Cloudy with a laptop standing next to text that says, "Security + AI Basics for Salesforce Admins."

Security + AI Basics for Salesforce Admins

By

Artificial intelligence (AI) is everywhere right now and everyone is talking about it. From having fun with generative imaging to staring in wonder at driverless cars, it seems that AI is popping up all over the place. Salesforce has made a ton of AI announcements with Sales GPT, Service GPT, Slack GPT, and beyond. As a Salesforce Admin, you’re probably asking a lot of questions about how these new AI products will change your Salesforce strategy, especially when it comes to security.

Security is one of the top (if not most) important responsibilities of a Salesforce Admin, so it’s critical that you start thinking now about how to prepare for new security challenges with AI. The most successful Salesforce Admins are ones that think ahead and plan for new features, so here’s my attempt to help you get ahead of these AI innovations and set your company and yourself up for success.

There are ways in which AI can be used to improve security with prevention and automation, and ways in which AI can introduce net new security risks like producing inaccurate results and increasing the complexity of cybersecurity attacks. At Salesforce, our Ethics, Legal, and Security teams work closely together to shape our AI strategy, which is why we develop our products using these trusted AI principles—responsible, accountable, transparent, empowering, and inclusive—which might be helpful as you put together your own strategy.

I think of AI and security for Salesforce Admins (and all practitioners) in four buckets: user access and usage, Salesforce products, admin skills, and enablement.

User access and usage

The first thing all Salesforce Admins should do is develop a policy about users taking data from Salesforce and putting it into an external generative tool or database. If a user shares potentially sensitive corporate or customer information with a large language model (LLM), that means an attacker or competitor could access that information through prompts. So right now, I recommend partnering with your legal department to create a company policy so your users know how to protect company data. It might read something like, “Don’t put any data from our Salesforce system into an external AI tool.”

The next thing to think about is people using AI to input data into Salesforce or to create code for building Salesforce. As they say, bad data in, bad data out. So if someone uses a generative AI tool to create data and then adds that into Salesforce, it could compromise your data quality. Same goes for using AI tools to generate code. There’s no guarantee that the code generated will be up to industry security standards, so you need to treat anything generated with external AI tools as untrusted.

Salesforce AI products

Here’s the good news: our on-platform AI solution, Einstein, is built on top of the Einstein Trust Layer. When you’re building solutions with Sales, Service, Marketing, Commerce, Slack, or Tableau, the Einstein Trust Layer ensures your data is secure by protecting personally identifiable information (PII) and creating guardrails to prohibit things like publishing code directly to production. This is true of all of your standard objects and any custom fields or customs objects you have created. You can learn more about the latest AI innovations at Salesforce in this great keynote from London World Tour.

To set your company up for success with AI, now’s the time to clean and classify your data. That means figuring out which levels of data require protection and what AI will have access to. As Jason Ross, lead enterprise security engineer at Salesforce, says, “This can be a tedious process, but it’s critical to the security of the org.”

Admin skills

Now that you’ve got your security AI strategy in place for your company, it’s time to focus on your own personal strategy. “Salesforce Admins are going to be rockstars with AI,” says Patrick Stokes, EVP Products & Industries at Salesforce (watch the full discussion here). Why? Because Salesforce Admins already have the skills to put AI to work securely and effectively with Salesforce. You’ve already got strong security mindset skills because you’re reading this post. Now, you can strengthen your AI skills on Trailhead and experiment with generative chat tools to learn how to create great prompts, which will come in handy for building great user experiences with Salesforce’s generative AI products.

Enablement

As a Salesforce Admin, one of your biggest (and perhaps toughest) jobs is to get buy-in from stakeholders and get users to adopt your solutions. When it comes to AI, the first questions your stakeholders and users will ask are about security and safety: “How do we know our data is protected?” “Can we trust AI?” “Will AI change or take my job?” That means it’s your job to address these questions and fears by listening and educating. Listening is perhaps the most important piece of this task because if you listen to your stakeholders and users, you learn what they need and they feel like you care about their needs.

Another helpful thing to explain is that Salesforce runs on our own platform, and any Salesforce AI product you use, we use. As Jason says, “We understand the security concerns IT and executives have around AI, and we’ve worked diligently to provide information to educate about those concerns, as well as provide technical controls in the platform itself to address them. Key among these strategies is the zero-retention policy Salesforce has in place for AI processes: The data customers provide to AI for use is not kept beyond the processing step and is not used to further train models.” The information our top-notch AI Research team has developed around AI will help you address your stakeholders’ concerns.

Before you get overwhelmed by AI and security, remember that AI is not new to Salesforce. Einstein Bots and Einstein Next Best Action have been generally available (GA) for many years, and yes, they’re built with AI. That means Salesforce (and possibly you) has years of experience building in security with AI products. You’ve got this, Salesforce Admin!

Resources

Introduction to Agentforce for Salesforce Admins

Introduction to Agentforce for Salesforce Admins

What is Agentforce? We are living in the artificial intelligence (AI) era, currently in the third wave of the AI revolution focused on contextual and generative AI and characterized by prompt-based generative AI, real-time AI applications, and autonomous agents. Agentforce is the suite of both assistive and autonomous agents built on the Salesforce platform. Agents […]

READ MORE
Connect teams and data with Salesforce Foundations

Connect Teams and Data with the New Salesforce Foundations

As Salesforce Admins, you’re well-versed in delivering Salesforce features to your users and stakeholders. Now, we’re making it even easier for you to get the most out of Salesforce by adding cross-department features built into your existing CRM. The exciting news from Dreamforce ’24 is Salesforce Foundations, which brings built-in, key features to Sales Cloud […]

READ MORE