SlideShare a Scribd company logo

Dell and Deloitte: Managing Risk in the Cloud with Salesforce

Dreamforce
Dreamforce

Join us for this interactive session with Dell Fellow Tim Brown to discuss how Dell manages security for one of the largest Salesforce implementations in the world. Tim will discuss the ways Dell and Deloitte identify and mitigate security threats in a very large enterprise - starting with the Salesforce Trust platform and extending into policies and processes - from user and admin management to integration security to insider threat detection. Watch the video now: https://www.youtube.com/watch?v=Mhzm6Q6QSyQ

Technology
1 of 11
Download to read offline
Dell and Deloitte: Managing Risk in the Cloud with Salesforce.com ​Erica Bell ​Enterprise Architect Sr Consultant ​Erica_Bell@dell.com ​Timothy Brown ​Dell Fellow and Executive Director for Security ​Timothy_g_brown@dell.com
“May you live in interesting times.” –Chinese Curse I always thought it was a blessing!
Salesforce.com at Dell Dell Salesforce.com implementation is one of the largest • 28 production orgs and 44 full copy sandboxes • Over 500,000 total consumed licenses • 55 integration points (variety methods used) 44 Full Copy Sdbx 28 Orgs 520,310 Total Licenses 55 Integration Points
Our Salesforce.com Evolution 1. Process & Governance 2. People 4. Acquisitions 3. Strategy & Architecture ▪ Strong change management and governance processes ▪ Aligned globally and across all business units ▪ Align business strategy with architecture to deliver end-to-end scalable solutions ▪ Customizations to “fit” business needs/processes ▪ Best in class in-house Salesforce knowledge ▪ Training and certification programs ▪ Significant acquisition strategy (8-10 year) ▪ “Do no harm” approach
Managing Security in Salesforce.com ​Established clear roles and responsibilities for business and IT resources. ​ IT Administrator ​ Business Administrator ​ Data Administrator ​Defined security protocols for development and governance. ​ Profile Management ​ Integration Management ​ Data Governance ​Develop clear segregation of duties. ​ IT processes (development, testing, and migration) ​ User review and approval ​Recognized the need to change our view and processes when deploying to the cloud. ​ Procurement process ​ RFP questions ​ Enterprise Architect review criteria ​How does Dell manage security and risk in the cloud?
​Inconsistent and unmanageable org strategy • Why? What happened? • “All you can eat” contract proliferated Dell’s org growth • Aggressive acquisition strategy further increased Dell’s org count • How was ‘the’ strategy developed? • Engaged Deloitte for assessment and best practices • Conducted discovery sessions (interviews, review documentation, etc.) • Evaluated each org and documented capabilities • Provided org consolidation recommendation (based on evaluation) • What are the results? • Certified org strategy and consolidation plan • 14 orgs decommissioned, 10 orgs outstanding, removed 19 full copy sandboxes Partnering with Deloitte ​Deloitte assisted Dell in developing an org strategy
Broader Security Considerations Not just cloud providers responsibility – it’s the customers as well • Understand the crown Jewels • Manage the administrators, their access, and their usage • Who users are and what their access is and what their access should be • Understand the system entirely not just the individual components • Deloitte/Dell CloudMix 2.0 example • Audit and report appropriately per industry • Architect for containment of threats and minimized exposure • Take responsibility for your users including the potential for the insider threat
What is an Insider Threat • Someone who is going to do harm to themselves or others • The companies responsibility not SFDCs • Insider threat program mandated by US government for all Federal employees doing cleared work • Traitor, Masquerader, Naïve User • Masqueraders, impersonators, infected machines • Traitors have gained access and but are both working for you as well as someone else • Naïve users are trying to do the right thing but making costly mistakes • Insider threat will increase as malware becomes less effective and more costly to produce • Determine intent of access and data moving outside it’s intent/mission • A program implemented by Dell and Deloitte that effects access to all internal and cloud resources ​The insider threat is also a concern to Dell
Risk Scoring Framework IX. Additional Risk Indicators* • Business Expenses Paid by Credit Card or Cash Alert • Business or First Class Travel Alert • Group Meals Alert • Recurring Expenses Alert • Tips Alert I. Financial Policy Violations • Termination Date (i. e., Date Employee is Separating From Dell) II. Separation Status • Access Granted Anomalies • Access Denied Anomalies • Invalid Access Level • Invalid Card Format • Invalid Pin # • Invalid Facility Code IV. Physical Security Alerts • Destination Country • Pre-Travel Brief (Yes/No) • Post-Travel Brief (Yes/No) III. Foreign Travel • Security Clearance Level • Special Access Level • Classification • Knowledge of Safe Combination • Physical Access Privilege Profile Data V. Specialized Access Levels • Issue Summary • Report Type • Primary and Secondary Allegation Classification • Primary and Secondary Allegation Type • Primary and Secondary Priority (Severity) VI. Security Incidents • Issue Summary • Report Type • Primary and Secondary Allegation Classification • Primary and Secondary Allegation Type • Primary and Secondary Priority (Severity) VII. Ethics Incidents • Performance Rating • Employee Review – Dimension Comments (Parts 1 -4) – Manager • Performance Improvement Plan VIII. Performance History Concur: Financial Compliance & Analysis System PeopleSoft: Human Resources System of Record Access Commander: Personnel Management System of Record Lenel OnGuard: Physical Security System of Record IntegriLink: Ethics and Security Case Tracking System Taleo: Human Resources Performance Rating Appraisal System HR Analytics: Performance Improvement Plan Data Dell BAP Pilot Domains Insider threats are influenced by a combination of virtual, non-virtual, and organizational factors (e.g., access and clearance level). In order to quantify risk, an individual’s behavior across each landscape must be evaluated and weighted, based on the drivers of risk. The following eight domain areas have been identified for the pilot. Security Information and Event Management (SIEM) System Data Loss Prevention (DLP) System • As Dell decides to expand the pilot to all Federal business segments, additional data sources and PRIs will be critical to the success of the detection capability. Initial Pilot Data Sources An analysis of historical insider threat cases and interviews with Dell data owners identified seven target systems that could supply the PRIs outlined above. A Framework for Understanding Risk RiskScoring Criteria Data Sources
Conclusion and Discussion • At Dell, maintaining a secure Salesforce.com ecosystem is high priority, and an ongoing process • Success at Dell is driven by a strong partnership between Salesforce.com, Deloitte, and Dell • A broad view of security, with shared responsibilities is essential to keeping one of the largest Salesforce.com implementations secure
Thank you

Recommended

Jeffrey Sweet - Third Party Risk Governance - Why? and How?
Jeffrey Sweet - Third Party Risk Governance - Why? and How?Jeffrey Sweet - Third Party Risk Governance - Why? and How?
Jeffrey Sweet - Third Party Risk Governance - Why? and How?
centralohioissa
 
Keith Fricke - CISO for an Hour
Keith Fricke - CISO for an HourKeith Fricke - CISO for an Hour
Keith Fricke - CISO for an Hour
centralohioissa
 
Cyber Security for Digital-Era
Cyber Security for Digital-EraCyber Security for Digital-Era
Cyber Security for Digital-Era
JK Tech
 
Security in the News
Security in the NewsSecurity in the News
Security in the News
James Sutter
 
Security as a Service in a Financial Institution: Reality or Chimera?
Security as a Service in a Financial Institution: Reality or Chimera?Security as a Service in a Financial Institution: Reality or Chimera?
Security as a Service in a Financial Institution: Reality or Chimera?
Javier Losa
 
William Diederich - Security Certifications: Are They Worth the Investment? A...
William Diederich - Security Certifications: Are They Worth the Investment? A...William Diederich - Security Certifications: Are They Worth the Investment? A...
William Diederich - Security Certifications: Are They Worth the Investment? A...
centralohioissa
 
The Future of Cybersecurity - October 2015
The Future of Cybersecurity - October 2015The Future of Cybersecurity - October 2015
The Future of Cybersecurity - October 2015
Security Innovation
 
Best Practices for a Mature Application Security Program Webinar - February 2016
Best Practices for a Mature Application Security Program Webinar - February 2016Best Practices for a Mature Application Security Program Webinar - February 2016
Best Practices for a Mature Application Security Program Webinar - February 2016
Security Innovation
 

Recommended

Jeffrey Sweet - Third Party Risk Governance - Why? and How?
Jeffrey Sweet - Third Party Risk Governance - Why? and How?Jeffrey Sweet - Third Party Risk Governance - Why? and How?
Jeffrey Sweet - Third Party Risk Governance - Why? and How?
centralohioissa
 
Keith Fricke - CISO for an Hour
Keith Fricke - CISO for an HourKeith Fricke - CISO for an Hour
Keith Fricke - CISO for an Hour
centralohioissa
 
Cyber Security for Digital-Era
Cyber Security for Digital-EraCyber Security for Digital-Era
Cyber Security for Digital-Era
JK Tech
 
Security in the News
Security in the NewsSecurity in the News
Security in the News
James Sutter
 
Security as a Service in a Financial Institution: Reality or Chimera?
Security as a Service in a Financial Institution: Reality or Chimera?Security as a Service in a Financial Institution: Reality or Chimera?
Security as a Service in a Financial Institution: Reality or Chimera?
Javier Losa
 
William Diederich - Security Certifications: Are They Worth the Investment? A...
William Diederich - Security Certifications: Are They Worth the Investment? A...William Diederich - Security Certifications: Are They Worth the Investment? A...
William Diederich - Security Certifications: Are They Worth the Investment? A...
centralohioissa
 
The Future of Cybersecurity - October 2015
The Future of Cybersecurity - October 2015The Future of Cybersecurity - October 2015
The Future of Cybersecurity - October 2015
Security Innovation
 
Best Practices for a Mature Application Security Program Webinar - February 2016
Best Practices for a Mature Application Security Program Webinar - February 2016Best Practices for a Mature Application Security Program Webinar - February 2016
Best Practices for a Mature Application Security Program Webinar - February 2016
Security Innovation
 
Breached! App Attacks, Application Protection and Incident Response
Breached! App Attacks, Application Protection and Incident ResponseBreached! App Attacks, Application Protection and Incident Response
Breached! App Attacks, Application Protection and Incident Response
Resilient Systems
 
Future of Cybersecurity 2016 - M.Rosenquist
Future of Cybersecurity 2016 - M.RosenquistFuture of Cybersecurity 2016 - M.Rosenquist
Future of Cybersecurity 2016 - M.Rosenquist
Matthew Rosenquist
 
Alex Hanway - Securing the Breach: Using a Holistic Data Protection Framework
Alex Hanway - Securing the Breach: Using a Holistic Data Protection FrameworkAlex Hanway - Securing the Breach: Using a Holistic Data Protection Framework
Alex Hanway - Securing the Breach: Using a Holistic Data Protection Framework
centralohioissa
 
Marcel van der Heijden - SpeedInvest & Aircloak - EU GDPR & Data Privacy Comp...
Marcel van der Heijden - SpeedInvest & Aircloak - EU GDPR & Data Privacy Comp...Marcel van der Heijden - SpeedInvest & Aircloak - EU GDPR & Data Privacy Comp...
Marcel van der Heijden - SpeedInvest & Aircloak - EU GDPR & Data Privacy Comp...
Burton Lee
 
HP2065_TieCon_Presentation_V7
HP2065_TieCon_Presentation_V7HP2065_TieCon_Presentation_V7
HP2065_TieCon_Presentation_V7
Mark Interrante
 
Ruben Melendez - Economically Justifying IT Security Initiatives
Ruben Melendez - Economically Justifying IT Security InitiativesRuben Melendez - Economically Justifying IT Security Initiatives
Ruben Melendez - Economically Justifying IT Security Initiatives
centralohioissa
 
Ofer Maor - Security Automation in the SDLC - Real World Cases
Ofer Maor - Security Automation in the SDLC - Real World CasesOfer Maor - Security Automation in the SDLC - Real World Cases
Ofer Maor - Security Automation in the SDLC - Real World Cases
centralohioissa
 
ICT and Cybersecurity for Lawyers August 2021
ICT and Cybersecurity for Lawyers August 2021ICT and Cybersecurity for Lawyers August 2021
ICT and Cybersecurity for Lawyers August 2021
Doug Newdick
 
Jason Harrell - Compliance and Security: Building a Cybersecurity Risk Manage...
Jason Harrell - Compliance and Security: Building a Cybersecurity Risk Manage...Jason Harrell - Compliance and Security: Building a Cybersecurity Risk Manage...
Jason Harrell - Compliance and Security: Building a Cybersecurity Risk Manage...
centralohioissa
 
Securing and automating your application infrastructure meetup 23112021 b
Securing and automating your application infrastructure meetup 23112021 bSecuring and automating your application infrastructure meetup 23112021 b
Securing and automating your application infrastructure meetup 23112021 b
lior mazor
 
Jervis Hui - No Tradeoffs: Cloud Security & Privacy Don't Need To Be At Odds
Jervis Hui - No Tradeoffs: Cloud Security & Privacy Don't Need To Be At OddsJervis Hui - No Tradeoffs: Cloud Security & Privacy Don't Need To Be At Odds
Jervis Hui - No Tradeoffs: Cloud Security & Privacy Don't Need To Be At Odds
centralohioissa
 
Digital Outsourcing: Risks, Pitfalls, and Security Considerations
Digital Outsourcing: Risks, Pitfalls, and Security Considerations Digital Outsourcing: Risks, Pitfalls, and Security Considerations
Digital Outsourcing: Risks, Pitfalls, and Security Considerations
Peter1020
 
Open Source Insight: AppSec for DevOps, Open Source vs Proprietary, Malicious...
Open Source Insight: AppSec for DevOps, Open Source vs Proprietary, Malicious...Open Source Insight: AppSec for DevOps, Open Source vs Proprietary, Malicious...
Open Source Insight: AppSec for DevOps, Open Source vs Proprietary, Malicious...
Black Duck by Synopsys
 
The Anatomy of a Cloud Security Breach
The Anatomy of a Cloud Security BreachThe Anatomy of a Cloud Security Breach
The Anatomy of a Cloud Security Breach
CloudLock
 
A Strategy for Addressing Cyber Security Challenges
A Strategy for Addressing Cyber Security Challenges A Strategy for Addressing Cyber Security Challenges
A Strategy for Addressing Cyber Security Challenges
Cybersecurity Education and Research Centre
 
Allianz Global CISO october-2015-draft
Allianz Global CISO october-2015-draftAllianz Global CISO october-2015-draft
Allianz Global CISO october-2015-draft
Eoin Keary
 
Top 12 Threats to Enterprise
Top 12 Threats to EnterpriseTop 12 Threats to Enterprise
Top 12 Threats to Enterprise
Argyle Executive Forum
 
Brian Henger - Psychological Warfare: How Cyber Criminals Mess With Your Mind
Brian Henger - Psychological Warfare: How Cyber Criminals Mess With Your MindBrian Henger - Psychological Warfare: How Cyber Criminals Mess With Your Mind
Brian Henger - Psychological Warfare: How Cyber Criminals Mess With Your Mind
centralohioissa
 
Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Control...
Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Control...Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Control...
Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Control...
centralohioissa
 
NUS-ISS Learning Day 2019-Software Platforms - Welcoming Unknown Enemies?
NUS-ISS Learning Day 2019-Software Platforms - Welcoming Unknown Enemies?NUS-ISS Learning Day 2019-Software Platforms - Welcoming Unknown Enemies?
NUS-ISS Learning Day 2019-Software Platforms - Welcoming Unknown Enemies?
NUS-ISS
 
Michigan Bankers Association Best 2014 enterprise risk management ppt
Michigan Bankers Association Best 2014 enterprise risk management pptMichigan Bankers Association Best 2014 enterprise risk management ppt
Michigan Bankers Association Best 2014 enterprise risk management ppt
Brian T. O'Hara CISA, CISM, CRISC, CCSP, CISSP
 
Dell Inc
Dell IncDell Inc
Dell Inc
Haroon Adil
 

More Related Content

What's hot

Breached! App Attacks, Application Protection and Incident Response
Breached! App Attacks, Application Protection and Incident ResponseBreached! App Attacks, Application Protection and Incident Response
Breached! App Attacks, Application Protection and Incident Response
Resilient Systems
 
Future of Cybersecurity 2016 - M.Rosenquist
Future of Cybersecurity 2016 - M.RosenquistFuture of Cybersecurity 2016 - M.Rosenquist
Future of Cybersecurity 2016 - M.Rosenquist
Matthew Rosenquist
 
HP2065_TieCon_Presentation_V7
HP2065_TieCon_Presentation_V7HP2065_TieCon_Presentation_V7
HP2065_TieCon_Presentation_V7
Mark Interrante
 
Ruben Melendez - Economically Justifying IT Security Initiatives
Ruben Melendez - Economically Justifying IT Security InitiativesRuben Melendez - Economically Justifying IT Security Initiatives
Ruben Melendez - Economically Justifying IT Security Initiatives
centralohioissa
 
Jason Harrell - Compliance and Security: Building a Cybersecurity Risk Manage...
Jason Harrell - Compliance and Security: Building a Cybersecurity Risk Manage...Jason Harrell - Compliance and Security: Building a Cybersecurity Risk Manage...
Jason Harrell - Compliance and Security: Building a Cybersecurity Risk Manage...
centralohioissa
 
Jervis Hui - No Tradeoffs: Cloud Security & Privacy Don't Need To Be At Odds
Jervis Hui - No Tradeoffs: Cloud Security & Privacy Don't Need To Be At OddsJervis Hui - No Tradeoffs: Cloud Security & Privacy Don't Need To Be At Odds
Jervis Hui - No Tradeoffs: Cloud Security & Privacy Don't Need To Be At Odds
centralohioissa
 
Digital Outsourcing: Risks, Pitfalls, and Security Considerations
Digital Outsourcing: Risks, Pitfalls, and Security Considerations Digital Outsourcing: Risks, Pitfalls, and Security Considerations
Digital Outsourcing: Risks, Pitfalls, and Security Considerations
Peter1020
 
Open Source Insight: AppSec for DevOps, Open Source vs Proprietary, Malicious...
Open Source Insight: AppSec for DevOps, Open Source vs Proprietary, Malicious...Open Source Insight: AppSec for DevOps, Open Source vs Proprietary, Malicious...
Open Source Insight: AppSec for DevOps, Open Source vs Proprietary, Malicious...
Black Duck by Synopsys
 

What's hot (20)

Breached! App Attacks, Application Protection and Incident Response
Breached! App Attacks, Application Protection and Incident ResponseBreached! App Attacks, Application Protection and Incident Response
Breached! App Attacks, Application Protection and Incident Response
 
Future of Cybersecurity 2016 - M.Rosenquist
Future of Cybersecurity 2016 - M.RosenquistFuture of Cybersecurity 2016 - M.Rosenquist
Future of Cybersecurity 2016 - M.Rosenquist
 
Alex Hanway - Securing the Breach: Using a Holistic Data Protection Framework
Alex Hanway - Securing the Breach: Using a Holistic Data Protection FrameworkAlex Hanway - Securing the Breach: Using a Holistic Data Protection Framework
Alex Hanway - Securing the Breach: Using a Holistic Data Protection Framework
 
Marcel van der Heijden - SpeedInvest & Aircloak - EU GDPR & Data Privacy Comp...
Marcel van der Heijden - SpeedInvest & Aircloak - EU GDPR & Data Privacy Comp...Marcel van der Heijden - SpeedInvest & Aircloak - EU GDPR & Data Privacy Comp...
Marcel van der Heijden - SpeedInvest & Aircloak - EU GDPR & Data Privacy Comp...
 
HP2065_TieCon_Presentation_V7
HP2065_TieCon_Presentation_V7HP2065_TieCon_Presentation_V7
HP2065_TieCon_Presentation_V7
 
Ruben Melendez - Economically Justifying IT Security Initiatives
Ruben Melendez - Economically Justifying IT Security InitiativesRuben Melendez - Economically Justifying IT Security Initiatives
Ruben Melendez - Economically Justifying IT Security Initiatives
 
Ofer Maor - Security Automation in the SDLC - Real World Cases
Ofer Maor - Security Automation in the SDLC - Real World CasesOfer Maor - Security Automation in the SDLC - Real World Cases
Ofer Maor - Security Automation in the SDLC - Real World Cases
 
ICT and Cybersecurity for Lawyers August 2021
ICT and Cybersecurity for Lawyers August 2021ICT and Cybersecurity for Lawyers August 2021
ICT and Cybersecurity for Lawyers August 2021
 
Jason Harrell - Compliance and Security: Building a Cybersecurity Risk Manage...
Jason Harrell - Compliance and Security: Building a Cybersecurity Risk Manage...Jason Harrell - Compliance and Security: Building a Cybersecurity Risk Manage...
Jason Harrell - Compliance and Security: Building a Cybersecurity Risk Manage...
 
Securing and automating your application infrastructure meetup 23112021 b
Securing and automating your application infrastructure meetup 23112021 bSecuring and automating your application infrastructure meetup 23112021 b
Securing and automating your application infrastructure meetup 23112021 b
 
Jervis Hui - No Tradeoffs: Cloud Security & Privacy Don't Need To Be At Odds
Jervis Hui - No Tradeoffs: Cloud Security & Privacy Don't Need To Be At OddsJervis Hui - No Tradeoffs: Cloud Security & Privacy Don't Need To Be At Odds
Jervis Hui - No Tradeoffs: Cloud Security & Privacy Don't Need To Be At Odds
 
Digital Outsourcing: Risks, Pitfalls, and Security Considerations
Digital Outsourcing: Risks, Pitfalls, and Security Considerations Digital Outsourcing: Risks, Pitfalls, and Security Considerations
Digital Outsourcing: Risks, Pitfalls, and Security Considerations
 
Open Source Insight: AppSec for DevOps, Open Source vs Proprietary, Malicious...
Open Source Insight: AppSec for DevOps, Open Source vs Proprietary, Malicious...Open Source Insight: AppSec for DevOps, Open Source vs Proprietary, Malicious...
Open Source Insight: AppSec for DevOps, Open Source vs Proprietary, Malicious...
 
The Anatomy of a Cloud Security Breach
The Anatomy of a Cloud Security BreachThe Anatomy of a Cloud Security Breach
The Anatomy of a Cloud Security Breach
 
A Strategy for Addressing Cyber Security Challenges
A Strategy for Addressing Cyber Security Challenges A Strategy for Addressing Cyber Security Challenges
A Strategy for Addressing Cyber Security Challenges
 
Allianz Global CISO october-2015-draft
Allianz Global CISO october-2015-draftAllianz Global CISO october-2015-draft
Allianz Global CISO october-2015-draft
 
Top 12 Threats to Enterprise
Top 12 Threats to EnterpriseTop 12 Threats to Enterprise
Top 12 Threats to Enterprise
 
Brian Henger - Psychological Warfare: How Cyber Criminals Mess With Your Mind
Brian Henger - Psychological Warfare: How Cyber Criminals Mess With Your MindBrian Henger - Psychological Warfare: How Cyber Criminals Mess With Your Mind
Brian Henger - Psychological Warfare: How Cyber Criminals Mess With Your Mind
 
Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Control...
Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Control...Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Control...
Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Control...
 
NUS-ISS Learning Day 2019-Software Platforms - Welcoming Unknown Enemies?
NUS-ISS Learning Day 2019-Software Platforms - Welcoming Unknown Enemies?NUS-ISS Learning Day 2019-Software Platforms - Welcoming Unknown Enemies?
NUS-ISS Learning Day 2019-Software Platforms - Welcoming Unknown Enemies?
 

Viewers also liked

Divyanshu open stack presentation -osi-ppt
Divyanshu open stack presentation -osi-pptDivyanshu open stack presentation -osi-ppt
Divyanshu open stack presentation -osi-ppt
OpenSourceIndia
 
79494197 financial-statement-analysis-and-strategic-analysis-of-dell
79494197 financial-statement-analysis-and-strategic-analysis-of-dell79494197 financial-statement-analysis-and-strategic-analysis-of-dell
79494197 financial-statement-analysis-and-strategic-analysis-of-dell
Anum Sohail
 
Dell Corporation Strategy
Dell Corporation StrategyDell Corporation Strategy
Dell Corporation Strategy
Dilip Pandey
 
Dell marketing strategy @gd
Dell marketing strategy @gdDell marketing strategy @gd
Dell marketing strategy @gd
Gaurav Dakhore
 
Dell - Strategy Analysis
Dell - Strategy AnalysisDell - Strategy Analysis
Dell - Strategy Analysis
Rory Tan
 

Viewers also liked (20)

Michigan Bankers Association Best 2014 enterprise risk management ppt
Michigan Bankers Association Best 2014 enterprise risk management pptMichigan Bankers Association Best 2014 enterprise risk management ppt
Michigan Bankers Association Best 2014 enterprise risk management ppt
 
Dell Inc
Dell IncDell Inc
Dell Inc
 
Divyanshu open stack presentation -osi-ppt
Divyanshu open stack presentation -osi-pptDivyanshu open stack presentation -osi-ppt
Divyanshu open stack presentation -osi-ppt
 
Dallas Talent Warriors Roadshow Presentation: Jennifer Jones Newbill
Dallas Talent Warriors Roadshow Presentation: Jennifer Jones NewbillDallas Talent Warriors Roadshow Presentation: Jennifer Jones Newbill
Dallas Talent Warriors Roadshow Presentation: Jennifer Jones Newbill
 
Dell PC & Laptop's Supply Chain Management
Dell PC & Laptop's Supply Chain ManagementDell PC & Laptop's Supply Chain Management
Dell PC & Laptop's Supply Chain Management
 
Dell presentation
Dell presentationDell presentation
Dell presentation
 
Dell and apple
Dell and appleDell and apple
Dell and apple
 
79494197 financial-statement-analysis-and-strategic-analysis-of-dell
79494197 financial-statement-analysis-and-strategic-analysis-of-dell79494197 financial-statement-analysis-and-strategic-analysis-of-dell
79494197 financial-statement-analysis-and-strategic-analysis-of-dell
 
Risk management models - Core Consulting
Risk management models - Core ConsultingRisk management models - Core Consulting
Risk management models - Core Consulting
 
Dell final power point
Dell final power pointDell final power point
Dell final power point
 
Dell Corporation Strategy
Dell Corporation StrategyDell Corporation Strategy
Dell Corporation Strategy
 
Dell 2013 Hypothetical Marketing Plan
Dell 2013 Hypothetical Marketing PlanDell 2013 Hypothetical Marketing Plan
Dell 2013 Hypothetical Marketing Plan
 
Human Resources Management at Dell Inc
Human Resources Management at Dell IncHuman Resources Management at Dell Inc
Human Resources Management at Dell Inc
 
Digital Strategy For Dell Alienware
Digital Strategy For Dell AlienwareDigital Strategy For Dell Alienware
Digital Strategy For Dell Alienware
 
Dell Strategic Management Presentation
Dell Strategic Management PresentationDell Strategic Management Presentation
Dell Strategic Management Presentation
 
Dell HRM depart
Dell HRM depart Dell HRM depart
Dell HRM depart
 
Dell marketing strategy @gd
Dell marketing strategy @gdDell marketing strategy @gd
Dell marketing strategy @gd
 
Samsung Case Study
Samsung Case StudySamsung Case Study
Samsung Case Study
 
Dell - Strategy Analysis
Dell - Strategy AnalysisDell - Strategy Analysis
Dell - Strategy Analysis
 
Dell ppt
Dell pptDell ppt
Dell ppt
 

Similar to Dell and Deloitte: Managing Risk in the Cloud with Salesforce

The What, Why, and How of DevSecOps
The What, Why, and How of DevSecOpsThe What, Why, and How of DevSecOps
The What, Why, and How of DevSecOps
Cprime
 
Security Architecture
Security ArchitectureSecurity Architecture
Security Architecture
Priyank Hada
 
Security Consulting Services - Which Is The Best Option For Me? - Diego Sor, ...
Security Consulting Services - Which Is The Best Option For Me? - Diego Sor, ...Security Consulting Services - Which Is The Best Option For Me? - Diego Sor, ...
Security Consulting Services - Which Is The Best Option For Me? - Diego Sor, ...
Core Security
 

Similar to Dell and Deloitte: Managing Risk in the Cloud with Salesforce (20)

bh-win-04-conacher.ppt
bh-win-04-conacher.pptbh-win-04-conacher.ppt
bh-win-04-conacher.ppt
 
Secure Iowa Oct 2016
Secure Iowa Oct 2016Secure Iowa Oct 2016
Secure Iowa Oct 2016
 
BATbern48_How Zero Trust can help your organisation keep safe.pdf
BATbern48_How Zero Trust can help your organisation keep safe.pdfBATbern48_How Zero Trust can help your organisation keep safe.pdf
BATbern48_How Zero Trust can help your organisation keep safe.pdf
 
chapter 1. Introduction to Information Security
chapter 1. Introduction to Information Security chapter 1. Introduction to Information Security
chapter 1. Introduction to Information Security
 
Module 6.pptx
Module 6.pptxModule 6.pptx
Module 6.pptx
 
Reducing the Chance of an Office 365 Security Breach
Reducing the Chance of an Office 365 Security BreachReducing the Chance of an Office 365 Security Breach
Reducing the Chance of an Office 365 Security Breach
 
The What, Why, and How of DevSecOps
The What, Why, and How of DevSecOpsThe What, Why, and How of DevSecOps
The What, Why, and How of DevSecOps
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information security
 
01Introduction to Information Security.ppt
01Introduction to Information Security.ppt01Introduction to Information Security.ppt
01Introduction to Information Security.ppt
 
Outpost24 webinar - The new CISO imperative: connecting technical vulnerabili...
Outpost24 webinar - The new CISO imperative: connecting technical vulnerabili...Outpost24 webinar - The new CISO imperative: connecting technical vulnerabili...
Outpost24 webinar - The new CISO imperative: connecting technical vulnerabili...
 
SLVA - Security monitoring and reporting itweb workshop
SLVA - Security monitoring and reporting itweb workshopSLVA - Security monitoring and reporting itweb workshop
SLVA - Security monitoring and reporting itweb workshop
 
Security Architecture
Security ArchitectureSecurity Architecture
Security Architecture
 
Just Trust Everyone and We Will Be Fine, Right?
Just Trust Everyone and We Will Be Fine, Right?Just Trust Everyone and We Will Be Fine, Right?
Just Trust Everyone and We Will Be Fine, Right?
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information security
 
Top learnings from evaluating and implementing a DLP Solution
Top learnings from evaluating and implementing a DLP Solution Top learnings from evaluating and implementing a DLP Solution
Top learnings from evaluating and implementing a DLP Solution
 
Security Consulting Services - Which Is The Best Option For Me? - Diego Sor, ...
Security Consulting Services - Which Is The Best Option For Me? - Diego Sor, ...Security Consulting Services - Which Is The Best Option For Me? - Diego Sor, ...
Security Consulting Services - Which Is The Best Option For Me? - Diego Sor, ...
 
Starting your Career in Information Security
Starting your Career in Information SecurityStarting your Career in Information Security
Starting your Career in Information Security
 
TUD CS4105 | 2015 | Lecture 1
TUD CS4105 | 2015 | Lecture 1TUD CS4105 | 2015 | Lecture 1
TUD CS4105 | 2015 | Lecture 1
 
Threat Modeling for System Builders and System Breakers - Dan Cornell of Deni...
Threat Modeling for System Builders and System Breakers - Dan Cornell of Deni...Threat Modeling for System Builders and System Breakers - Dan Cornell of Deni...
Threat Modeling for System Builders and System Breakers - Dan Cornell of Deni...
 
NZISF Talk: Six essential security services
NZISF Talk: Six essential security servicesNZISF Talk: Six essential security services
NZISF Talk: Six essential security services
 

More from Dreamforce

Modern Architectures: Keynote - Using Fabrics to Weave Success in the Cloud
Modern Architectures: Keynote - Using Fabrics to Weave Success in the CloudModern Architectures: Keynote - Using Fabrics to Weave Success in the Cloud
Modern Architectures: Keynote - Using Fabrics to Weave Success in the Cloud
Dreamforce
 

More from Dreamforce (20)

Dreamforce '19 Campus Map
Dreamforce '19 Campus MapDreamforce '19 Campus Map
Dreamforce '19 Campus Map
 
Dreamforce '18: Campus Map
Dreamforce '18: Campus MapDreamforce '18: Campus Map
Dreamforce '18: Campus Map
 
Dreamforce '18: Agenda Builder Guide
Dreamforce '18: Agenda Builder GuideDreamforce '18: Agenda Builder Guide
Dreamforce '18: Agenda Builder Guide
 
Dreamforce '17 Campus Map
Dreamforce '17 Campus MapDreamforce '17 Campus Map
Dreamforce '17 Campus Map
 
Dreamforce '17 Campus Map - Alternative Version
Dreamforce '17 Campus Map - Alternative VersionDreamforce '17 Campus Map - Alternative Version
Dreamforce '17 Campus Map - Alternative Version
 
Salesforce Health Cloud and Partners: Improving the Care Experience
Salesforce Health Cloud and Partners: Improving the Care ExperienceSalesforce Health Cloud and Partners: Improving the Care Experience
Salesforce Health Cloud and Partners: Improving the Care Experience
 
Dreamforce '16 Agenda at a Glance
Dreamforce '16 Agenda at a GlanceDreamforce '16 Agenda at a Glance
Dreamforce '16 Agenda at a Glance
 
Dreamforce '16 Sales Summit
Dreamforce '16 Sales SummitDreamforce '16 Sales Summit
Dreamforce '16 Sales Summit
 
The Official Dreamforce '16 Campus Map
The Official Dreamforce '16 Campus MapThe Official Dreamforce '16 Campus Map
The Official Dreamforce '16 Campus Map
 
Dreamforce '16 Agenda Builder Guide
Dreamforce '16 Agenda Builder GuideDreamforce '16 Agenda Builder Guide
Dreamforce '16 Agenda Builder Guide
 
Marketing Cloud: The Dawn of the Digital Marketer
Marketing Cloud: The Dawn of the Digital MarketerMarketing Cloud: The Dawn of the Digital Marketer
Marketing Cloud: The Dawn of the Digital Marketer
 
How to Maximize your Email Marketing by Adding Predictive Content, Mobile, an...
How to Maximize your Email Marketing by Adding Predictive Content, Mobile, an...How to Maximize your Email Marketing by Adding Predictive Content, Mobile, an...
How to Maximize your Email Marketing by Adding Predictive Content, Mobile, an...
 
Choosing the Right Solution: When to Use Pardot, Marketing Cloud, or Both
Choosing the Right Solution: When to Use Pardot, Marketing Cloud, or BothChoosing the Right Solution: When to Use Pardot, Marketing Cloud, or Both
Choosing the Right Solution: When to Use Pardot, Marketing Cloud, or Both
 
How Salesforce Uses Marketing Cloud
How Salesforce Uses Marketing Cloud How Salesforce Uses Marketing Cloud
How Salesforce Uses Marketing Cloud
 
Innovation Showcase: How Amazon and USAA Build Inspiring Apps on App Cloud
Innovation Showcase: How Amazon and USAA Build Inspiring Apps on App CloudInnovation Showcase: How Amazon and USAA Build Inspiring Apps on App Cloud
Innovation Showcase: How Amazon and USAA Build Inspiring Apps on App Cloud
 
Modern Architectures: How IoT will Transform and Disrupt your Industry
Modern Architectures: How IoT will Transform and Disrupt your IndustryModern Architectures: How IoT will Transform and Disrupt your Industry
Modern Architectures: How IoT will Transform and Disrupt your Industry
 
Innovation Showcase: Top Financial Services Apps Built on App Cloud
Innovation Showcase: Top Financial Services Apps Built on App CloudInnovation Showcase: Top Financial Services Apps Built on App Cloud
Innovation Showcase: Top Financial Services Apps Built on App Cloud
 
Innovation Showcase: How Amazon and USAA Build Inspiring Apps on App Cloud
Innovation Showcase: How Amazon and USAA Build Inspiring Apps on App CloudInnovation Showcase: How Amazon and USAA Build Inspiring Apps on App Cloud
Innovation Showcase: How Amazon and USAA Build Inspiring Apps on App Cloud
 
Modern Architectures: Keynote - Using Fabrics to Weave Success in the Cloud
Modern Architectures: Keynote - Using Fabrics to Weave Success in the CloudModern Architectures: Keynote - Using Fabrics to Weave Success in the Cloud
Modern Architectures: Keynote - Using Fabrics to Weave Success in the Cloud
 
Modern Architectures: Above the Platform, Beyond the App
Modern Architectures: Above the Platform, Beyond the AppModern Architectures: Above the Platform, Beyond the App
Modern Architectures: Above the Platform, Beyond the App
 

Recently uploaded

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Jeffrey Haguewood
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Orbitshub
 
ChatGPT and Beyond - Elevating DevOps Productivity
ChatGPT and Beyond - Elevating DevOps ProductivityChatGPT and Beyond - Elevating DevOps Productivity
ChatGPT and Beyond - Elevating DevOps Productivity
VictorSzoltysek
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Victor Rentea
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Victor Rentea
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 

Recently uploaded (20)

Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)
 
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
 
TEST BANK For Principles of Anatomy and Physiology, 16th Edition by Gerard J....
TEST BANK For Principles of Anatomy and Physiology, 16th Edition by Gerard J....TEST BANK For Principles of Anatomy and Physiology, 16th Edition by Gerard J....
TEST BANK For Principles of Anatomy and Physiology, 16th Edition by Gerard J....
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
Stronger Together: Developing an Organizational Strategy for Accessible Desig...
Stronger Together: Developing an Organizational Strategy for Accessible Desig...Stronger Together: Developing an Organizational Strategy for Accessible Desig...
Stronger Together: Developing an Organizational Strategy for Accessible Desig...
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
JohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptxJohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptx
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
AI in Action: Real World Use Cases by Anitaraj
AI in Action: Real World Use Cases by AnitarajAI in Action: Real World Use Cases by Anitaraj
AI in Action: Real World Use Cases by Anitaraj
 
ChatGPT and Beyond - Elevating DevOps Productivity
ChatGPT and Beyond - Elevating DevOps ProductivityChatGPT and Beyond - Elevating DevOps Productivity
ChatGPT and Beyond - Elevating DevOps Productivity
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
How to Check CNIC Information Online with Pakdata cf
How to Check CNIC Information Online with Pakdata cfHow to Check CNIC Information Online with Pakdata cf
How to Check CNIC Information Online with Pakdata cf
 
Quantum Leap in Next-Generation Computing
Quantum Leap in Next-Generation ComputingQuantum Leap in Next-Generation Computing
Quantum Leap in Next-Generation Computing
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Modernizing Legacy Systems Using Ballerina
Modernizing Legacy Systems Using BallerinaModernizing Legacy Systems Using Ballerina
Modernizing Legacy Systems Using Ballerina
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 

Dell and Deloitte: Managing Risk in the Cloud with Salesforce

  • 1. Dell and Deloitte: Managing Risk in the Cloud with Salesforce.com ​Erica Bell ​Enterprise Architect Sr Consultant ​Erica_Bell@dell.com ​Timothy Brown ​Dell Fellow and Executive Director for Security ​Timothy_g_brown@dell.com
  • 2. “May you live in interesting times.” –Chinese Curse I always thought it was a blessing!
  • 3. Salesforce.com at Dell Dell Salesforce.com implementation is one of the largest • 28 production orgs and 44 full copy sandboxes • Over 500,000 total consumed licenses • 55 integration points (variety methods used) 44 Full Copy Sdbx 28 Orgs 520,310 Total Licenses 55 Integration Points
  • 4. Our Salesforce.com Evolution 1. Process & Governance 2. People 4. Acquisitions 3. Strategy & Architecture ▪ Strong change management and governance processes ▪ Aligned globally and across all business units ▪ Align business strategy with architecture to deliver end-to-end scalable solutions ▪ Customizations to “fit” business needs/processes ▪ Best in class in-house Salesforce knowledge ▪ Training and certification programs ▪ Significant acquisition strategy (8-10 year) ▪ “Do no harm” approach
  • 5. Managing Security in Salesforce.com ​Established clear roles and responsibilities for business and IT resources. ​ IT Administrator ​ Business Administrator ​ Data Administrator ​Defined security protocols for development and governance. ​ Profile Management ​ Integration Management ​ Data Governance ​Develop clear segregation of duties. ​ IT processes (development, testing, and migration) ​ User review and approval ​Recognized the need to change our view and processes when deploying to the cloud. ​ Procurement process ​ RFP questions ​ Enterprise Architect review criteria ​How does Dell manage security and risk in the cloud?
  • 6. ​Inconsistent and unmanageable org strategy • Why? What happened? • “All you can eat” contract proliferated Dell’s org growth • Aggressive acquisition strategy further increased Dell’s org count • How was ‘the’ strategy developed? • Engaged Deloitte for assessment and best practices • Conducted discovery sessions (interviews, review documentation, etc.) • Evaluated each org and documented capabilities • Provided org consolidation recommendation (based on evaluation) • What are the results? • Certified org strategy and consolidation plan • 14 orgs decommissioned, 10 orgs outstanding, removed 19 full copy sandboxes Partnering with Deloitte ​Deloitte assisted Dell in developing an org strategy
  • 7. Broader Security Considerations Not just cloud providers responsibility – it’s the customers as well • Understand the crown Jewels • Manage the administrators, their access, and their usage • Who users are and what their access is and what their access should be • Understand the system entirely not just the individual components • Deloitte/Dell CloudMix 2.0 example • Audit and report appropriately per industry • Architect for containment of threats and minimized exposure • Take responsibility for your users including the potential for the insider threat
  • 8. What is an Insider Threat • Someone who is going to do harm to themselves or others • The companies responsibility not SFDCs • Insider threat program mandated by US government for all Federal employees doing cleared work • Traitor, Masquerader, Naïve User • Masqueraders, impersonators, infected machines • Traitors have gained access and but are both working for you as well as someone else • Naïve users are trying to do the right thing but making costly mistakes • Insider threat will increase as malware becomes less effective and more costly to produce • Determine intent of access and data moving outside it’s intent/mission • A program implemented by Dell and Deloitte that effects access to all internal and cloud resources ​The insider threat is also a concern to Dell
  • 9. Risk Scoring Framework IX. Additional Risk Indicators* • Business Expenses Paid by Credit Card or Cash Alert • Business or First Class Travel Alert • Group Meals Alert • Recurring Expenses Alert • Tips Alert I. Financial Policy Violations • Termination Date (i. e., Date Employee is Separating From Dell) II. Separation Status • Access Granted Anomalies • Access Denied Anomalies • Invalid Access Level • Invalid Card Format • Invalid Pin # • Invalid Facility Code IV. Physical Security Alerts • Destination Country • Pre-Travel Brief (Yes/No) • Post-Travel Brief (Yes/No) III. Foreign Travel • Security Clearance Level • Special Access Level • Classification • Knowledge of Safe Combination • Physical Access Privilege Profile Data V. Specialized Access Levels • Issue Summary • Report Type • Primary and Secondary Allegation Classification • Primary and Secondary Allegation Type • Primary and Secondary Priority (Severity) VI. Security Incidents • Issue Summary • Report Type • Primary and Secondary Allegation Classification • Primary and Secondary Allegation Type • Primary and Secondary Priority (Severity) VII. Ethics Incidents • Performance Rating • Employee Review – Dimension Comments (Parts 1 -4) – Manager • Performance Improvement Plan VIII. Performance History Concur: Financial Compliance & Analysis System PeopleSoft: Human Resources System of Record Access Commander: Personnel Management System of Record Lenel OnGuard: Physical Security System of Record IntegriLink: Ethics and Security Case Tracking System Taleo: Human Resources Performance Rating Appraisal System HR Analytics: Performance Improvement Plan Data Dell BAP Pilot Domains Insider threats are influenced by a combination of virtual, non-virtual, and organizational factors (e.g., access and clearance level). In order to quantify risk, an individual’s behavior across each landscape must be evaluated and weighted, based on the drivers of risk. The following eight domain areas have been identified for the pilot. Security Information and Event Management (SIEM) System Data Loss Prevention (DLP) System • As Dell decides to expand the pilot to all Federal business segments, additional data sources and PRIs will be critical to the success of the detection capability. Initial Pilot Data Sources An analysis of historical insider threat cases and interviews with Dell data owners identified seven target systems that could supply the PRIs outlined above. A Framework for Understanding Risk RiskScoring Criteria Data Sources
  • 10. Conclusion and Discussion • At Dell, maintaining a secure Salesforce.com ecosystem is high priority, and an ongoing process • Success at Dell is driven by a strong partnership between Salesforce.com, Deloitte, and Dell • A broad view of security, with shared responsibilities is essential to keeping one of the largest Salesforce.com implementations secure