In transparency we trust: Q&A with Senior Director, Trust and Security at FinancialForce
Here at FinancialForce, we know that security, availability, and application processing integrity are critical for our customers. That’s why we are dedicated to providing industry-leading security for our customers’ data assets through our Security and Trust program. In this Q&A, I sit down with Tahla Tariq, Senior Director of Trust and Security at FinancialForce, to chat about our compliance program, what it entails and to learn more about his life.
1) Security & Trust… what does that entail?
In the cloud ecosystem customers are typically interested in security and compliance matters related to their data. Traditionally security has been focused on confidentiality, integrity and availability aspects while privacy matters focusing on collection and appropriate use of data. Trust takes these concepts further by making the program visible and transparent to existing and prospect customers. Think of it as a more proactive approach of combining principles of security, privacy and compliance. We want to take a more proactive and open approach with our programs to give assurance to our customers that their information can be trusted with us and we will do the right thing with their data. Being transparent about our security practices help us mature faster and builds mutual trust in the ecosystem.
2) What are some things you’ve done/put in place during your first year that has helped our security and compliance program?
When I joined FinancialForce a little over a year ago, we took a look across the board at our security capabilities, including features in our products, effectiveness of key processes and controls, depth and breadth of security organization, risks and relationships with our vendors and partners. This effort, along with insights from senior management, R&D, IT and our partner, Salesforce created a security roadmap. Some of the many security improvements we made as a result include:
Security governance and leadership is important to have a sustainable program and vision. As such I joined FinancialForce to build and lead the security function. My primary focus is to enhance our security program to ensure we are building and delivering best in class secure products to our customers and being absolutely diligent in protecting customers data and our crown jewels. We restructured the security teams to focus on various aspects including product security, vendor risk management, security operations, vulnerability assessments, policy, and governance. We also formed an enterprise security committee to identify and address security threats across the company.
We closely aligned our security program with our partner, Salesforce. We have a close and very good working relationship with various Salesforce security and compliance teams to bring best in class security expertise for our products and platform. We have conducted joint breach response exercises and security assessment of our applications. Think of Salesforce security as an extended team of FinancialForce. No other platform including AWS / Azure has a working model like that for their partners.
Over the past year we have invested heavily in our security architecture, including data protection, monitoring and access control of our systems. We work closely with innovators in the field and continue to push the boundaries of modeling a model secure cloud company.
Every year we perform a full audit of our entire security program. Over the last year, we have developed and enhanced various processes to allow for more consistent, efficient and reliable controls ultimately providing a greater level of trust in our security program.
In the coming year, you will see a lot more. At FinancialForce we take security seriously and will continue to grow, develop and adapt our program to identify and address emerging threats. We also continue to listen to customers and prospects to ensure the product and service features meet or exceed business security needs.
3) What can customers and prospects learn from trust.financialforce.com page?
Security is not a goal, it’s a journey with constant improvements based on newer threats, attack vectors, emerging trends and changing regulatory landscape for technology and cloud providers. On our trust page we publish updates about our security program, how it benefits the customers, security and privacy thought leadership from us and references to helpful material from Salesforce that customers can use to improve the security of their FinancialForce products and Salesforce implementations.
4) Finally, what are some of your personal hobbies and passions?
When I’m not spending time with my 4 year old, I am usually exploring nature and doing photography. I love traveling and enjoy capturing artistic nature photographs. I’m also extremely passionate about education causes, especially education for the underprivileged. I volunteer at various places including mentoring kids and working with entities like The Citizens Foundation to help provide education opportunities for underprivileged children. I believe many of the problems we’re facing in this world can be solved with education including crime, poverty, hunger, and racism. Most of us were lucky and privileged to have good learning opportunities that helped us be where we are. Imagine for a second the dreams of millions of kids living in poverty and war-ridden areas and the potential for positive world change they can bring if they had the right platform and opportunity.
On a personal side, I am lucky to have a wife and kid who love traveling and being outdoors as much as I do. We’re found on beaches to deep in woods pretty much every weekend.