CRM Cloud Security: Is Your Customer Information Safe?

November 12, 2017 Security and Compliance, MOVEit

The cloud can be just as secure as on-premise, but a comprehensive defensive framework is essential.

All that marketing and sales information in your online CRM database—whether it’s Salesforce, Microsoft Dynamics 365, or another platform provider in the cloud—is a goldmine for hackers. That makes it critical to pay attention to the security tools your CRM provider offers.

Data security concerns have long been a leading reason why businesses choose not to deploy enterprise applications in the cloud. But a majority of IT security professionals believe the cloud is either as secure or more secure than on-premises IT. This can be attributed to the efforts of leading cloud service providers in securing customer data and providing the security features required by businesses.

Striking a Balance Between IT and Business Requirements

Reaching this level of trust is key in helping IT security requirements and business operations find a happy medium. CRM solutions have proven very beneficial to sales and marketing teams, especially for those who spend most of their day on the road and those who are geographically-dispersed.

In addition to the base CRM features that help marketing and sales manage various programs, running a CRM app in the cloud makes it possible for everyone to instantly access real-time, accurate information. This facilitates collaboration among colleagues and keeps everyone informed on the latest information so they can interact with customers more intelligently.

But a CRM application also contains valuable and sensitive customer information. With the app running in the cloud, this raises a lot of red flags when it comes to security:

  • Preventing phishing and malware attacks
  • Authenticating authorized users
  • Controlling the information and data that each end user can access
  • Managing user-sharing policies
  • Encrypting data (in case it leaks)
  • Monitoring transaction logs (for suspicious behavior)

 

Building a Security Framework for a CRM Cloud Platform

The Salesforce Security Guide provides advice on steps you can take to address all of the challenges listed above. As emphasized by the guide, which provides a security framework for securing a cloud CRM platform, protecting your CRM data is a joint responsibility between you and your cloud provider.

In addition to built-in security features, the cloud provider should also allow you to implement your own security scheme to reflect the structure and needs of your business. This makes it possible to empower your sales and marketing teams with the information they need to do their jobs efficiently while also making sure your precious prospect and customer data remains safe.

Other key features to seek in a CRM cloud platform include real-time views into system performance and security as well as alerts on phishing and malware attempts. System admins should also have the freedom to reconfigure security vulnerability settings and then be able to compare the settings against a recommended baseline.

 

Auditing capabilities should provide information about use of the system, which can help you diagnose security issues and detect potential abuse. The key is to run these audits on a regular basis!

Salesforce also offers tools for building-in transparency, compliance, and governance. These include encryption, event monitoring, and a field audit trail. You can create transaction policies that evaluate activity using events you specify, and for each policy, you can define real-time actions—such as notify, block, enforce two-factor authentication, or choose a session to end.

Going Beyond Security

Going beyond security, it’s also important to consider other issues when it comes to your CRM data:

  • Compliance—is your approach to security violating any regulations and placing your business at risk of incurring heavy fines?
  • Access—will end users always be able to tap into the information they need to do their jobs?
  • Performance—will the app and data-retrieval process always perform optimally?
  • Resiliency—is your data backed up sufficiently, and how quickly can you restore operations in the event of a disaster?
  • Data Transfer—if you want move your CRM data to a new platform, either to another cloud provider or on-premises, what’s the process, and how quickly can the transfer take place?

The leading CRM platform providers offer multiple options to address each of these issues. Whether those options are sufficient to meet your particular requirements may come down to your specific situation and the conditions you are comfortable with across all of these parameters. The important thing is to make sure you ask all the questions, either directly to the provider or in collaboration with your IT partner.

Comparing Your In-House Capabilities to Cloud Providers

An important factor to keep in mind when deciding whether to deploy CRM or another enterprise app in the cloud is comparing your in-house security capabilities to those of a cloud provider. This includes both the technical resources and the technology you have at your disposal.

Cloud providers invest heavily in security technologies. They have the bandwidth to closely monitor your app 7x24, send immediate alerts when issues occur, and intervene to rectify problems before your business is impacted. Security along with compliance, access, performance and resiliency are their top priorities—because they’re also your top concerns. They are thus fully capable of assessing security risks, preventing attacks and making sure your app performs as it should.

All this adds up to tools and skills that go way beyond what most businesses can afford. Finding a strong cloud provider who is willing to collaborate closely with you and share the security responsibility just might be the most secure option for your CRM data.

Kevin Conklin

Kevin joined Ipswitch in 2015 and leads the company’s product and content marketing practices. He is widely recognized for his product marketing accomplishments in information technologies. He is a serial startup executive having played instrumental roles in the success of such companies as for Prelert, VKernel, Mazu Networks and Smarts, Inc. and has been instrumental to the success of these IT management technology companies. Kevin is also the co-host of the PICNIC Podcast live show (https://picnic-podcast.com/), sharing experiences and best practices, providing a voice of expertise, and educating IT professionals with the latest technology challenges.