Software as a Service as a Security Battleground

Salesforce.com reached a milestone last fall: 1 million people using the online software company to host their customer relationship management systems and other key business processes. Those users were at more than 1,600 financial services firms including ABN Amro, SunTrust Banks, Daiwa Securities and Bear Stearns–Merrill Lynch & Co. alone accounted for 25,000.

That amounts to a big cultural shift. As recently as 2005, financial firms kept all their customer data close, behind corporate firewalls, in steel safes. Wall Street hardly seemed ready to entrust that data to a start-up. However, Salesforce.com challenged that thinking by proving, first to Merrill Lynch and then others, that its security was as good as a bank’s. With trust came respectability and customers, as well as unwanted attention from hackers.

In October, the San Francisco-based company acknowledged that it had lost data in an attack. “A Salesforce.com employee had been the victim of a phishing scam that allowed a Salesforce.com customer contact list to be copied,” said technology EVP Parker Harris in a letter to customers. “To be clear, a phisher tricked someone into disclosing a password, but this intrusion did not stem from a security flaw in our application or database.”

Article originally appeared in Securities Industry News, which has since closed down.