{"id":13344,"date":"2026-03-27T17:05:40","date_gmt":"2026-03-27T17:05:40","guid":{"rendered":"https:\/\/www.salesforce.com\/?p=13344"},"modified":"2026-03-27T17:05:41","modified_gmt":"2026-03-27T17:05:41","slug":"cisos-perspectives-on-trust-resilience-and-governing-ai","status":"publish","type":"post","link":"https:\/\/www.salesforce.com\/eu\/blog\/cisos-perspectives-on-trust-resilience-and-governing-ai\/","title":{"rendered":"CISOs\u2019 Perspectives on Trust, Resilience and Governing AI"},"content":{"rendered":"\n<section class=\"key-takeaways wp-block-salesforce-blog-key-takeaways\" aria-label=\"Key Takeaways\">\n\t<div class=\"wp-block-salesforce-blog-key-takeaways__inner\">\n\t\t<div class=\"wp-block-salesforce-blog-key-takeaways__header\">\n\t\t\t<div class=\"wp-block-salesforce-blog-key-takeaways__title\">\n\t\t\t\t<h2 class=\"wp-block-salesforce-blog-key-takeaways__title-text\">\n\t\t\t\t\tKey Takeaways\t\t\t\t<\/h2>\n\t\t\t<\/div>\n\t\t<\/div>\n\n\t\t<button \n\t\t\tid=\"wp-block-salesforce-blog-key-takeaways-button\"\n\t\t\tclass=\"wp-block-salesforce-blog-key-takeaways__button\"\n\t\t\taria-controls=\"wp-block-salesforce-blog-key-takeaways-content\"\n\t\t\taria-expanded=\"false\"\n\t\t\taria-label=\"\n\t\t\tToggle Key Takeaways content\t\t\t\"\n\t\t>\n\t\t\t\n<svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"22\" height=\"22\" fill=\"none\" viewBox=\"0 0 22 22\" aria-hidden=\"true\"><path fill=\"url(#a)\" d=\"M17.401 6.445a1.525 1.525 0 0 1 2.153 0 1.517 1.517 0 0 1 0 2.149l-7.977 7.961a1.526 1.526 0 0 1-2.154 0L1.446 8.594a1.517 1.517 0 0 1 0-2.149 1.524 1.524 0 0 1 2.153 0l6.9 6.886z\" \/><defs><linearGradient id=\"a\" x2=\"10.5\" y2=\"17\" gradientUnits=\"userSpaceOnUse\"><stop stop-color=\"#BA01FF\" \/><stop offset=\"1\" stop-color=\"#0250D9\" \/><\/linearGradient><\/defs><\/svg>\n\t\t<\/button>\n\n\t\t\t\t\t<div id=\"wp-block-salesforce-blog-key-takeaways-content\" class=\"wp-block-salesforce-blog-key-takeaways__content\" aria-hidden=\"true\">\n\t\t\t\t\n\n<ul class=\"wp-block-list\">\n<li>Mitigate third-party SaaS risks by enforcing mandatory security reviews and prioritizing threats via financial exposure metrics.<\/li>\n\n\n\n<li>Shift from reactive detection to proactive resilience using AI-powered tools and \u201cshift-left\u201d strategies to prevent insecure changes.<\/li>\n\n\n\n<li>Establish strict AI governance through a \u201cdeny all\u201d policy and a cross-functional executive council to adjudicate risks.<\/li>\n<\/ul>\n\n\t\t\t<\/div>\n\t\t\t\t\t\t\t<footer class=\"wp-block-salesforce-blog-key-takeaways__footer\">\n\t\t\t\t\tThis summary was created with AI and reviewed by an editor.\t\t\t\t<\/footer>\n\t\t\t\t\t\t<\/div>\n<\/section>\n\n\n\n<p>The digital landscape is rapidly evolving, marked by sophisticated attacks targeting\u00a0<a href=\"https:\/\/www.salesforce.com\/eu\/saas\/\">software-as-a-service<\/a>\u00a0(SaaS) data. At this year\u2019s\u00a0<a href=\"https:\/\/www.salesforce.com\/dreamforce\/\">Dreamforce<\/a>, a panel of leading security executives\u200c \u2014 \u200cincluding Lee Kaiser (CISO, Highspring), Matt Hillary (CISO, Drata), and Kelly McCracken (SVP, Cybersecurity Operations Center, Salesforce) \u2014 shared their strategies for managing risk, bridging security gaps, and establishing governance in the AI era. Their insights highlight the complexities of securing SaaS environments and the need for proactive resilience in the face of increasingly advanced threats.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-the-challenge-of-third-party-risk-in-saas-environments\">The challenge of third-party risk in SaaS environments<\/h2>\n\n\n\n<p id=\"h-the-challenge-of-third-party-risk-in-saas-environments-as-organizations-move-to-saas-for-its-speed-and-scale-they-inevitably-relinquish-some-control-over-their-security-posture-this-shift-is-fundamental-with-security-teams-needing-to-place-their-trust-in-the-native-security-controls-of-saas-applications-as-well-as-foster-regular-collaboration-with-the-system-administrators-who-configure-and-manage-these-applications\">As organizations move to SaaS for its speed and scale, they inevitably relinquish some control over their security posture. This shift is fundamental, with security teams needing to place their trust in the native security controls of SaaS applications, as well as foster regular collaboration with the system administrators who configure and manage these applications.\u00a0<\/p>\n\n\n\n<p>The challenge is magnified by the scale of modern SaaS usage \u2014 organizations manage security across hundreds of applications, many of which are not easily integrated for&nbsp;<a href=\"https:\/\/help.salesforce.com\/s\/articleView?id=xcloud.sso_about.htm&amp;type=5\" target=\"_blank\" rel=\"noreferrer noopener\">Single Sign-On<\/a>&nbsp;(SSO) or robust end point management without costly tier upgrades. \u201cThe biggest challenge for security teams is configuring the native security controls of the SaaS application itself,\u201d Kaiser noted, highlighting the inherent risks in this new paradigm.<\/p>\n\n\n\n<p>The security leaders expressed significant concern about threats targeting third-party applications. While acknowledging that these threats don\u2019t originate from the platform itself, they fear these add-on applications could be used as a vector to compromise one of their customers. This fear underscores the need for simplified oversight, as managing third-party risk across hundreds of suppliers is exponentially difficult.&nbsp;<\/p>\n\n\n\n<p id=\"h-the-challenge-of-third-party-risk-in-saas-environments\">McCracken shared a recommendation to address this challenge by mandating a security review for every new app and prioritising risk using financial exposure metrics on the executive dashboard. Despite these efforts, the leaders acknowledged that no SaaS security strategy is a silver bullet. Hillary made the analogy of having a bucket of lead bullets, and said that what keeps him up at night is the \u201csmall dissonance\u201d of the CISO role: the awareness that even with comprehensive efforts, one small, missed detail could lead to a major business impact.<\/p>\n\n\n\n<div class=\"layout-one wp-block-salesforce-blog-offer\">\n\t<div class=\"wp-block-offer__wrapper\">\n\n\t\t<div class=\"wp-block-offer__content\">\n\t\t\t<h2 class=\"wp-block-offer__title\">Future-proof your IT security strategy<\/h2>\n\t\t\t\t\t\t\t<p class=\"wp-block-offer__description\">Learn how the top security and compliance professionals are securing their data in the AI era.<\/p>\n\t\t\t\n\t\t\t\n\t\t\t\t\t\t\t<div class=\"wp-block-button\">\n\t\t\t\t\t<a class=\"wp-block-button__link\" target=\"_self\" href=\"https:\/\/www.salesforce.com\/eu\/form\/platform\/4th-state-of-it-security\/\">Download the Report<\/a>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\n\t\t<div class=\"wp-block-offer__media\">\n\t\t\t\t\t<\/div>\n\t<\/div>\n\n\t\t\t<div class=\"wp-block-offer__graphics wp-block-offer__contour\"><\/div>\n\t\n\t\t\t<!-- Standard Illustration -->\n\t\t<img decoding=\"async\" class=\"wp-block-offer__graphics wp-block-offer__illustration\" src=\"https:\/\/www.salesforce.com\/eu\/blog\/wp-content\/themes\/salesforce-blog\/dist\/images\/offer-block\/offer-illustration-layout-one.png\" alt=\"\">\n\n\t\t<!-- Small Accent Illustration -->\n\t\t\t\t\t<img decoding=\"async\" class=\"wp-block-offer__graphics wp-block-offer__accent\" src=\"https:\/\/www.salesforce.com\/eu\/blog\/wp-content\/themes\/salesforce-blog\/dist\/images\/offer-block\/offer-accent-layout-one.png\" alt=\"\">\n\t\t\n\t\t<!-- Left Side Illustration -->\n\t\t\n\t\t<!-- Cloud Illustration -->\n\t\t\t\t\t<img decoding=\"async\" class=\"wp-block-offer__graphics wp-block-offer__cloud\" src=\"https:\/\/www.salesforce.com\/eu\/blog\/wp-content\/themes\/salesforce-blog\/dist\/images\/offer-block\/offer-cloud-layout-one.png\" alt=\"\">\n\t\t\n\t<\/div>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-shifting-to-proactive-resilience\">Shifting to proactive resilience<\/h2>\n\n\n\n<p>In the face of these more sophisticated and frequent threats, the leaders agreed that traditional detection and response are no longer sufficient. The focus must shift toward prevention and resilience, leveraging advanced technologies and organizational restructuring.&nbsp;<\/p>\n\n\n\n<p>A significant challenge in achieving security resilience is managing the inherent tension between security teams and business units. Kaiser referred to this as \u201cthe \u2018Export to Excel\u2019 Problem,\u201d where security must enforce non-negotiable requirements despite potential unpopularity with the business.<\/p>\n\n\n\n<p>To combat AI-backed threats, the modern strategy involves moving toward Managed Detection and Response (MDR) and Managed Prevention and Response (MPR) solutions that are AI-powered. This approach emphasizes that security isn\u2019t a \u2018set it and forget it\u2019 task; tools are constantly evolving, requiring a proactive, hands-on approach and continuous monitoring. Hillary detailed how his team is implementing a \u201cproactive shift-left\u201d approach to codifying SaaS configurations, detecting and preventing insecure changes before they are deployed.&nbsp;<\/p>\n\n\n\n<p>Similarly, McCracken shared that Salesforce has implemented a Top Threats Programme, which identifies critical gaps in Salesforce\u2019s Cyber Security Operations Center (CSOC) ability to detect and respond to threats to the organization. The prioritisation programme enables these gaps to be identified, prioritized, and implemented to improve\u00a0CSOC\u2019s ability to identify\u00a0 and contain malicious actions being taken in our environment.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-governing-the-future-of-saas-security\">Governing the future of SaaS security<\/h2>\n\n\n\n<p>With the emergence of\u00a0<a href=\"https:\/\/www.salesforce.com\/eu\/agentforce\/ai-agents\/\" target=\"_blank\" rel=\"noreferrer noopener\">AI agents<\/a>, establishing clear governance is the single most critical challenge for the future. Kaiser warned that the number of listed AI applications has surged from 10,000 to over 50,000, making a \u201cdeny all and allow only what is approved\u201d approach through a governance council the only manageable security strategy.\u00a0<\/p>\n\n\n\n<p>Beyond technical risk, he highlighted the unseen risks built into\u00a0<a href=\"https:\/\/www.salesforce.com\/eu\/agentforce\/llm-course\/\">Large Language Models (LLMs)\u00a0<\/a>around bias and discrimination. To oversee third-party AI capabilities, the leaders suggested establishing an AI Council comprising the CISO, CIO, and Deputy General Counsel to adjudicate the risk of every new AI feature introduced by vendors.<\/p>\n\n\n\n<p>McCracken emphasized the need for consistency in governance, applying the same rigorous standards to AI as to third-party SaaS. This includes having complete visibility into what data AI models access and establishing continuous monitoring to enforce organizational policies. Hillary noted that for AI agents acting on behalf of users, SaaS providers must offer granular scoping capabilities to limit permissions to the specific access required.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-the-path-forward\">The path forward<\/h2>\n\n\n\n<p>The leaders made it clear that while&nbsp;<a href=\"https:\/\/help.salesforce.com\/s\/articleView?id=release-notes.rn_security_auth_and_identity.htm&amp;release=244&amp;type=5\" target=\"_blank\" rel=\"noreferrer noopener\">Identity and Access Management (IAM)<\/a>&nbsp;is contractually essential, there\u2019s no single silver bullet for security. Securing SaaS and AI requires a delicate balance of technical controls, organizational resilience, ongoing collaboration between system administrators and security teams, and expert human judgment. The CISO\u2019s role is to master the craft of communication and influence, ensuring security is a non-negotiable foundation for innovation from day one.&nbsp;<\/p>\n\n\n\n<p>Ultimately, securing the future means shifting from a reactive mindset to a proactive one, designing security into every application and policy, and viewing all partners and systems through a constant lens of governance.<\/p>\n\n\n\n<p>Watch our new&nbsp;<a href=\"https:\/\/security.salesforce.com\/security-video-series\" target=\"_blank\" rel=\"noreferrer noopener\">Trusted Enterprise Security video series<\/a>&nbsp;to learn more about proactive strategies and best practices for securing your Salesforce environment.<\/p>\n\n\n\n<div class=\"layout-two wp-block-salesforce-blog-offer\">\n\t<div class=\"wp-block-offer__wrapper\">\n\n\t\t<div class=\"wp-block-offer__content\">\n\t\t\t<h2 class=\"wp-block-offer__title\">Explore Salesforce security resources<\/h2>\n\t\t\t\n\t\t\t\n\t\t\t\t\t\t\t<div class=\"wp-block-button\">\n\t\t\t\t\t<a class=\"wp-block-button__link\" target=\"_self\" href=\"https:\/\/security.salesforce.com\/eu\/security-resources\">Get the tips<\/a>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\n\t\t<div class=\"wp-block-offer__media\">\n\t\t\t\t\t<\/div>\n\t<\/div>\n\n\t\t\t<div class=\"wp-block-offer__graphics wp-block-offer__contour\"><\/div>\n\t\n\t\t\t<!-- Standard Illustration -->\n\t\t<img decoding=\"async\" class=\"wp-block-offer__graphics wp-block-offer__illustration\" src=\"https:\/\/www.salesforce.com\/eu\/blog\/wp-content\/themes\/salesforce-blog\/dist\/images\/offer-block\/offer-illustration-layout-two.png\" alt=\"\">\n\n\t\t<!-- Small Accent Illustration -->\n\t\t\t\t\t<img decoding=\"async\" class=\"wp-block-offer__graphics wp-block-offer__accent\" src=\"https:\/\/www.salesforce.com\/eu\/blog\/wp-content\/themes\/salesforce-blog\/dist\/images\/offer-block\/offer-accent-layout-two.png\" alt=\"\">\n\t\t\n\t\t<!-- Left Side Illustration -->\n\t\t\n\t\t<!-- Cloud Illustration -->\n\t\t\t\t\t<img decoding=\"async\" class=\"wp-block-offer__graphics wp-block-offer__cloud\" src=\"https:\/\/www.salesforce.com\/eu\/blog\/wp-content\/themes\/salesforce-blog\/dist\/images\/offer-block\/offer-cloud-layout-two.png\" alt=\"\">\n\t\t\n\t<\/div>\n","protected":false},"excerpt":{"rendered":"<p>At Dreamforce, security leaders weighed in on the shift from reactive defence to proactive resilience and the need to govern AI-driven threats.<\/p>\n","protected":false},"author":605,"featured_media":13345,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"sf_justforyou_enable_alt":true,"optimizely_content_id":"691f493abe53d9f45a5f221eEU","post_meta_title":"","ai_synopsis":"","_jetpack_memberships_contains_paid_content":false,"footnotes":""},"sf_topic":[72],"sf_content_type":[437],"coauthors":[531],"class_list":["post-13344","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","sf_topic-it","sf_content_type-blog"],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v27.2 (Yoast SEO v27.2) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>Ciso security strategies for ai governance and saas risk - Salesforce<\/title>\n<meta name=\"description\" content=\"Learn how cisos manage saas risks and ai governance to build resilience. discover proactive strategies for a secure enterprise.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.salesforce.com\/eu\/blog\/cisos-perspectives-on-trust-resilience-and-governing-ai\/\" \/>\n<meta property=\"og:locale\" content=\"en_GB\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"CISOs\u2019 Perspectives on Trust, Resilience and Governing AI\" \/>\n<meta property=\"og:description\" content=\"At Dreamforce, security leaders weighed in on the shift from reactive defence to proactive resilience and the need to govern AI-driven threats.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.salesforce.com\/eu\/blog\/cisos-perspectives-on-trust-resilience-and-governing-ai\/\" \/>\n<meta property=\"og:site_name\" content=\"Salesforce\" \/>\n<meta property=\"article:published_time\" content=\"2026-03-27T17:05:40+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2026-03-27T17:05:41+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.salesforce.com\/eu\/blog\/wp-content\/uploads\/sites\/14\/2026\/03\/imgi_141_AdobeStock_1242240175-2.jpeg\" \/>\n\t<meta property=\"og:image:width\" content=\"5824\" \/>\n\t<meta property=\"og:image:height\" content=\"3264\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Mike Melone\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Mike Melone\" \/>\n\t<meta name=\"twitter:label2\" content=\"Estimated reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.salesforce.com\/eu\/blog\/cisos-perspectives-on-trust-resilience-and-governing-ai\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.salesforce.com\/eu\/blog\/cisos-perspectives-on-trust-resilience-and-governing-ai\/\"},\"author\":[{\"@id\":\"https:\/\/www.salesforce.com\/eu\/blog\/#\/schema\/person\/image\/b8ebd6128e42171af7607e3ce70ff54e\"}],\"headline\":\"CISOs\u2019 Perspectives on Trust, Resilience and Governing AI\",\"datePublished\":\"2026-03-27T17:05:40+00:00\",\"dateModified\":\"2026-03-27T17:05:41+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.salesforce.com\/eu\/blog\/cisos-perspectives-on-trust-resilience-and-governing-ai\/\"},\"wordCount\":942,\"commentCount\":0,\"image\":{\"@id\":\"https:\/\/www.salesforce.com\/eu\/blog\/cisos-perspectives-on-trust-resilience-and-governing-ai\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.salesforce.com\/eu\/blog\/wp-content\/uploads\/sites\/14\/2026\/03\/imgi_141_AdobeStock_1242240175-2.jpeg\",\"inLanguage\":\"en-GB\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.salesforce.com\/eu\/blog\/cisos-perspectives-on-trust-resilience-and-governing-ai\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.salesforce.com\/eu\/blog\/cisos-perspectives-on-trust-resilience-and-governing-ai\/\",\"url\":\"https:\/\/www.salesforce.com\/eu\/blog\/cisos-perspectives-on-trust-resilience-and-governing-ai\/\",\"name\":\"Ciso security strategies for ai governance and saas risk - Salesforce\",\"isPartOf\":{\"@id\":\"https:\/\/www.salesforce.com\/eu\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.salesforce.com\/eu\/blog\/cisos-perspectives-on-trust-resilience-and-governing-ai\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.salesforce.com\/eu\/blog\/cisos-perspectives-on-trust-resilience-and-governing-ai\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.salesforce.com\/eu\/blog\/wp-content\/uploads\/sites\/14\/2026\/03\/imgi_141_AdobeStock_1242240175-2.jpeg\",\"datePublished\":\"2026-03-27T17:05:40+00:00\",\"dateModified\":\"2026-03-27T17:05:41+00:00\",\"author\":{\"@id\":\"https:\/\/www.salesforce.com\/eu\/blog\/#\/schema\/person\/733b6f0e34ef204ce1e8e3978f1d0f0c\"},\"description\":\"Learn how cisos manage saas risks and ai governance to build resilience. discover proactive strategies for a secure enterprise.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.salesforce.com\/eu\/blog\/cisos-perspectives-on-trust-resilience-and-governing-ai\/#breadcrumb\"},\"inLanguage\":\"en-GB\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.salesforce.com\/eu\/blog\/cisos-perspectives-on-trust-resilience-and-governing-ai\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\/\/www.salesforce.com\/eu\/blog\/cisos-perspectives-on-trust-resilience-and-governing-ai\/#primaryimage\",\"url\":\"https:\/\/www.salesforce.com\/eu\/blog\/wp-content\/uploads\/sites\/14\/2026\/03\/imgi_141_AdobeStock_1242240175-2.jpeg\",\"contentUrl\":\"https:\/\/www.salesforce.com\/eu\/blog\/wp-content\/uploads\/sites\/14\/2026\/03\/imgi_141_AdobeStock_1242240175-2.jpeg\",\"width\":5824,\"height\":3264,\"caption\":\"A blue padlock sits on a white cloud icon.\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.salesforce.com\/eu\/blog\/cisos-perspectives-on-trust-resilience-and-governing-ai\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.salesforce.com\/eu\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"CISOs\u2019 Perspectives on Trust, Resilience and Governing AI\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.salesforce.com\/eu\/blog\/#website\",\"url\":\"https:\/\/www.salesforce.com\/eu\/blog\/\",\"name\":\"Salesforce\",\"description\":\"News, tips, and insights from the global cloud leader\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.salesforce.com\/eu\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-GB\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.salesforce.com\/eu\/blog\/#\/schema\/person\/image\/b8ebd6128e42171af7607e3ce70ff54e\",\"name\":\"Mike Melone\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\/\/www.salesforce.com\/eu\/blog\/#\/schema\/person\/image\/a2a90ed9b03ec2c77ca05b58ba1191bf\",\"url\":\"https:\/\/www.salesforce.com\/eu\/blog\/wp-content\/uploads\/sites\/14\/2026\/03\/imgi_53_IMG_4507.jpg?w=150&h=150&crop=1\",\"contentUrl\":\"https:\/\/www.salesforce.com\/eu\/blog\/wp-content\/uploads\/sites\/14\/2026\/03\/imgi_53_IMG_4507.jpg?w=150&h=150&crop=1\",\"width\":\"150\",\"height\":\"150\",\"caption\":\"Mike Melone\"},\"description\":\"Mike Melone is a Content Marketing Manager for the Salesforce Platform, where he focuses on one of the most overlooked challenges in enterprise tech: keeping data safe. He spent five years at OwnBackup\/Own \u2014 a leading Salesforce data protection company \u2014 before it was acquired by Salesforce, giving him deep expertise in the SaaS data protection space. Mike translates complex security concepts into content that helps Salesforce admins and IT leaders take meaningful action to protect their organizations.\",\"url\":\"https:\/\/www.salesforce.com\/eu\/blog\/author\/mike-melone\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Ciso security strategies for ai governance and saas risk - Salesforce","description":"Learn how cisos manage saas risks and ai governance to build resilience. discover proactive strategies for a secure enterprise.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.salesforce.com\/eu\/blog\/cisos-perspectives-on-trust-resilience-and-governing-ai\/","og_locale":"en_GB","og_type":"article","og_title":"CISOs\u2019 Perspectives on Trust, Resilience and Governing AI","og_description":"At Dreamforce, security leaders weighed in on the shift from reactive defence to proactive resilience and the need to govern AI-driven threats.","og_url":"https:\/\/www.salesforce.com\/eu\/blog\/cisos-perspectives-on-trust-resilience-and-governing-ai\/","og_site_name":"Salesforce","article_published_time":"2026-03-27T17:05:40+00:00","article_modified_time":"2026-03-27T17:05:41+00:00","og_image":[{"width":5824,"height":3264,"url":"https:\/\/www.salesforce.com\/eu\/blog\/wp-content\/uploads\/sites\/14\/2026\/03\/imgi_141_AdobeStock_1242240175-2.jpeg","type":"image\/jpeg"}],"author":"Mike Melone","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Mike Melone","Estimated reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.salesforce.com\/eu\/blog\/cisos-perspectives-on-trust-resilience-and-governing-ai\/#article","isPartOf":{"@id":"https:\/\/www.salesforce.com\/eu\/blog\/cisos-perspectives-on-trust-resilience-and-governing-ai\/"},"author":[{"@id":"https:\/\/www.salesforce.com\/eu\/blog\/#\/schema\/person\/image\/b8ebd6128e42171af7607e3ce70ff54e"}],"headline":"CISOs\u2019 Perspectives on Trust, Resilience and Governing AI","datePublished":"2026-03-27T17:05:40+00:00","dateModified":"2026-03-27T17:05:41+00:00","mainEntityOfPage":{"@id":"https:\/\/www.salesforce.com\/eu\/blog\/cisos-perspectives-on-trust-resilience-and-governing-ai\/"},"wordCount":942,"commentCount":0,"image":{"@id":"https:\/\/www.salesforce.com\/eu\/blog\/cisos-perspectives-on-trust-resilience-and-governing-ai\/#primaryimage"},"thumbnailUrl":"https:\/\/www.salesforce.com\/eu\/blog\/wp-content\/uploads\/sites\/14\/2026\/03\/imgi_141_AdobeStock_1242240175-2.jpeg","inLanguage":"en-GB","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.salesforce.com\/eu\/blog\/cisos-perspectives-on-trust-resilience-and-governing-ai\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.salesforce.com\/eu\/blog\/cisos-perspectives-on-trust-resilience-and-governing-ai\/","url":"https:\/\/www.salesforce.com\/eu\/blog\/cisos-perspectives-on-trust-resilience-and-governing-ai\/","name":"Ciso security strategies for ai governance and saas risk - Salesforce","isPartOf":{"@id":"https:\/\/www.salesforce.com\/eu\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.salesforce.com\/eu\/blog\/cisos-perspectives-on-trust-resilience-and-governing-ai\/#primaryimage"},"image":{"@id":"https:\/\/www.salesforce.com\/eu\/blog\/cisos-perspectives-on-trust-resilience-and-governing-ai\/#primaryimage"},"thumbnailUrl":"https:\/\/www.salesforce.com\/eu\/blog\/wp-content\/uploads\/sites\/14\/2026\/03\/imgi_141_AdobeStock_1242240175-2.jpeg","datePublished":"2026-03-27T17:05:40+00:00","dateModified":"2026-03-27T17:05:41+00:00","author":{"@id":"https:\/\/www.salesforce.com\/eu\/blog\/#\/schema\/person\/733b6f0e34ef204ce1e8e3978f1d0f0c"},"description":"Learn how cisos manage saas risks and ai governance to build resilience. discover proactive strategies for a secure enterprise.","breadcrumb":{"@id":"https:\/\/www.salesforce.com\/eu\/blog\/cisos-perspectives-on-trust-resilience-and-governing-ai\/#breadcrumb"},"inLanguage":"en-GB","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.salesforce.com\/eu\/blog\/cisos-perspectives-on-trust-resilience-and-governing-ai\/"]}]},{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/www.salesforce.com\/eu\/blog\/cisos-perspectives-on-trust-resilience-and-governing-ai\/#primaryimage","url":"https:\/\/www.salesforce.com\/eu\/blog\/wp-content\/uploads\/sites\/14\/2026\/03\/imgi_141_AdobeStock_1242240175-2.jpeg","contentUrl":"https:\/\/www.salesforce.com\/eu\/blog\/wp-content\/uploads\/sites\/14\/2026\/03\/imgi_141_AdobeStock_1242240175-2.jpeg","width":5824,"height":3264,"caption":"A blue padlock sits on a white cloud icon."},{"@type":"BreadcrumbList","@id":"https:\/\/www.salesforce.com\/eu\/blog\/cisos-perspectives-on-trust-resilience-and-governing-ai\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.salesforce.com\/eu\/blog\/"},{"@type":"ListItem","position":2,"name":"CISOs\u2019 Perspectives on Trust, Resilience and Governing AI"}]},{"@type":"WebSite","@id":"https:\/\/www.salesforce.com\/eu\/blog\/#website","url":"https:\/\/www.salesforce.com\/eu\/blog\/","name":"Salesforce","description":"News, tips, and insights from the global cloud leader","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.salesforce.com\/eu\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-GB"},{"@type":"Person","@id":"https:\/\/www.salesforce.com\/eu\/blog\/#\/schema\/person\/image\/b8ebd6128e42171af7607e3ce70ff54e","name":"Mike Melone","image":{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/www.salesforce.com\/eu\/blog\/#\/schema\/person\/image\/a2a90ed9b03ec2c77ca05b58ba1191bf","url":"https:\/\/www.salesforce.com\/eu\/blog\/wp-content\/uploads\/sites\/14\/2026\/03\/imgi_53_IMG_4507.jpg?w=150&h=150&crop=1","contentUrl":"https:\/\/www.salesforce.com\/eu\/blog\/wp-content\/uploads\/sites\/14\/2026\/03\/imgi_53_IMG_4507.jpg?w=150&h=150&crop=1","width":"150","height":"150","caption":"Mike Melone"},"description":"Mike Melone is a Content Marketing Manager for the Salesforce Platform, where he focuses on one of the most overlooked challenges in enterprise tech: keeping data safe. He spent five years at OwnBackup\/Own \u2014 a leading Salesforce data protection company \u2014 before it was acquired by Salesforce, giving him deep expertise in the SaaS data protection space. Mike translates complex security concepts into content that helps Salesforce admins and IT leaders take meaningful action to protect their organizations.","url":"https:\/\/www.salesforce.com\/eu\/blog\/author\/mike-melone\/"}]}},"jetpack_featured_media_url":"https:\/\/www.salesforce.com\/eu\/blog\/wp-content\/uploads\/sites\/14\/2026\/03\/imgi_141_AdobeStock_1242240175-2.jpeg","jetpack_sharing_enabled":true,"distributor_meta":false,"distributor_terms":false,"distributor_media":false,"distributor_original_site_name":"Salesforce","distributor_original_site_url":"https:\/\/www.salesforce.com\/eu\/blog","push-errors":false,"_links":{"self":[{"href":"https:\/\/www.salesforce.com\/eu\/blog\/wp-json\/wp\/v2\/posts\/13344","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.salesforce.com\/eu\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.salesforce.com\/eu\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.salesforce.com\/eu\/blog\/wp-json\/wp\/v2\/users\/605"}],"replies":[{"embeddable":true,"href":"https:\/\/www.salesforce.com\/eu\/blog\/wp-json\/wp\/v2\/comments?post=13344"}],"version-history":[{"count":3,"href":"https:\/\/www.salesforce.com\/eu\/blog\/wp-json\/wp\/v2\/posts\/13344\/revisions"}],"predecessor-version":[{"id":13352,"href":"https:\/\/www.salesforce.com\/eu\/blog\/wp-json\/wp\/v2\/posts\/13344\/revisions\/13352"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.salesforce.com\/eu\/blog\/wp-json\/wp\/v2\/media\/13345"}],"wp:attachment":[{"href":"https:\/\/www.salesforce.com\/eu\/blog\/wp-json\/wp\/v2\/media?parent=13344"}],"wp:term":[{"taxonomy":"sf_topic","embeddable":true,"href":"https:\/\/www.salesforce.com\/eu\/blog\/wp-json\/wp\/v2\/sf_topic?post=13344"},{"taxonomy":"sf_content_type","embeddable":true,"href":"https:\/\/www.salesforce.com\/eu\/blog\/wp-json\/wp\/v2\/sf_content_type?post=13344"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.salesforce.com\/eu\/blog\/wp-json\/wp\/v2\/coauthors?post=13344"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}