Security may be the single biggest issue for any company considering a SaaS-based CRM solution. In fact, according to a 2010 Goldman Sachs IT Spending Survey, 84 percent of all CIOs now see security as a major hurdle to cloud computing - a number that has actually increased over the past 12 months.
Effective security is not just about protecting business data against hackers. It also is about finding a CRM solution that is highly reliable, meets the company's risk-management and IT governance goals, and offers the right amount of control over organizational data and business processes.
Above all, however, CRM security is a matter of protecting one of the company's most valuable assets - its customer data. When an organization is choosing between an on-premise or an on-demand CRM solution, the answers to the following four questions will help make the decision clear:
- Do We Have Control of Our Data? Backups are your first - and perhaps last - line of defense against catastrophic data loss. On-premise solutions offer a high level of assurance regarding the consistency of backups, although these still depend on the processes and diligence of a company's internal IT staff. On-demand offerings should be evaluated for their backup and disaster recovery services and procedures, which vary by vendor.Concering data ownership, traditional on-demand CRM solutions often do not provide customers' private data in a usable format. "SaaS sites typically do not make it easy to get acces to your data so you can back it up or move it elsewhere when you need to," says David Wallace, Director or Product Management for Sage CRM Solutions. This raises the question of who really owns the data on a SaaS provider's systems - and what will happen if you decide to end a relationship with that provider and demand access to your data.
- Can the CRM Solution Protect Sensitive Customer Data? CRM systems frequently manage sensitive customer information, including credit card and other financial data. They also may integrate with other back-office systems, including ERP and financial applications, which handle sensitive data. The best CRM solution will provide the necessary security for companies that need to allow employee access to customer data and access to data that may be moving to and from on-premise (or even other hosted) applications. "Getting access to secure data from the cloud is not always easy," says Wallace. "It is also a concern as companies need to open up their security to allow outside acces [to sensitive customer data]."
- Do We Know Where Our CRM Data is Stored? Many SaaS solutions employ multi-tenant architectures that may raise privacy, security, or regulatory concerns for a business. Certain countries and industries have specific requirements regarding where data is kept. SaaS providers may fail to address the question of exactly where the data is being stored. "Some hosting sites are outside national boundaries," says Wallace, "and government policies may limit where sensitive data can be stored geographically."
- Do We Have Control Over Internal Access to Customer Data? A less mature or less sophisticated CRM solution may provide every employee with uniform access to all CRM data and functionality. This approach may sow confusion and hinder productivity, and it also creates serious security and privacy concerns. A robust CRM solution, whether it is deployed on-premise or on-demand, allows a company to lock down access to sensitive data based on specific, user-defined parameters. A sales team, customer service staff, and field service organization, for example, should each have access to specifically defined, and carefully controlled, customer data subsets.
Based on these considerations, a company may choose to manage data-security risk by using an on-premise CRM solution. Or it may turn to an on-demand CRM option built upon an advanced architecture that has built in benefits to managing and controlling data security. Either way, it is essential to keep control over - and ownership of - vital customer data.
Will Users Adopt the CRM Solution We Choose?