Skip to main content

With a surge in data breaches, robust data governance stands as the frontline defense protecting businesses. According to IBM’s Cost of Data Breach Report, the global average cost of a data breach in 2023 was $4.45M, a 15% increase over 3 years. 

One of the most attractive targets for potential scammers on the hunt for Personal Identifiable Information (PII) and sensitive company data is your CRM. Ironically, the central trading post for storing and distributing highly sensitive customer data, Salesforce, is rarely given enough consideration in the data governance policies deployed by InfoSec leaders. That’s because Salesforce feels like a bit of a black box to them. 

As a result, data officers place their faith in their Revenue Operations (RevOps) peers, trusting that appropriate permissions have been established and visibility into where and how Personal Identifiable Information (PII) is being accessed is clear.

So, while there’s no doubt your data governance strategy should be inclusive of  Salesforce, one question remains— who is ultimately accountable for it? 

Is it the responsibility of the Revenue Operations (RevOps) team, who typically oversees all Salesforce operations? Or is the responsibility of your InfoSec team, who typically manages the security measures for the entire company?

The short answer is it’s the responsibility of both. Striking a collaborative balance between these two functions is key. We’ll dive into why this joint approach is best and explore how teams can execute a robust Salesforce data governance strategy, eliminating risk in the process. 

What is Data Governance?

Data governance is a mechanism for securing data, and preserving its integrity while enhancing its usability within your enterprise system. It establishes guidelines and frameworks, setting standards and policies that govern the internal use of data across your entire organization. 

Salesforce data governance specifically has grown in significance due to various regulatory requirements such as GDPR, DSS, HIPAA, and PCI. Chances are, your business needs to comply with one or more of these regulations, demanding a clear classification of your data to ensure adherence. 

Regulatory requirements such as these are a key driver in data governance, signaling a need for structured governance frameworks. In addition, orgs implement robust protocols to mitigate risks such as breaches, ensuring operational efficiency and maintaining trust through data integrity. 

Data governance is crucial to informed decision-making, fostering accountability, and optimizing resource utilization. Recent years have seen an uptick in governance urgency due to vast data growth, more complex handling needs, heightened privacy concerns, and heavier reliance on data-driven insights. According to sources, the average company uses more than 400 unique datasets on a daily basis. 

Who is Responsible for Data Governance? 

While understanding the fundamentals of data governance is crucial, identifying who bears the responsibility for its creation, implementation and oversight within an organization is equally important. 

The Role of the CDO and CISO in Data Governance 

Many businesses have begun to empower their Chief Data Officer (CDO) and/or Chief Information Security Officer (CISO) to spearhead the strategy side of data governance efforts. The CDO’s main mission is to help the organization use data more effectively while the CISO’s role is to protect the organization from technology-based loss. 

As the guardians of the organization’s information assets, they’re best suited to:

  • Work closely with their InfoSec teams to focus on data security that naturally aligns with the goals of data governance. 
  • Create the organizations data governance framework
  • Drive collaboration across teams to ensure compliance is embedded in the culture of the organization
  • Align data governance with broader goals
  • Effectively implement governance and compliance initiatives across the organization.

Ultimately, the CDO and CISO have a blend of expertise in information security, as well as a strategic position within the org to help shape success and overall strategy. 

The Role of RevOps in Data Governance

When it comes to actually building out the data governance framework in Salesforce, that’s where RevOps steps in. RevOps’ insight into the Salesforce ecosystem allows them to discern the specific data needs and usage scenarios critical for effective governance.

RevOps’ responsibilities span across:

  • Governance policy implementation & deployment
  • Configuration of profiles and permissions
  • Conducting audits to ensure compliance
  • Collaborating with Business Systems on integration management
  • And continuously evaluating the latest data security features. 

Leveraging Salesforce data governance, RevOps configures dashboards, reports, and analytics tools in order to provide accurate, reliable data that informs business strategy.

Steps to Creating a Data Governance Framework

Understanding who holds responsibility for data governance sets the stage for creating an effective framework. Let’s dive into the key steps involved in crafting and implementing an efficient data governance framework, and how InfoSec and RevOps contribute to each step in the process. 

1. Define objectives and scope

Implementing a comprehensive data governance framework within Salesforce entails a systematic approach to managing compliance with data standards. It begins by setting clear objectives and defining the scope of governance. Identifying stakeholders such as administrators, data stewards, and compliance officers is crucial to ensure accountability and effective governance.

RevOps leaders drive alignment between data government and revenue objectives, collaborating to define processes and standards that optimize data. Meanwhile, InfoSec leaders  focus on ensuring data security, conducting risk assessments, and establishing comprehensive protocols. 

2. Data inventory and classification

The process involves conducting a thorough inventory and classification of Salesforce metadata, categorizing it based on sensitivity and importance. In addition, creating robust governance policies encompassing data quality, access controls, retention, privacy guidelines, and compliance regulations like GDPR or CCPA is pivotal.

RevOps leaders analyze data types crucial to sales strategies, customer interactions, and overall business performance. They are actively involved in prioritizing and categorizing certain data, ensuring protection of pivotal data assets. 

InfoSec defines security parameters, and oversees the alignment of data classification with security protocols and regulatory standards, ensuring that sensitive information is safeguarded effectively. 

Tools like an automated data dictionary can seamlessly streamline this princess for both InfoSec and RevOps teams.

3. Create governance policies 

While InfoSec prioritizes security, compliance, and risk mitigation in governance policies, RevOps leaders concentrate on aligning policies with revenue objectives, operational efficiency, and ensuring data quality. 

Collaboration between InfoSec and RevOps is crucial to create comprehensive governance policies that effectively balance security, compliance, and revenue optimization.

4. Monitoring process and audits

Regular monitoring processes and periodic audits verify adherence to governance policies, ensuring data quality and security. 

InfoSec leaders concentrate on security monitoring and comprehensive audits to mitigate cybersecurity risks and ensure compliance. RevOps leaders focus more on monitoring process efficiency with operations and conducting audits related to sales performance.

5. Continuous improvement

Data governance is an evolving process. Continuous improvement involves updating policies based on feedback, regulatory changes, technological advancements, and organizational needs.

RevOps drives continuous improvement by focusing on operational enhancements and integrating feedback from revenue-centric departments. Meanwhile, InfoSec contributes to continuous improvement by evolving risk management strategies and ensuring alignment with changing compliance requirements. 

6. Documentation and communication 

Documenting policies, procedures, and changes made within the framework is essential for effective communication across the organization– change management tools can streamline this process. Ultimately, successful implementation requires collaboration among teams and ongoing monitoring to align with organizational goals. 

Data governance within Salesforce is an ongoing, evolving process that demands dedication and adaptability to maintain its effectiveness. Collaboration between InfoSec  and RevOps leaders ensures both operational and security aspects of data governance of data governance are properly documented and communicated. 

How InfoSec + RevOps Can Collaborate to Ensure Salesforce Data Governance 

As you can see– both the InfoSec and RevOps teams have a hand to play in the game of Salesforce data governance. But understanding what skills make sense for which roles and responsibilities in the process can pose a challenge– especially as RevOps is a quickly growing and relatively new role. 

To help build out your framework for success, here are some tips to ensure collaboration is streamlined between the two functions: 

1. Integrated training programs

Hold sessions that combine RevOps strategies with InfoSec best practices. This ensures GTM teams understand the importance of data governance in their daily activities.

2. Unified policies and guidelines

Develop comprehensive guidelines aligning revenue objectives with security measures. This involves jointly crafting policies that empower GTM teams to operate within the framework of governance standards set by the InfoSec team.

3. Integration of tools and technology 

Work together to create a coordinated tech stack solution compiled with tools that enhance RevOps but also comply with data governance requirements. 

4. Incident response and communication plans

Develop coordinate plans for incident response and communication. This ensures that in the event of a security breach or data-related issues, all teams – RevOps, InfoSec, and GTM follow a unified protocol to address the situation promptly and effectively. 

5. Ongoing collaboration and feedback loops

Foster an environment of continuous collaboration. Encourage regular meetings, feedback sessions, and open communication channels to ensure the alignment between RevOps and the InfoSec remains strong, evolving with changing governance needs.

How Salesforce is Supporting Stronger Data Governance

One of the things that makes Salesforce the leading CRM for enterprises is the fact that it comes with out of the box security measures to support your governance framework. It empowers orgs by providing a suite of security tools to safeguard sensitive data and ensure compliance with industry regulations. These tools include:

1. Salesforce Shield 

Salesforce Shield offers a suite of security tools including Platform Encryption, Event Monitoring, and Field Audit Trail. It helps organizations secure their data, monitor app and data usage, and maintain a comprehensive audit trail of data changes over time.

2. Data Loss Prevention (DLP) tools: 

Salesforce offers DLP solutions to prevent sensitive data from being improperly shared or leaked. This includes tools for identifying and classifying sensitive information and controlling access based on those classifications.

3. Permission and access controls: 

Salesforce’s robust permission and profile settings enable administrators to finely control who has access to what data. This includes role hierarchies, sharing rules, and field-level security to ensure that users only see what they need.

4. Audit trail functionality 

Audit trail is a feature that tracks changes made to the configuration and metadata within Salesforce. It helps in monitoring and auditing changes made by different users, essential for compliance and governance.

5. Data mask 

For organizations that use sandboxes for development and testing, Data Mask anonymizes sensitive data to protect privacy and comply with regulations, while still allowing realistic testing and development environments.

6.  Health check tool 

This tool provides a snapshot of an organization’s security settings and compares them to Salesforce’s recommended best practices, helping to identify and mitigate potential vulnerabilities.

7. Compliance and certification resources 

Salesforce maintains various certifications and compliance with standards like ISO 27001, GDPR, HIPAA, and more. They also provide documentation and resources to help organizations understand and align with these standards.

8. Training and education 

Through Trailhead, Salesforce’s online learning platform, users can access modules and resources focused on data governance, security best practices, and compliance.

9. Two-factor authentication and session management 

Salesforce supports enhanced security features like two-factor authentication and advanced session management to protect against unauthorized access.

10. Reporting and dashboards

Customizable reports and dashboards can be used to monitor data quality, user activities, and compliance with governance policies, providing visibility and control over data governance processes.

That’s not all Salesforce has in the works on the enhancements front. Dreamforce 2023’s announcements highlighted tools and advancements that offer teams the confidence to navigate and embrace technological shifts in an evolving industry. 

Both RevOps and InfoSec should continue to keep up with Salesforce news and updates to take advantage of enhanced security tools becoming available within your CRM. This is also a great way to help maximize and consolidate your tech budget

Conclusion: Simplify RevOps and InfoSec Relations to Ensure Salesforce Data Governance

So– who’s responsibility is Salesforce Data Governance, truely? The truth is, while Revops holds a pivotal position when it comes to Salesforce success,  governance is a collective effort that requires various departments and stakeholders. Establishing a holistic framework requires collaboration and leveraging expertise from diverse domains. 

This inclusive approach ensures alignment, efficiency, and data integrity. Ultimately, the goal is to foster a culture where data governance becomes an integral part of overall org success. A great way to streamline alignment and maintain compliance within Salesforce is by implementing proactive event monitoring. 

Sonar’s latest Event Monitoring feature automatically detects connected apps accessing Salesforce data and offers proactive notifications when system and field level access changes. Coupled with our Dynamic Data Dictionary, RevOps and InfoSec leaders are now armed with a suite of services built to elevate Salesforce Data Governance in 2024. Try Sonar for free today!