In a recent SC Media webcast , host Adrian Sanabria spoke with Justin Hazard, Principal Security Architect at AutoRABIT, about how to manage and secure Salesforce instances and make sure that minor misconfigurations and misunderstandings don't develop into major breaches. Sanabria and Hazard gave an overview of Salesforce's evolution from a customer-relationship-management system to a comprehensive cloud platform . Hazard pointed out that Salesforce is now used for a variety of sensitive business functions beyond sales, including handling patient data and credit-card information. "It was one of the very first SaaS platforms that we saw come out of the early 2000s," observed Sanabria. "And it's really evolved into a much bigger beast than it was in the in the early days." That led to a discussion of the security risks that can arise as organizations expand their Salesforce implementations far beyond Salesforce's core uses, leading to greater complexity and broader attack surfaces. A major topic of discussion was how to manage security as Salesforce environments grow. Hazard and Sanabria both noted that in many organizations, what began as a well-defined CRM has grown to become a central repository for sensitive data, leading to situations in which incremental features and customizations may accumulate risk. Seemingly minor mistakes, like over-permissioned accounts or unclear visibility into which users have access to sensitive data, can result in critical vulnerabilities