Salesforce is one of the biggest cloud computing firms operating on the market. Its revenue as of August 2017 is estimated at 10 billion dollars. This is quite a significant result due to the fact that in a previous year the company made 30% less.
In addition, it has around 100,000 customers around the world, which makes it a rather popular business solution for those who seek proper customer relationships management (CRM) services. Present market success may be partially due to the effective resolution of the security compromise issue the company had in 2008. Since client data security in CRM is rather significant, the case of a phishing attack and the following change of priority in business ethics is paramount to investigate.
Client Data Security
What makes security breach an ethical issue is a fact that almost every company that works with data provided by a client has to guarantee their client’s privacy and non-disclosure. CRM services presuppose that a company lets Salesforce manage, store, and analyze the data about its customers, their personal contacts, and other information. Employees that work with the company that provides such services need to be aware of safety measures and precautions when working with the Internet.
In 2008, Salesforce.com databases that contained clients’ contacts were stolen through a phishing attack that targeted employees. Apparently, the information was accessed due to one or several employees opening a link he or she received via email on their desktop computer. The disguised malware might have proposed to enter details needed for accessing the client base under some security excuse.
This issue represents a case of negligence towards the company’s code of conduct or insufficient knowledge of the company’s ethics demonstrated by the employees. Another possible cause could be that company did not pay enough attention to educating workers on basic rules of data safety on the Internet.
Password-stealing software was also reported to be unwittingly installed by an employee on another occasion of a security breach. Such repeated failures to maintain the safety of the work process cast a shadow on the company and require adequate interventions.
Issue Resolution
In order to stay competitive and assure clients that further data-handling ethical issues will not arise, Salesforce.com decided to update its policy regarding safety and security. An improved version of the code of conduct was issued where it was stated that its employees are knowledgeable about the variety of modern security issues. In addition, the company equipped its workers with modern technological solutions that would allow them to perform in a fail-safe way. As such, phishing education and two-factor authentication were introduced.
In addition, the company regularly conducts seminars on data security, percolates in DEF CON hacking conferences, and educates its customers on data safety to ensure the data is protected from both sides. Salesforce.com now uses a comprehensive information protection model that acts on several levels including the object, field, and record levels.
Conclusion
All things considered, after facing serious security issues, Salesforce company took comprehensive multi-level action to regain their customers’ trust. They work with their employees and customers by educating them and providing them with the best technologies to protect data.
Additionally, they enhanced their defense system by reorganizing the whole process of storing and managing data. Judging by the fact that now the company continues to grow and yields financial success, the measures were effective.
References
“Salesforce.com Surpasses $10 Billion Run Rate,”Fox Business. Web.
Wayne, Jansen, ” Cloud Hooks: Security and Privacy Issues in Cloud Computing,” In Proceedings of the 44th Hawaii International Conference on System Sciences, Hawaii, 2011, 1-10, University of Hawaii, 2011.
Brian Krebs, “Salesforce.com Acknowledges Data Loss,” Washington Post, 2007. Web.
Raja, Rao, “Salesforce Data Security Model — Explained Visually,” Salesforce. Web.