How Secure is Open-Source CRM?

Updated: December 26, 2007

Issue


You're right to worry about the security of your CRM software. It provides access to every bit of information about your customers, including their financial details. It would be a disaster if the wrong people got their hands on this data, so your software must be as secure as possible.

Some people have raised questions about the security of open-source software in general. How can software be secure if anyone at all can look at its source code to spy for security holes?

How secure can software be when it is written by hundreds of loosely connected, part-time programmers?


Analysis


It is true that hackers can examine open-source code as well as anyone else. But so can the open-source community, which consists of people who either use the software themselves or who work for enterprises that rely upon it. The fact is, many security experts' eyes focus on open-source software whenever a new version is released. They find the security holes quickly and fix them, often in a day or less.

As for sloppy code writing, it generally doesn't happen in the open-source community. Code must be written to certain standards if it is to be read, understood and enhanced by dozens or hundreds of other people. Sloppy programmers just don't get to work on open-source projects. When a rough patch of code does make it into an open-source package, the community works to smooth it out. This is how security vulnerabilities are eliminated.

This is not to say that all open-source CRM software is perfectly secure. In fact, most intruders gain entry to a system not through some flaw in its code but though "social engineering" — sweet-talking someone into giving up the keys to the kingdom. Many open-source CRM packages lack roles-based security, which allows for limits on a user's access based upon the role he plays in the enterprise. There is no need for a sales rep to have access to payroll data, for instance.

Nor is it safe to say that proprietary, closed software is less secure than an open-source CRM solution. It is programming practice that makes software secure. If you keep your eyes open for potential security holes while developing software, you will find and close them. It is just as possible to create a culture of security consciousness at a private enterprise as it is in anopen-source community.


Conclusion


The security of an established, widely supported, open-source CRM application is probably at least as good as the security of a commercial application. It is likely that patches for any discovered security holes will be issued very quickly. And it's comforting to know that hundreds of eyes are scanning the code, looking for potential problems to fix.


For more information on open source CRM, check out Focus' Buyer's Checklist: Open Source CRM and this related brief.

Related Categories
Featured Research
  • Securing Enterprise Information Technology

    In the 1980s and 1990s, business applications and data were largely confined within and protected by a Local Area Network (LAN). The 2000s introduced a significant change. Download this white paper now to learn why the shift to the cloud is changing how companies think about and manage their IT infrastructure. more

  • Office365 Adoption eGuide

    Microsoft moved to the cloud in 2014, and, as a result, Office 365 is taking off. Now, Okta customers are connecting to Office 365 in increasing numbers. This eGuide explains why IT departments should plan and deploy solutions around identity and mobility management in concert with their Office 365 roll out to get maximum user adoption. more

  • Okta Directory Integration

    For most companies, Active Directory (AD) or Lightweight Directory Access Protocol (LDAP) play a central role in coordinating identity and access management policies. When on-premise applications are integrated to Active Directory or LDAP, users get the best possible experience. That's why Okta's cloud-based identity and access management service provides a highly useful single integration point. more

  • Top 8 Identity and Access Management Challenges with Your SaaS Applications

    With more and more businesses adopting Software-as-a-Service (SaaS) applications, enterprise IT is fundamentally changing. This whitepaper presents the eight biggest Identity and Access Management (IAM) challenges associated with adopting and deploying cloud and SaaS applications, and discusses best practices for addressing each of them. more

  • Better BYOD with Pulse Secure and MDM Partners

    Learn how Pulse Secure and leading MDM product partners are transforming the way employees and IT benefit from the productivity and flexibility of BYOD — without compromising security or increasing management complexity. more