CRM Security Concerns

By Brian Boguhn
Updated: February 14, 2011

Customer Relationship Management (CRM) software, by its very nature, invites security concerns. The information wrapped into a CRM solution can be the heartbeat of a company, and is ripe for plucking. Whether you use a hosted CRM solution or an onsite solution, you need to take care to make sure that your data is protected.

Concerns with Hosted Solutions

A major concern with hosted solutions is that the customer’s data is not on their own premises, and that someone else has access to it. Customers need to be concerned about what kind of security the host is providing to protect against this. What types of protection are in place to prevent someone from hacking into the host? Is there monitoring going on to make sure that employees of the host are not accessing data that should be off limits to them?

Another concern that customers have simply deals with the connection to the Internet. If a piece of the hosted solution can work without connecting to the Internet, customers would prefer it that way. Any opening to the Internet on either side provides some sort of vulnerability that could be exploited. The host needs to provide solutions to prevent unauthorized access from the outside, either into the host itself or to the customer while connected to the host.

Thankfully, online vendors recognize that their reputation is built on security, and that any type of breach could be potentially fatal to their business. Many vendors house their solutions in Fortune 500 data centers, something that most customers would never be able to afford on their own. A vendor can sell a customer on the security of their hosted solution by pointing out to them that they are offering a superior security system than they could ever afford on their own.

Concerns with Onsite Solutions

Because hosting vendors can offer superior data centers, companies keeping their data onsite need to be concerned about what kind of security they have in place to prevent attacks from the Internet. Some of the security issues a business could be exposed to include:

• Denial of Service attacks – the purpose is to make the attacked system unavailable to customers. Any sort of down time could be devastating to a company.
• Theft of customer information – CRM solutions hold information about every customer a business deals with. Attackers can break in and steal this information.
• Malware attacks – hardware and data loss can occur from viruses and worms.

To guard against these types of concerns, several methods can be employed. A good firewall should be in place. Businesses should have a good password policy, enforcing both long passwords and encryption. An anti-virus program should be running on both workstations and servers. A VPN connection providing a secure channel when transferring data will help with security as well.

No Perfect Solution

Security will always be a concern, and there is no perfect solution. Criminals will always be looking for new ways to continue to disrupt businesses. Whether using a hosted solution or one that is onsite, companies should do their due diligence in both cases. Research your hosting vendor and be comfortable with the security measures being offered. Make sure you have strong measures in place if you’re going to be hosting the data yourself. While at the very least you’ll be certain to encounter some sort of virus or malware at some point, at least you’ll be comfortable that you took every reasonable step you could to protect your business.