Generative AI is the golden child of technology these days, and in this week’s episode of Speed Data, Yohan Kim, Distinguished Security Technical Architect for Salesforce gives insight into AI functionality and customer sentiments. He joined host Megan Garza to discuss the trends he sees in AI use, what his customers are looking for in machine learning capabilities, and how an innocuous phone call could be an exploitation attempt in disguise. Read more here: https://www.varonis.com/blog/unpacking-gen-ai-with-yohan-kim #Salesforce #GenAI #DataSecurity
Generative AI is the golden child of technology these days, and in this week’s episode of Speed Data, Yohan Kim, Distinguished Security Technical Architect for Salesforce gives insight into AI functionality and customer sentiments. He joined host Megan Garza to discuss the trends he sees in AI use, what his customers are looking for in machine learning capabilities, and how an innocuous phone call could be an exploitation attempt in disguise.
Read more here: https://www.varonis.com/blog/unpacking-gen-ai-with-yohan-kim
#Salesforce #GenAI #DataSecurity
[00:00:00] Welcome to Speed Data, quick conversations with cybersecurity leaders. I'm your host, Megan Garza. Today, I'm joined by Johan Kim, Distinguished Security Technical Architect at Salesforce. Welcome to the show, Johan. Thanks for having me. Johan's mission is to share security insights and build trust in an ever changing world of tech.
In his role at Salesforce, Johan helps customers better understand functionality and security features the organization has to offer. Often dubbed a Salesforce evangelist, Johan ensures users of the world's largest CRM have the tools they need to protect their sensitive information. Before joining the sales loss team in 2015, Johan worked for some of the world's largest companies, including PwC, Deloitte, and Booz Allen Hamilton.
Today, a San Franciscan based security professional works to develop relationships with his [00:01:00] customers and provide them with the best security strategies and capabilities possible. Johan, you work very closely with your Salesforce customers. What is their point of view, and what are they looking for in a CRM platform?
I discuss security with customers almost every day. Customers want value from their CRM investment, and every dollar counts. They want it to be easy to set up and admin, seamless to integrate. They want security features without it disrupting critical business functionality, and just want something that works.
When the conversation reaches me, it's about security. And customers want to understand the system's capabilities. For example, if it logs granular user activity, like page loads and mouse clicks, and if it can scan Salesforce data for credit card numbers and attachments. These, like, nuanced questions are very important to them.
And what are you seeing in terms of what customers are hoping to achieve? What are their goals? For some customers, Salesforce is the center of the universe. For others, it's just another cloud. Like any tool, it's one of the many SaaS platforms. [00:02:00] tools that they can have and they want to be sure that it's aligned to their use case, adopted by their business, and that it builds on their people, process, and products.
Along the same lines of getting value, customers want solutions that are secure and compliant so they can focus more on their business and less time worrying about if the tools are exposing them to risks. At the C level, I hear a lot about customers wanting assurance that their data isn't being retained for longer than they need it retained or retained at all.
And they want to know that their data isn't being used to train AI models, especially ones that their competitors have access to, and that it's properly managed. And speaking of AI, how do you see Gen AI solutions like Microsoft Copilot or Salesforce's Einstein shaping the future? Hopefully more free time, or rather, time saved.
I see a future that's more productive. and efficient with Gen AI. Although, I think it's going to take some time to get comfortable enough with it to fully get there. Salesforce [00:03:00] has long promoted digital transformation, emphasizing its value in customer interactions. And now I think the focus is on realizing the full potential of the technology.
Companies are are evolving to leverage these capabilities so that they can stay competitive or, for some companies, ultimately just to survive. And JAI is indeed being adopted at a remarkable pace, faster than any of the other technologies historically. It's enhancing market, sales, service, areas where Salesforce really shines.
I see some of it sprinkled around without even looking for it. For instance, You click this little star in Slack and it summarizes your conversation. You can be really specific for like unreads, unread messages, or specific channels. I used it after taking a two months leave of absence, and I thought the summary of thousands of messages was pretty good, and I expect it to get better.
And just as sales is unimaginable with Salesforce, I see a future where AI is essential for efficiency. And what type of security [00:04:00] trends have you noticed in the wild recently? Customers are optimistic about all the AI and machine learning capabilities, but they're apprehensive about sticking their data in the models for good reason.
There's a lack of clarity in how governments, companies, and communities will ensure that AI and all the systems built and deployed around it are safe and ethical. There's a new law as of May 2024 called the AI Act, It's a world's first comprehensive AI law regulating the use of AI in the, in the EU. I see it kind of like the GDPR of AI.
I suspect we'll see some more of this in the same way GDPR spurred other privacy related laws. We have like CCPA in California and in Colorado, CPA. I predict customers will try to get ahead of the ball in the same way they were doing it for, for privacy and other regulations. I also find myself in a lot of conversations related to like chats, chatbots, um, what all the, all the data coming [00:05:00] in from places that we didn't know.
How do we protect people from entering the sensitive information in there? How do we keep it away from the agents who don't need to see it, but needed to resolve a case? Um, and if the agent is a bot, is it okay? If that's, if they're allowed to have it, how do we distinguish? Uh, real people from machines. I see this, a lot of interesting questions coming with the inevitable convergence of humans and machines.
And it's obviously a huge shift, but what do you predict the biggest shift in cybersecurity to be? I think it's just continued increasing sophistication in mostly the attack vectors we've always known of. Social engineering, ransomware, phishing. I think no matter where the shift is, people are always going to be the weakest link.
And speaking of phishing, there's something called vishing, and there's this, it's a technology where you can emulate a voice. And, you know, there's been some of it used in, in the entertainment area where they have, you know, M& Ms [00:06:00] or Tupac's voice on a completely new track. And some of it sounds pretty good.
So, uh, I know that that's, you know, that's really the tip of the iceberg. It could be used to gain access to places where they authenticate via voice. And you actually made me think of something that. I've heard that if somebody calls you and you don't recognize the phone number, that you're not supposed to say hello or say anything because they could potentially capture your voice and then use that for authentication processes or authentication measures.
Yeah, actually, um, I know that Amex uses voice verification. Um, if someone calls you up, I've also heard not to say the word yes or yeah, because then once they record that, they can use that to They agree to, you know, another question being asked. I wouldn't have thought that you have to be so cautious about something just as answering a phone call.
You know, it's, it's back to that weakest link. A lot of the customer service representatives, I think if they, you know, there's discretion [00:07:00] on those calls. I mean, they, a lot of them use the thing where they give you a text message or a kin to your phone or send you an alert to your phone. Some of those processes are not comprehensive like that or well thought out and they use The, um, voices, and if you can, you know, name your mother in law's last name, uh, her maiden name, like they, there's still a lot of processes where you can gain access using information you can find on socials.
Yeah, just simple social engineering. And lastly, what is the most important thing to remember when working in cybersecurity? You gotta keep learning and be prepared. For decision makers, it means being comfortable accepting risk for things that you can't control. And have a plan for things you can. I'm a big fan of doing it yourself.
And when I get asked, can you do so and so with this tool or the Salesforce have this capability? I love being able to get to a definitive answer by logging into [00:08:00] my environment or Scratch org, and then doing exactly what they're asking me. Um, the security landscape or, and the tools are always changing.
So there's so much ground to cover. I think by digging deep in a specific domain and just being known as a go to person for that. with a really good foundation goes a long way. Well, thank you so much for your time today, Johan. I appreciate getting insight into the customer's take, which I don't often get to do.
Thank you for chatting and have a wonderful week. Thanks for having me.