Speed Data: The (Non)Malicious Insider With Rachel Beard

Salesforce's Rachel Beard discusses why insider threats may not always have ill intentions and why security in the CRM is crucial.
Megan Garza
3 min read
Last updated June 26, 2024
Megan Garza and Rachel Beard

Welcome to Speed Data: Quick Conversations With Cybersecurity Leaders. Like speed dating, our goal is to capture the hearts of CISOs with intriguing, unique insight in a rapid format for security professionals pressed for time.

When you picture an insider threat, you probably imagine a disgruntled employee trying to harm their company, motivated by hostility or the promise of financial gains. But Rachel Beard, the Distinguished Technical Architect for Salesforce, points out that may not always be the case.

Read her take below and learn how Rachel’s psychology background lends itself to her day-to-day role in helping protect her customers.

Service at Salesforce

Rachel Beard has always had a heart for service. The Distinguished Technical Architect for Salesforce serves as the president of the Women in Solutions Excellence (WISE) group and is the co-leader of Outforce at Home, Salesforce’s Pride ERG. 

“I’ve always enjoyed volunteering and working hard to make a difference in my community,” she said. “Through WISE, I get to lead 10 different committees that are really impactful; we have mentorship programs, educational programs, and we create an environment that women can thrive in and build enduring careers at Salesforce.”

This compassion and desire to help others is what drew Rachel to join the CRM company a decade ago.

When I joined Salesforce 10 years ago, I was drawn to the fact that trust is our No. 1 value, and I developed a deep respect for how well thought out our security model was.

Rachel Beard, Distinguished Technical Architect for Salesforce

 

“I really enjoy that I can go deep with my customers and understand what some of their challenges are — what’s keeping them up at night — and then I can help them craft a strategy to overcome those challenges,” she said.

“In doing that together, we can strengthen their security posture, improve compliance processes, and implement tools that help with auditing, governance, and data loss prevention.”

Emerging tech leads to emerging threats.

Keeping customers safe from threats can be challenging in today’s rapidly changing environment, Rachel said.

As we see technology continuing to evolve, we know that threats evolve too.

Rachel Beard, Distinguished Technical Architect for Salesforce

 

“Attackers are really creative at figuring out ways to exploit systems, people, and processes,” she said. “And there’s a big learning curve at figuring out how to defend against these new types of attacks —especially as we’ve seen everything change with generative AI over the last year.”

However, artificial intelligence-based attacks aren’t what causes Rachel to lose sleep at night. What keeps her awake hits a little closer to home.

“Because I have a psychology background and I’m really interested in how people behave, I think a lot about insider threats with Salesforce customers,” she said.

I feel very confident with our network and infrastructure security layers that we’re offering a strong level of protection against external attacks, so I think more about what individuals do and how they can be exploited.

Rachel Beard, Distinguished Technical Architect for Salesforce

 

The (non)malicious insider

Rachel is quick to point out, however, that not all insider attacks are nefariously motivated.

“I see a lot of insider threats that are the result of a bad actor who’s deliberately trying to walk away with or damage data, but I also see insider threats that are the result of accidental misuse of data,” she said. And many insider breaches can be traced back to employees having too much access to too much information.

“Employees move around more than they used to,” Rachel said. “When employees change roles, change companies… when they move, data often moves with them so I want to make sure that companies are doing all they can to mitigate that risk by having that least privilege access model to reduce the surface of what could be manipulated or stolen.”

Cybersecurity is a continuous journey.

And even with the strongest access controls and authentication processes in place, a security leader’s job is never fully finished.

There’s no ‘done’ with cybersecurity.

Rachel Beard, Distinguished Technical Architect for Salesforce

 

“You’re never done learning, you’re never done implementing security measures, and you’re never really done worrying about security threats,” Rachel said.

One way to reduce the burden of overstretched cybersecurity teams is by relying on a strong partner. Varonis’ Data Security Platform removes risky misconfigurations, finds and remediates exposed sensitive data, and detects suspicious behavior in Salesforce.

Curious to learn more? Sign up for a free Data Risk Assessment to evaluate your security posture, or visit us on the Salesforce AppExchange.

What should I do now?

Below are three ways you can continue your journey to reduce data risk at your company:

1

Schedule a demo with us to see Varonis in action. We'll personalize the session to your org's data security needs and answer any questions.

2

See a sample of our Data Risk Assessment and learn the risks that could be lingering in your environment. Varonis' DRA is completely free and offers a clear path to automated remediation.

3

Follow us on LinkedIn, YouTube, and X (Twitter) for bite-sized insights on all things data security, including DSPM, threat detection, AI security, and more.

Try Varonis free.

Get a detailed data risk report based on your company’s data.
Deploys in minutes.

Keep reading

Varonis tackles hundreds of use cases, making it the ultimate platform to stop data breaches and ensure compliance.

how-to-deal-with-sensitive-data-in-salesforce:-a-guide-to-data-classification
How to Deal With Sensitive Data in Salesforce: A Guide to Data Classification
Salesforce Ben and the Varonis team up to discuss Salesforce data classification best practices.
varonis-announces-salesforce-shield-integration
Varonis Announces Salesforce Shield Integration
Varonis now integrates with Salesforce Shield to provide deep visibility into Salesforce and help organizations secure their mission-critical data.
how-to-prepare-for-a-salesforce-permissions-audit
How to Prepare for a Salesforce Permissions Audit
In this post, I'll walk you through what a Salesforce audit is, how permissions work, and provide tips on how you can prepare.
your-comprehensive-guide-to-salesforce-shield
Your Comprehensive Guide to Salesforce Shield
Salesforce Shield provides an excellent suite of tools for Salesforce data security. This guide explains why it might be the right choice for your enterprise security needs.