Sometimes I like to say that no one purchases Pardot because they want a security solution; they do it because they want a secure solution.
One of the attractive features of our cloud model is that Salesforce engineering experts manage the security and trust of the software and its infrastructure. This frees you from maintaining servers, firewalls and security patches so you can focus on growing your business on a platform you can trust, with your data and your reputation.
What’s the difference between security and privacy?
I think of security as the protection of assets against deliberate attacks and inadvertent failures. Security is a prerequisite for privacy – it’s necessary, but not sufficient.
Privacy takes security a step further by implementing practices that protect personal data through mechanisms such as:
minimizing collection and retention of personal data
using data only for the purpose for which it was collected
giving data subjects control over their personal data
Here’s another way to differentiate the two: Security concerns itself with technical controls that protect the confidentiality, integrity and availability of information. Privacy includes technical and non-technical aspects of personal data protection.
For example, privacy laws like CCPA enforce technical security measures because privacy is breached when security fails. But not all privacy breaches are due to technical failures – a breach can also result from mistakes such as mishandling personal data.
Who’s responsible for security and privacy?
Pardot customers’ main security need is for data to remain available and protected. By protected, I mean that data remains accessible only to parties who are authorized to access it, and the integrity of data is safeguarded from illicit modification.
Cyber attacks compromise the integrity of customer information. If you’re a Pardot customer, this could happen in two ways:
attacks on the Pardot cloud infrastructure
attacks on your account
At Salesforce, we go out of our way to protect the cloud infrastructure, relieving you of this burden. But what about the security of your individual account?
The short answer is that, on both the privacy and security front, it’s a cooperative effort between Pardot and you.
On the security side: While Salesforce identity management goes a long way in protecting user accounts, you still have a responsibility to protect your computers and passwords. This goes a long way in preventing cybersecurity incidents. But we can help with that, too! Pardot security features like multi-factor authentication via Salesforce Single Sign-On help to protect your account and keep information safe.
On the privacy side: Security needs and requirements for customers tend to be uniform: “Keep my data safe and help me keep hackers out of my account!” Privacy is different because customers operate in different compliance environments, and privacy and consent requirements vary around the world.
To allow you to meet your particular requirements, Pardot provides rich consent management options. We also provide tracking features that allow you to manage tracking based on your specific compliance environment. Going beyond compliance minimums, Pardot adheres to some baseline standards, such as never aggregating data across customer boundaries or selling customers’ data.
Part of my job as a security and privacy product manager is to understand trends so we can proactively offer features that allow you to establish trusted, compliant privacy practices for your organization. I speak more about privacy with a focus on the web ecosystem in the on-demand webinar Pardot Release Highlights: ABM, Privacy, and More. Check it out.
Where can I learn more about Pardot’s security and privacy promises?
When it comes to security and privacy, it’s our job at Salesforce Pardot to give you what you need to do your job. Here are a few references you may find helpful:
Do you have questions, needs or stories to share? Join our Trailblazer Community, where we can collaborate together.