Salesforce CTrO on Transparency and Trust in the Era of GenAI

Even before the era of generative AI (GenAI), the concept of trust -- encompassing the way a company handles sensitive data and security -- was a convoluted concept at best. Add in layers of new technologies and increasing cybersecurity threats, and the definition gets even murkier.

For Brad Arkin, who earlier this month was named Salesforce chief trust officer, the definition of trust can be parsed through conversations. Honest conversations between vendors, customers and all stakeholders create an atmosphere of trust, he says.

InformationWeek chatted with Arkin about his take on trust as he takes on the important role at Salesforce.

(Editor’s note: Quotes have been edited for clarity).

Can you tell us a little bit about your personal philosophy surrounding the concept of trust and what that will bring to Salesforce and its customers?

From the very founding of the company, when they used the word “trust,” they’ve been really focused on competence, security, availability, and privacy. That’s a bunch of different topics, but it’s really all about understanding what’s important to the customer and then how do you have a transparent, two-way conversation. It’s saying, if there’s an outage, let’s be honest about it, what do we learn and what we’re going to do differently next time -- to try to build that trust between Salesforce and the customer. Security is important. Everybody knows that. So that part of the conversation takes zero seconds. It becomes more about a debate about the different ideas. What is the best way for us to go and do better? The way I think about security in the context of what we’re doing for our customers, it’s multi-faceted. Some customers care a lot about compliance and having the right certification, and other customers might be more interested in a particular risk and how we’re going to help with that specific scenario. So we try to figure out how we take all of these different competing visions for how trust is built and achieved with customers.

How does the lack of an overarching federal data privacy law and the existence of many state-level privacy laws impact the way you handle data privacy?

I see a further splintering and fragmentation of the world we’re operating in. And it's not going to be just country by country, but it will be within each country -- heath care will have one set of rules, financial will have another -- it’s going to be fragmented. For a global company like Salesforce, the only way that we can be successful and help our customers be successful is to just own it. We can’t argue and complain and wish it was like it was 20 years ago. The way Salesforce does it, the vision in my head is of a woodchipper, and we’re throwing phone books of regulations into it and we’re taking them all one by one. We’re taking all of these different regulations and distilling them into what’s truly new, and what is repetitive.

With increasing threats and increasing ransomware payouts, how does the chief trust officer role fit into the company’s overall security posture?

I think everyone needs a clear, anointed security leader. In the old days, that person could work with IT, work with engineering, and have a pretty good life just solving problems. Now, you’ve got to be plugged into government affairs, you’ve got to be plugged into customer communications, with legal, with finance. All of this is really important now. Particularly with the new SEC reporting requirements, the consequences for miscommunication and things that could get dropped on the floor are greater than ever before. So, we need to figure out how we have the right triggers, that we bring people to the room at the right time in order to discuss … you don’t want to have to invent a response on the fly. We’ve got to have security leaders in the industry sitting in the right meetings at the right level and advocating for the right outcomes. We’ve got to be in that room deciding what to do.

GenAI seems to be the biggest shift in the tech world overall. How are those new tools and technologies going to touch each area of your role?

You get the feeling that we’re seeing the bottom of this enormous mountain that's about to just overwhelm all of us. It’s so exciting. I took a month off between jobs, and I spend the entire time just playing around with models. It’s just incredible what you can do even as a hobbyist. One of the things a lot of people talk about is whether AI and language models permanently shift the cat-and-mouse game between cybersecurity offense and defense. My best guess is that it will be a wash once the dust settles. Offensive actors are going to be enabled in many different ways. And I think the net result is that everything happens faster. It’s a little like being at a football game with 40,000 cars and you feel OK just locking the door. But now, with AI people can go check every single door handle on every car every second.