Salesforce is working with the State Department to build a CRM system for its field staff, Protocol has learned. It's the software giant's first major foray into handling secret government info.
The company already has a robust government business that is poised to generate over $1 billion annually, according to sources and public information. By itself, the contract with the State Department, which was previously undisclosed, will be ultimately worth "several hundreds of millions of dollars," per one source. Salesforce is also looking to beef up its presence in the federal government; it recently posted job openings for several roles focused on selling software to health care agencies like the Food and Drug Administration and the Centers for Disease Control and Prevention.
But the State Department project is the first time Salesforce would be dealing with confidential data. And there are signs the company is gearing up to do more. For example, it's seeking a "business architect director" for its public sector unit who must be a U.S. citizen, and includes security clearances such as "Top Secret SCI Cleared," one of several roles seeking such credentials. Salesforce is trying to keep the project confidential; individuals working on it were asked to sign NDAs, according to one source, but the company's legal department ultimately said it was unnecessary.
Salesforce declined to comment. In an emailed statement, the State Department said it "has been invested in deploying Salesforce CRM technology as an enterprise contact management platform to support embassies and domestic offices since 2018."
"The purpose of the deployment is to provide a modern, unified application that captures contact information and historical data and context to those contacts for more than 270 diplomatic posts overseas," a State Department spokesperson added. To date, costs have totaled roughly $61 million, including $35 million on labor costs and $26 million on licenses, per the agency.
The project marks Salesforce's first time building a completely private system for a single customer. While some clients have portions of their overall system that run separately from Salesforce's servers and on their own databases, none operates completely independently and each is still connected directly to Salesforce.
But the State Department's system will be completely separate, meaning that if Salesforce launched it and did nothing, the software would effectively continue to run in perpetuity (barring any internal errors), unaffected by any broader changes the company would make to its own tech, per one source familiar with the plans. To be able to still access the network, Salesforce is said to be building a SCIF, which is basically a secure room to conduct confidential operations. The Senate uses a SCIF, for example, for its sensitive intelligence briefings.
The setup, however, is not a totally new concept for the organization. For instance, Salesforce partnered with Alibaba in 2019 to sell its CRM software to companies in Asia. Those systems run entirely on Alibaba's servers in China, per the source, a similar move that other foreign companies also take to comply with the country's laws regarding stored data. Again, Salesforce declined to comment.
Outside of the State Department contract, Salesforce also expanded its reach into the intelligence community with its purchase of Acumen Solutions in December, a consulting company that counts the U.S. Army, State Department and the Department of Homeland Security as customers.Salesforce's growing federal business has drawn some criticism from its own employees, specifically over the company's work with DHS. In response, Salesforce previously specified that its contract with the U.S. Customs and Border Protection Agency didn't cover work on Trump's family separation policy. At the time, the company also said it didn't have a contract with ICE. While Salesforce doesn't, Tableau and MuleSoft (which Salesforce purchased in 2019 and 2018, respectively) both work with the immigration enforcement unit, per sources. Once again, Salesforce declined to comment.