Compounding risk going forward
When companies allow connections to systems outside their perimeter, they need to understand the risks they are assuming and the security controls available to them, Constellation’s Mehta says.
Even a control as straightforward and common as multi-factor authentication can be difficult to implement for all employees, he says.
“From a solution provider perspective, they provide a specific set of security controls and features and it’s up to the customers to make sure they actually use them. In my view, it is a shared responsibility,” Mehta says.
Shared responsibility for security was an important part of the message of last week’s Dreamforce, but discussion of the Salesloft incident was conspicuously missing — a loss for attendees.
Because if anything can be taken away from the past few months of Salesforce-related cybersecurity, it’s that software supply-chain security is more important than ever. And it will only increase in importance as more systems get connected — a key tenet of Salesforce’s aim to power the agentic enterprise.
Software supply-chain security is already not so easy to achieve, and, even as Salesforce promises to make this easier with the help of AI, it is AI itself that will make the problem that much harder to solve.
