Inside the strategy of Salesforce’s new Chief Trust Officer

Recently, Salesforce named Brad Arkin, previously Chief Security & Trust Officer at Cisco, the company’s new Chief Trust Officer. This was the perfect opportunity to find out more about his plans.

In this Help Net Security interview, Arkin discusses a collaborative approach to building trust among customers, employees, and stakeholders, focusing on transparency, shared responsibility, and empowering others to integrate trusted and responsible technologies.

Trust can be an abstract concept. How do you measure the success of trust-building initiatives within the organization?

Trust can seem like an abstract concept, but it’s critical to the success of businesses everywhere. At Salesforce, Trust is our #1 value, and we build security into everything we do – across the business and our entire ecosystem – so that our customers and partners can focus on growth.

We see the value of our trust initiatives, like zero-trust architecture and transparent communications, in everything from our customer feedback to overall business growth. That’s the mission and why I’m here — to listen to customers, understand their priorities, and then apply those learnings to optimize our security systems and communications.

Diving deeper, Salesforce has a world-class security team with security tools and systems to prevent, detect, and respond to any security threat. We also implement the U.S. National Institute of Standards and Technology (NIST) cybersecurity framework (CSF). This metrics-based framework enables us to measure every security effort and project by tying it back to the five pillars of NIST CSF, from identify to recover (Identify, Protect, Detect, Respond, Recover). Additionally, we use the SANS Security Awareness Maturity Model as a benchmarking tool to guide the maturity level of our security awareness program. And we continuously strive to reach and maintain sustained “culture change” and “metrics framework” benchmarks.

How do you build trust among customers, employees, and other stakeholders?

We earn the trust of our customers, employees, and ecosystem through transparency, security, compliance, privacy, and performance. Every day, a global customer base counts on Salesforce to deliver game-changing technology like AI, trusted and at scale so they can be successful.

Trust starts with transparency. Our customers should know when we succeed and fail, how we protect their information, and how their insights are generated. Although certain situations — especially those in the security landscape require more discretion about who knows what and when — transparency remains vital in building and maintaining that trust.

We also instill the mindset that building trust is a shared responsibility across our company —from the top down and bottom up. That shared responsibility also extends beyond our walls. We are a trusted advisor, empowering our customers, the industry, and the government with the resources they need to evaluate, integrate, and develop trusted and responsible technologies across their business.

By taking a collaborative, education-focused approach to security and investing in tools, training, and support for everyone who works for and with us, we can instill even greater trust across our ecosystem.

How do you integrate ethical considerations into decision-making processes at the executive level?

A core business imperative for us is ethics — particularly as we dive into fast-developing technologies like building and using trusted AI, and all the decision-making that comes with these new innovations. For over a decade, Salesforce has invested in ethical AI. Our Office of Ethical and Humane Use guides the responsible development and deployment of AI, both internally and with our customers, and in the past year alone, has released Guidelines for Generative AI and published an AI Acceptable Use Policy.

With rising cybersecurity threats, how does this impact your strategy for building digital trust?

Security incidents are a matter of if, not when, and cyber resiliency is top of mind for customers. At Salesforce, we anchor our security strategy on four key pillars:

1. Building a trust-first culture
2. Nailing the basics
3. Delivering trusted innovation
4. Raising the bar for security.

To break it down, that means:

• Trust is the customer’s ability to depend on Salesforce’s security, performance, and transparency. Having a trust-first culture means Salesforce builds security into everything we do, from the inside out, so our customers can focus on growing and innovating. We have a track record of success because we own our failures and learn from them to make us better.
• Our Foundational Security pillar is about nailing the basics. We think of it as doing the common uncommonly well, inclusive of patching vulnerabilities, detecting, and mitigating threats, and educating employees on how to be defenders for security.
• Trusted Innovation recognizes that security is an enabler, not a blocker. Companies face an ever-increasing need to go faster, and Salesforce’s security strategy is built to support innovation securely. Our engineers build defense-in-depth into all our systems because we know that taking a risk-based approach to designing our products is critical to maintaining world-class security.
• We recognize that attacks and attackers are getting more sophisticated every day. Salesforce’s team of exceptional security professionals continually innovates and raises the bar to stay ahead of tomorrow’s threats. Through initiatives like our bug bounty program, MFA requirements, industry-wide collaboration, and more, we are continually working to secure not just Salesforce products but the entire digital ecosystem.

What is your vision for the role of Chief Trust Officer in the future, and how do you see it evolving? What are the biggest challenges and opportunities you foresee as Chief Trust Officer?

As I step into the Chief Trust Officer role, my mission is to help Salesforce continue to earn the trust of our customers, employees, and stakeholders by raising the bar for data security, transparency, privacy, and performance.

When it comes to trust, we will never rest on our laurels. From providing counsel on security best practices to offering training on the tools available to strengthen the security measures, I look forward to partnering with our ecosystem to ensure they have the resources they need to build trust and security across their business.