What this AppExchange Partner did to Pass Security Review the First Time
Whether you’re a new entrepreneur launching your first app, a seasoned AppExchange pro with multiple solutions on the marketplace, or somewhere in between, all can relate to that the feeling of accomplishment that comes with these words: “Congratulations! Your application has passed our Security Review process.”
The culmination of months (or more) of work to make the journey from idea to app to market hinges on successfully passing Salesforce’s comprehensive security review — which doesn’t occur on the first attempt very often. That’s because trust is our number one value, and since customers use AppExchange solutions to extend the power of Salesforce, these solutions must go through the very same comprehensive security processes as our own products.
However, Aforza, a global startup based in the UK, did pass on the first try. We talked with their Chief Product Officer and Co-Founder, Nick Eales, to learn more about how the organization prepared for security review. Plus, there are additional insights around working in the Salesforce ecosystem.
Tell us a little about you and Aforza.
Nick Eales: “Myself and two of my co-founders are all former Salesforce employees. We’ve been in the Salesforce ecosystem for 10+ years each, and post-Salesforce, we all found ourselves working on solutions for industry and vertical-specific spaces.
Previously, my co-founder Dominic Dinardo and I worked at Salesforce partner, Vlocity. Dominic also formerly led Veeva in Europe. Both companies are large Salesforce partners spanning many industries. After working in the industry space for so many years, we came together and identified there was a real gap — and a real opportunity — in the market for the consumer goods industry. We moved forward and founded Aforza in April 2019; with a focus on building out applications on Salesforce for the consumer goods industry.”
What did the name Aforza come from?
NE: “‘Forza’ in Italian means strength and force — going fast. We felt that was a nice allusion to what we’re trying to do as a company, and a nice throwback to the first dot com of Salesforce as well.”
Give me the elevator pitch of what your AppExchange solution is all about.
NE: “Our application spans across three platforms. The majority of the application is based on Salesforce — that’s our platform of choice. It’s the glue that holds everything together. We’ve built out an extensive industry data model for consumer goods of over 70 different custom objects — so a consumer goods business can manage inventory levels, generate invoices, capture orders, run sophisticated pricing rules, plus manage accounts and their product catalog. On top of that, we’ve layered on a number of business capabilities, including sophisticated order configuration, plus visit planning and management capabilities. Now, using Aforza, consumer goods sales reps can build out and plan their visits to stores to sell goods.
We’ve also built mobile applications, all using the Salesforce Mobile SDK, which works on both Android and Apple iOS. These allow you to pull down all of your data and details when completely offline in stores, meaning your field sales team is empowered to go in and execute these store visits efficiently.”
How did you make the leap from identifying the opportunity in consumer goods to working on your app?
NE: “We did a lot of market research. We spoke to potential customers about what they use Salesforce for today and also what they don’t use Salesforce for. When evaluating the total addressable market, we noticed that there’s not a main vendor in this market doing end-to-end consumer goods applications. Salesforce has a small sliver of the pie, and the other 60% is just niche vendors. So, hand-in-hand with Consumer Goods Cloud, we are, essentially, taking on that market to gain a significant share, and be the dominant player in that space.”
Your application passed security review on the first try. What did Aforza do to prepare for Security Review, and what advice do you have for other partners?
NE: “First, be aware of the different security areas that you need to build and plan for when developing your solution. We looked at the Submission Requirements Checklist Builder, as well as guides online from people that had worked through the Security Review before. Being careful and mindful are the biggest takeaways, such as planning for SQL injection, respecting the security settings, and the sharing settings when accessing data in your custom Apex. Knowing all of this upfront, and ensuring it is considered when developing your application, will put you on the best path from the start.
I also recommend really, really knowing the Salesforce Platform. I find that if you are a developer from another background, such as Java, you’ll get yourself into a mess if you just start coding straight away on the Salesforce Platform. You might be a fantastic developer, but you’re going to quickly hit limits, building in a way that doesn’t scale — and it’s going to cause issues which wouldn’t come out until Security Review. Ideally, if you can make it happen, hire someone that has been working on the Salesforce Platform for a long time when moving into the app development phase. But, if you don’t, and you’re coming from scratch, then make sure you put in your time to do training beforehand. Use Trailhead, and complete applicable certifications if you can. Having a firm grasp of the basics will go a long way to make sure you pass that first review.”
Those are some helpful insights. What other key learnings can you share with partners, potential partners, and entrepreneurs looking to build and launch an app on AppExchange?
NE: “The first thing is the Security Review process is long. You just need to be aware of that and plan accordingly, especially in the run-up to Dreamforce. If you have big deadlines you’re trying to hit, be aware of how long the Security Review process takes. That’s a big one for launching.
Secondly, it’s not all about the technical side of things; it’s also about the marketing. AppExchange gives you a really good resources for marketing your application. They provide tools to build out nice screenshots, slides and video content; giving you lots of space to describe your application, set the pricing, and provide free trials. Being able to create templates that you can use as those trial environments is huge out of the box. Leveraging that is crucial.
The third tip is finding the right app to build. Figure out where there’s a gap in the market, where there’s an area that could be improved, where there’s whitespace, and build something to address it. And it doesn’t need to be massive! Yes, Aforza is building something really large in scope and ambition, but don’t be afraid to aim for simplicity. Even if your idea is small, and you think, ‘someone else has done that before,’ it’s worth investigating to see if you could do it better. A million people have ideas, but it’s the execution that actually makes the difference.
The final learning is around starting a company — it’s always a big endeavor, especially if you haven’t done it before. Funding always makes things smoother, but even if you don’t have, or pursue, funding, you can do it. The ability to build quickly on Salesforce, and market your application in your free time, is completely doable and completely possible. It’s something I encourage anyone in the Salesforce ecosystem to try out.”
To learn more about passing the Security Review process, check out 5 Ways to Accelerate the Security Review Process.