Case Study

Salesforce.com accelerates a cultural transformation

  • AdobeStock_77872998

Google, Facebook, Apple, New York Times, and numerous other leading corporations across the globe have fallen victim to sophisticated cyber-attacks. In each case, employees were the unknowing entry-point into the company’s system. For Salesforce.com, the leading provider of cloud computing, the threat of a cyber-attack is particularly close to their business.

To further the transition towards cloud computing, drive product sales, and enable future growth, the company recognizes security as critical to success. With the prevalence of new cyber threats, Salesforce.com is committed to further implementing a security-first culture among both current employees and new talent. To accelerate execution of the security-first initiative, the company was challenged to shift employees’ mindsets and build strategic alignment to effectively protect property, assets, and sensitive information.

Think Like a Chief Security Officer, Detection Everywhere

Navigating from strategy to execution, Salesforce.com aimed to create a security-first mindset among each member of the organization. The company recognized that employees must understand the role of security both internally and externally, from the customers’ perspective, while also understanding common vulnerabilities from online phishing scams to social engineering tactics and physical security threats.

To enable success, Salesforce.com partnered with BTS, a leading strategy implementation firm, to develop an interactive strategy execution program. To deliver maximum applicability and impact, BTS consultants worked closely with the company’s Trust team and cross-functional leaders to craft an experience aligned to and reflective of the key strategic priorities. The resulting 90-minute customized initiative integrated a series of experiential learning activities designed to:

  • Promote discussion around current security threats
  • Develop alignment around the implications for Salesforce.com
  • And identify tactical and strategic actions to avoid or prevent incidents across all devices

Immersed in the high-impact experience, teams of cross-functional employees were given the opportunity to step outside of their traditional roles, collaborate in new ways, and explore security vulnerabilities in a risk-free environment. Assuming the role of a cyberattacker, individuals designed their own attack, and as a result, ultimately identified the basic behaviors each individual can practice to make the company more secure. By practicing execution in an interactive, competitive environment, the managers’ first-hand experience enabled them to appreciate the threat of a cyber-attack and recognize the value of the security-first initiative.

A Cultural Transformation Ensures Long Term Success

Following the cultural transformation and strategy execution initiative, participants were unknowingly subjected to penetration tests using phishing emails to measurethe effectiveness of the Detection Everywhere program. The results demonstrated the effectiveness of the experiential learning initiative in embedding a security-first culture into the organization. Detection Everywhere alumni clicked on phishing links and downloaded non-secure files at lower rates and reported security incidents at higher rates than the general population, both indicating the positive behavioral impact.

From the perspective of participating leaders, the program was highly impactful, and the results are tangible:

  • 86% of participants will recommend the program to colleagues.
  • 81% of participants believe that the program better equipped them to spot a security threat inside and outside of work.
  • 72% of participants have actively worked to reduce their cyber vulnerabilities.

The successful alignment of Salesforce.com’s employees to the security-first initiative has proved instrumental in accelerating the cultural shift at every level of the organization, ultimately better protecting the company from security threats. 

The Strategy Execution Partnership Set to Continue

The successful alignment of Salesforce.com’s employees to the security-first initiative has proved instrumental in accelerating the cultural shift at every level of the organization, ultimately better protecting the company from security threats.

The positive momentum is expected to continue. Going forward, BTS will continue to serve as a strategic partner, implementing the program globally to ensure that the security-first culture is effectively embraced and the company’s property, assets and sensitive information is protected across all locations.