Is Your Data Secure With Hosted CRM?

Updated: April 30, 2009

Hosted CRM software allows companies with even small IT budgets to run modern, sophisticated customer-analysis applications on a pay-as-you-go basis with only a minimal up-front investment. But despite hosted CRM's benefits, one important question remains: Is vital business data safe in the hands of an external service provider?

Business confidence in hosted CRM technology wasn't exactly enhanced in December 2005, when suffered a several-hour long service outage. The company has reportedly suffered several minor outages since then, as have some other providers, but there's never been a report of any hosted CRM vendor ever losing client data either through an accident or a hacker attack. In fact, hosted CRM vendors do a far better job of safeguarding information than most enterprises, said Rebecca Wettemann, vice president of research for Wellesley, Mass.-based Nucleus Research Inc. "It's in their interest ensure that client information is secure," she said.

Strong Measures

Hosted CRM providers take advantage of an array of data-security technologies and policies — often more extensive and powerful than the tools a typical business would use to safeguard its on-site information. The security technologies typically used by hosted CRM providers include data encryption, user authentication, perimeter defense, operating system safeguards, and storm- and attack-hardened datacenters.

Still, a business shouldn't simply assume that its hosted CRM provider is using adequate data-security measures. When sizing up a potential service provider, be sure to get answers to the following questions:

  • Exactly how does the provider protect its client databases? Find out the specific tools and practices employed, and compare them against the protections used by competing providers.
  • Is data stored in one location or across multiple locations? Are similar safeguards used at all storage sites? Multiple locations protect you from big outages like the datacenter meltdown in San Francisco that took dozens of companies offline for days.
  • How often is data backed up? Are identical backups made to separate geographic locations in order to protect against possible destruction from natural or man-made events, such as storms, earthquakes or terrorist attacks?
  • In the event of a service suspension or cessation, how can you retrieve hosted data and in what format?

The Enemy Within

While useful, analyzing service providers' security practices is only half of the job. It's also important to remember that most data security breaches originate from inside a business. This is why, before or after questioning providers on their security practices, you'll also want to take a long, hard look at your own enterprise's security arrangements. These are the questions that need to be answered:

  • Which employees are given access to hosted CRM data?
  • How are database privilege-level settings configured and assigned?
  • Are employees allowed to download and store hosted data to local storage devices? If so, what security practices are in place to safeguard locally stored data?
  • How are terminated employees' access privileges handled?

It's a good idea to investigate the security practices of any hosted CRM applications provider your organization uses or plans to use. But it's an even better idea to look into your own business's CRM data security environment to spot any potential weak points on your end.

Related Categories
Featured Research
  • Securing Enterprise Information Technology

    In the 1980s and 1990s, business applications and data were largely confined within and protected by a Local Area Network (LAN). The 2000s introduced a significant change. Download this white paper now to learn why the shift to the cloud is changing how companies think about and manage their IT infrastructure. more

  • Office365 Adoption eGuide

    Microsoft moved to the cloud in 2014, and, as a result, Office 365 is taking off. Now, Okta customers are connecting to Office 365 in increasing numbers. This eGuide explains why IT departments should plan and deploy solutions around identity and mobility management in concert with their Office 365 roll out to get maximum user adoption. more

  • Okta Directory Integration

    For most companies, Active Directory (AD) or Lightweight Directory Access Protocol (LDAP) play a central role in coordinating identity and access management policies. When on-premise applications are integrated to Active Directory or LDAP, users get the best possible experience. That's why Okta's cloud-based identity and access management service provides a highly useful single integration point. more

  • Top 8 Identity and Access Management Challenges with Your SaaS Applications

    With more and more businesses adopting Software-as-a-Service (SaaS) applications, enterprise IT is fundamentally changing. This whitepaper presents the eight biggest Identity and Access Management (IAM) challenges associated with adopting and deploying cloud and SaaS applications, and discusses best practices for addressing each of them. more

  • Better BYOD with Pulse Secure and MDM Partners

    Learn how Pulse Secure and leading MDM product partners are transforming the way employees and IT benefit from the productivity and flexibility of BYOD — without compromising security or increasing management complexity. more