The SaaS Security Challenge: From Tactical Overload to Strategic Leadership

Post-image

Pairing Strategic Oversight with AI Tools

In the age of AI, security teams are drowning in tactical alerts while attackers grow more sophisticated by the day. The challenge is no longer just about having world-class security tools, it's about having the strategic oversight to use them effectively. This critical gap is precisely what I've joined Valo to address.

My perspective is shaped by over a decade at Salesforce, where I served as a Distinguished Enterprise Architect and later founded and led the Emerging Technologies team focused on AI. Through my ongoing work as a consultant with Vandelay Enterprises and as an instructor teaching Fundamentals of Data Architecture and Governance at the University of Toronto's School of Continuing Studies,

I've witnessed firsthand how organizations struggle to elevate their security posture from reactive monitoring to proactive governance.

My Background in Salesforce, Security, and AI

During my 11-year tenure at Salesforce, I progressed from Distinguished Enterprise Architect to founding and leading the Emerging Technologies team, with a particular focus on AI applications. It was there that I met Jari Salomaa, Valo's CEO & Co-Founder, when my team helped build early adopter customers for Big Objects, Salesforce's big data solution which has since evolved into Data Cloud.

In my role as an Enterprise Architect, I was brought into discussions with CIOs, CTOs, CISOs, and enterprise architects to explore how they could take advantage of Salesforce's world-class security tools. As a result, I was recognized as one of the global leaders in Salesforce security and served as Canada's Deputy Country Security Officer. Early in my career, I recognized the transformative potential of AI, and became a vocal advocate for the idea that AI would allow everyone to have a hyper-intelligent assistant available 24/7 to assist them in their work, thereby elevating everyone to focus more on strategy. When Jari told me about his new startup, I realized that everything in my career was coming together. I immediately embraced the opportunity to help as an advisor.

AI + Security = Your Digital Deputy CISO

As a golfer, I recognize that having professional-level golf clubs will likely only shave a few strokes off my game each round (and would still keep me closer to a bogey golfer than a scratch golfer). But in the hands of a professional, those same clubs help them perform and compete at the highest level. In the same way, even with world-class security tools like Salesforce's at your disposal, if you don't configure them correctly or lack the in-depth knowledge to do so, you expose one of your company's most valuable assets—your data—to attackers and malicious threats.

Securing the enterprise SaaS ecosystem presents formidable challenges. New threat vectors are emerging every day, with attackers targeting everything from configuration vulnerabilities to sophisticated social engineering campaigns. Technology landscapes are becoming more interconnected and integrated, expanding the attack surface available to malicious actors. AI has enabled attackers to continuously search for exploits and social engineer employees around the clock.

All an attacker needs to be successful is to find one vulnerability to exploit.

On top of all this, budgets are constantly questioned because when you successfully secure your system, nothing appears to have happened. It's no wonder burnout is so prevalent amongst cybersecurity professionals.

Valo allows you to supercharge your security efforts by providing a highly intelligent "agent" that acts as your Digital Deputy CISO. It alerts you when someone in your large organization installs a non-compliant AppExchange application that poses data exfiltration risks to your data. It scans your user base day and night, warning you when someone is over-permissioned so you can adhere to the Principle of Least Privilege – a best practice that I continually emphasize with my students.

When someone is attempting to exfiltrate your data via the API, Valo will provide immediate, actionable alerts so you can take swift remedial measures. Valo's Digital Deputy CISO doesn't take days off (your attackers don't), works around the clock, and acts as a comprehensive monitoring system, scanning everything everywhere, all the time, looking for threats so you don't have to.

The Next Revolution: AI + Data Governance + Security

As an Enterprise Architect, what's really exciting for me is the opportunity ahead for Valo to deliver on this promise not only for Salesforce, but for an organization's entire SaaS footprint. Salesforce's recent acquisition of Informatica not only makes this future vision closer to reality, but also adds a layer of data governance to the foundation of security. Imagine if Valo could analyze your metadata across systems, identify data that is not supposed to leave a specific region or be used outside specific departments, and proactively alert you when that happens. What if it could review your security policy documentation—something living outside of your SaaS footprint or databases—and alert you when something doesn't adhere to those policies?

We're approaching an exciting new world where Salesforce admins and security professionals no longer spend their time conducting never-ending cycles of audits, sifting through logs, and constantly verifying permissions. Instead, they can focus on the bigger picture: policy, strategy, and governance—staying one step ahead of emerging threats.

Agentforce Toronto

This transformation is happening now, and it will be a central topic at the Agentforce Toronto World Tour on Tuesday, June 24, 2025, at the Enercare Centre. The event focuses on AI agents, security trends, and the future of the Salesforce ecosystem—exactly where these conversations need to happen.

If you're grappling with SaaS security challenges, expanding attack surfaces, or the growing complexity of AI-powered threats, let's discuss how Valo delivers the expert oversight you need. Whether you're attending the Toronto event or want to explore these concepts further in a virtual session, let's talk.

The future of SaaS security isn't about better tools. It's about intelligent systems that extend your team's capabilities.

Valo is building that future, and the organizations that embrace it first will have a decisive advantage.

About the Author

Chris Kemp is Strategic Advisor at Valo and freelance consultant with Vandelay Enterprises. He teaches Fundamentals of Data Architecture and Governance at the University of Toronto’s School of Continuing Studies and spent 11 years at Salesforce as Distinguished Enterprise Architect and Emerging Technologies team lead.


  • Chris Kemp

    Chris Kemp

Recommended

Continue reading

View all blogs