The case for the securability of the cloud, especially in the context of (i) existing state of (in)security in the on-premise data center and (ii) value of added information leverage, even versus worst-case assessment of added risk, for information assets in cloud environments

1. Yes, Clouds Can Be Secure
Peter Coffee
Director of Platform Research
salesforce.com

2. Safe Harbor Statement
“Safe harbor” statement under the Private Securities Litigation Reform Act of 1995: This presentation may contain forward-
looking statements including but not limited to statements concerning the potential market for our existing service offerings
and future offerings. All of our forward looking statements involve risks, uncertainties and assumptions. If any such risks or
uncertainties materialize or if any of the assumptions proves incorrect, our results could differ materially from the results
expressed or implied by the forward-looking statements we make.
The risks and uncertainties referred to above include - but are not limited to - risks associated with possible fluctuations in
our operating results and cash flows, rate of growth and anticipated revenue run rate, errors, interruptions or delays in our
service or our Web hosting, our new business model, our history of operating losses, the possibility that we will not remain
profitable, breach of our security measures, the emerging market in which we operate, our relatively limited operating
history, our ability to hire, retain and motivate our employees and manage our growth, competition, our ability to continue to
release and gain customer acceptance of new and improved versions of our service, customer and partner acceptance of
the AppExchange, successful customer deployment and utilization of our services, unanticipated changes in our effective
tax rate, fluctuations in the number of shares outstanding, the price of such shares, foreign currency exchange rates and
interest rates.
Further information on these and other factors that could affect our financial results is included in reports on Forms 10-K,
10-Q and 8-K and in other filings we make with the Securities and Exchange Commission from time to time. These
documents are available in the SEC Filings section under Investor Information at www.salesforce.com/investor.
Salesforce.com, inc. assumes no obligation and does not intend to update these forward-looking statements, except as
required by law.

3. What is “secure”?

4. The Nouns and Verbs of Security
Preserve integrity, availability & access
Permit authentication and authorization
Assure confidentiality & control
Promote awareness and accountability
Perform inspection; maintain protection;
afford detection; enable reaction; build on
reflection

5. The Nouns and Verbs of Security
Preserve integrity, availability & access
Permit authentication and authorization
Assure confidentiality & control
Promote awareness and accountability
Perform inspection; maintain protection;
afford detection; enable reaction; build on
reflection

6. The Nouns and Verbs of Security
If all you want is data protection, put it on
tape and store it in a Kansas cavern
The point of security is to maximize the
risk-adjusted value of the asset: money in
a bank, not under a mattress
Infosec is therefore a process, not a
product; a mode of travel, not a destination

7. “Secure” against what?

8. “Who” Matters So Much More than “Where”
"There are five common factors that lead
to the compromise of database
information":
• ignorance
• poor password management
• rampant account sharing
• unfettered access to data
• excessive portability of data
DarkReading.com, October 2009

9. Clouds Can Be
Usefully Secure

10. Single-Tenant vs. Multi-Tenant Clouds
Shared infrastructure
Other apps
App 2
App 1 App Server
App 3
App Server Database App Server
Database OS Database
OS Server OS
Server Storage Server
Storage Network Storage
Network Network
Single tenancy entails creation of multiple In a multi-tenant environment, all
software stacks, whether real or virtual: applications run under a common trust
each layer in each stack represents a model: more manageable, more consistent,
distinct opportunity for misconfiguration or more subject to rigorous scrutiny by trained
other sources of security risk specialists (internal & customer)

11. Every Act an Invocation: Granular Privilege

12. Bottom-Up Design to be “Shared and Secure”
Apply Data
Login… Authenticate… Security Rules… View Filtered Content
Password security policies
Rich Sharing Rules
User Profiles
SSO/2-factor solutions

13. Governance: More Eyes, More Agendas
Expanding legislation, regulation, mainstream mind share
Rising standard of due diligence
Desktop/laptop systems carry far too much “state”
– More data than people actually use
– Far too much data that user may easily lose
– More than one version of what should be one shared truth
Cloud’s Solutions:
– Logical view of exactly one database
– Profile definitions manage privilege sets
– Activity logs precisely record actions

14. Common Controls + Customer Choices
Strong Session Management
Every row in the database contains an ORG_ID - Unique encoded string
Session Tokens – user unique, non-predictable long random value generated for
each session combined with a routing “hint” and checksum, base64 encoded
Contains no user-identifiable information
Session Timeout – 15 Mins to 8 Hrs
Lock Sessions to IP – prevent hijacking and replay attacks
SSLv3/TLS used to prevent token capture / session hijacking
Session Logout – Explicitly expire and destroy the session

15. Put What You Want, Where You Want
“This is process lite. It gives my business users what they want,
a unique app for each sales team, fundamentally reflecting their own personality.
“And yes, I get a single standard SAP integration. It’s a terrific success.”
–CIO, Fortune 500 Firm
Deployments
Sales
Sales 4 Months
Distributors (Oct ’06- Feb ’07)
Distributors
EMEA 1 Month
EMEA
(Dec ’06)
Inside Sales
Inside Sales
AFS Global 5 Months
AFS Global
(Dec ’06 – May ’07)
Sales
Sales
SAP back-end FLPR Field
FLPR Field 2Q07
integration Sales
Sales
Customized for
Diverse Sales Groups

16. World-Class Defense in Depth
Facility Security Network Security Platform Security
• 24x365 on site security • Fault tolerant external firewall • SSL data encryption
• Biometric readers, man traps • Intrusion detection systems • Optional strict password policies
• Anonymous exterior • Best practices secure systems mgmt • SAS 70 Type II & SysTrust Certification
• Silent alarm • 3rd party vulnerability assessments • Security certifications from Fortune 50
• CCTV financial services customers
• Motion detection • May 2008: ISO 27001 Certification
• N+1 infrastructure
“There are some strong technical security arguments in favor of Cloud
Computing… (Craig Balding, Fortune 500 security practitioner)

17. Trust is a Product of Transparency

18. How salesforce.com Achieves Trust
Robust infrastructure security
Rigorous operational security
Granular customer controls
– Role-based privilege sets
– Convenient access control & audit
“Sum of all fears” scrutiny and response
– Multi-tenancy reduces opportunities for error
– The most demanding customer sets the bar

19. Peter Coffee
Director of Platform Research
pcoffee@salesforce.com Next?
facebook.com/peter.coffee
twitter.com/petercoffee