforce platform, Salesforce will have to enable its systems to be rapidly, and continuously, independently auditable, and facilitate remediations effectively.
Compliance automation and risk management practices will fold in other teams such as security, privacy, or governance, risk and compliance teams. Threat monitoring and insider risk management are typically the responsibility of SecOps “blue teams.” Further integration in Salesforce Shield Event Monitoring within centralized SecOps teams further converges different teams. Finally, attacks against an organization’s data via distrust, abuse, harm, disinformation or fraud, especially from GenAI, are an immense emerging concern.
The Salesforce vision, and the key lines of business it sells to, may be the guiding star for most enterprises. Security initiatives have long considered the risks without context for the reward. Bringing these parties together could make business and security improvements more synonymous. The oversight and coordination of disparate data in Data Cloud may offer further opportunities to build in or reference additional controls. There will remain some gaps in this convergence, given some solutions like Shield are priced separately, yet the Einstein Trust Layer is integral to Agentforce.
Data protection and security — two sides of the same coin?
Enhancing cybersecurity
With the rise of EV charging infrastructure, cybersecurity becomes paramount. Protecting data, communication channels, and physical assets from unauthorized access is critical. Implementing robust security measures ensures the integrity of these systems and builds trust with consumers.
Cyber threats pose significant risks to EV charging networks, potentially leading to data breaches or operational disruptions. To mitigate these risks, organizations must adopt comprehensive security protocols, including encryption, secure communication channels, and regular system audits. Ensuring cybersecurity not only protects infrastructure but also maintains consumer confidence in the safety and reliability of EV charging solutions.
With Salesforce’s overall standing, direct competitors that combine customer experience, sales, marketing and service applications into suites include Adobe Inc., Microsoft Dynamics 365, SAP Customer Experience, Oracle Advertising and Customer Experience, Zendesk Inc., ServiceNow Inc. and HubSpot Inc.
Data platforms such as Microsoft Fabric, Google BigQuery, Databricks, AWS RDS or Snowflake Inc. are only loosely comparable to Salesforce Data Cloud. Data Cloud’s greater focus is still specifically for customer, sales or service applications. There are best-of-breed data protection and security vendors that are comparable to Salesforce’s offerings, such as Salesforce Shield or Salesforce Security Center, yet even then, there are greater partnering opportunities for these best-of-breed vendors.
SaaS security providers such as AppOmni, Reco or Obsidian, or other security service edge providers such as Zscaler Inc. and Netskope, may govern access for users into Salesforce, and provide some levels of data loss prevention or limit what specific user actions are allowed. Pure-play data-security posture management vendors such as BigID, Normalyze or Sentra may provide data discovery functionality closest to Salesforce Shield Data Detect.
For many of the largest providers, such as AWS, Google, Microsoft or Salesforce, their respective go-to-market teams are incentivized on total customer satisfaction, regardless of whether the tools are independent best-of-breed or provided by themselves. Incentives to fulfill through a marketplace such as AppExchange ensure that Salesforce supports the distribution of its partners’ solutions, even if they are somewhat competitive with native offerings.
Competition
With Salesforce’s overall standing, direct competitors that combine customer experience, sales, marketing and service applications into suites include Adobe Inc., Microsoft Dynamics 365, SAP Customer Experience, Oracle Advertising and Customer Experience, Zendesk Inc., ServiceNow Inc. and HubSpot Inc.
Data platforms such as Microsoft Fabric, Google BigQuery, Databricks, AWS RDS or Snowflake Inc. are only loosely comparable to Salesforce Data Cloud. Data Cloud’s greater focus is still specifically for customer, sales or service applications. There are best-of-breed data protection and security vendors that are comparable to Salesforce’s offerings, such as Salesforce Shield or Salesforce Security Center, yet even then, there are greater partnering opportunities for these best-of-breed vendors.
SaaS security providers such as AppOmni, Reco or Obsidian, or other security service edge providers such as Zscaler Inc. and Netskope, may govern access for users into Salesforce, and provide some levels of data loss prevention or limit what specific user actions are allowed. Pure-play data-security posture management vendors such as BigID, Normalyze or Sentra may provide data discovery functionality closest to Salesforce Shield Data Detect.
For many of the largest providers, such as AWS, Google, Microsoft or Salesforce, their respective go-to-market teams are incentivized on total customer satisfaction, regardless of whether the tools are independent best-of-breed or provided by themselves. Incentives to fulfill through a marketplace such as AppExchange ensure that Salesforce supports the distribution of its partners’ solutions, even if they are somewhat competitive with native offerings.
Notice and Disclaimer: Some of the content in this 451 Alliance blog leverages artificial intelligence in accordance with our Terms of Service.
