Can customer data live securely in the cloud?
The short answer is yes, and it’s backed up by the legions of businesses that have adopted cloud-based versions of Microsoft CRM Dynamics, Oracle CRM On Demand, and Salesforce. They’ve trusted their customer data to the care of top CRM vendors, and seen that trust repaid by excellent levels of not just security, but also usability, uptime and availability.
But no two cloud CRM projects are the same, which is why we recommend starting any CRM project by defining your business goals. After spelling out those goals, then bring your security, compliance, and control concerns and requirements to the technology evaluation and selection process.
To learn more, I spoke with Innoveer managing principal Matthew Botos, who offers the following seven security, compliance and control facts for cloud CRM:
1. Marquee Customers Signal Cloud Trust
Adopting cloud-based software no longer means living on the edge. Indeed, Innoveer’s many CRM customers–using Microsoft Dynamics CRM, Oracle CRM On Demand or Salesforce–include numerous big names, including Aviva, Experian, Genzyme Biosurgery, and Monster. Meanwhile, salesforce.com boasts such marquee customers as American Red Cross, GE Capital, Schwab, and Wells Fargo Bank. This isn’t name-dropping, but rather a demonstration that whether it’s financial services firms or charities, leading biotechnology firms or retailers, many businesses now choose to store their customer data in the cloud.
2. Security Reality: Cloud Versus In-House Data Centers
Compared with most in-house data centers, the cloud provides superior levels of uptime, availability and data security. True, some of the world’s biggest telecommunications and financial services firms may have data center operations that rival the world’s largest cloud CRM vendors. But most other businesses simply won’t have the resources or wherewithal to maintain the levels of security, availability, scalability, or backup and recovery preparedness that a large-scale cloud-based vendor provides, both through its information security personnel headcount, as well as application of the latest security tools and technology.
In addition, out of the box, leading cloud CRM tools–and related environments, such as Force.com and Database.com–will manage users, permissions, passwords, and more. In other words, compared with on-premises applications or custom development, much of the required security preparedness legwork gets eliminated by using cloud-based CRM applications.
3. Cloud Offers Sustainability
When thinking green, which is more efficient, in-house data centers or cloud-based applications? In most cases, the cloud wins, hands down. When it comes to carbon emissions, for example, salesforce.com says its cloud computing model is 95% more efficient than on-premises hardware and software, and 64% more efficient than private clouds.
4. Tackling Mobile Security, BYOD
Without a doubt, we’re now living in the bring your own device (BYOD) era. But allowing employees to access any and all corporate data on their personal iPhone, iPad, Android smartphone, BlackBerry, tablet, or any other device can be a challenge.
Accordingly, when evaluating CRM technology, always assess the best way to securely deliver applications and corporate information to mobile devices. For many of Innoveer’s customers, that challenge has actually driven CIOs to adopt modern, cloud-based CRM systems, which are designed to securely deliver data to mobile devices. To further improve their information security posture, many firms also utilize mobile device management software to secure employee-owned devices–and not just for using CRM or storing customer data.
5. Manage Accounts & Access From The Start
Out of the box, leading cloud-based CRM tools offer a strong system for user control and data access. That begins by the vendor maintaining numerous checks and balances to ensure that no one from inside the CRM provider is ever allowed to see customers’ stored data. From an end user standpoint, meanwhile, the tools offer access controls to ensure that interns don’t see everything that a CEO can see, and that only relevant data appears on customer-facing portals.
Ensuring that only designated people inside your business can see sensitive data requires creating the right security profiles and roles. Accordingly, that’s what a large part of Innoveer’s project discovery phase entails: determining who can see what, and finding the best way to bake that in, from the beginning.
6. Address Active Directory, LDAP Integration Early
For businesses that will be tapping other systems–such as Active Directory or LDAP servers–to provide access credentials for their CRM application, include integration in your project plan. Set this up correctly from the start, and your existing approach to access and identity management can be used to ensure that users not only get added to the CRM application, but automatically removed if they depart.
7. Encryption Add-Ons Provide Compliance Strategies
In many industries, businesses must handle customer data in line with multiple regulations. In such cases, firms may be prohibited from–or just uneasy about–storing customer data in the cloud. For example, a state CIO, speaking at a recent cloud roundtable, said the state wanted to ensure that its data remained inside state borders, to prevent the government from having to comply with any other state’s regulations.
How have Innoveer customers been addressing this business requirement? One response from financial services firms, amongst others, has been to tap add-on technology, for example from CipherCloud, which offers a virtual encryption gateway that encrypts all data before it leaves the enterprise firewall–yet through a bit of tech magic still allows users to search the data. As a result, all data stored in a cloud-based CRM application remains fully encrypted, with only the CRM-using business holding the keys.
According to CipherCloud, its customers tap its technology to address data residency, security, privacy, and compliance requirements, spanning such regulations as GLBA, FISMA, PCI, HITECH, as well as EU Data Protection Directives, PIPEDA, and NPP.
Another option, meanwhile, is to use the Database.com Data Residency Option, which enables Salesforce users to designate which data should be stored on premises, which data can be stored in the cloud, as well as to encrypt any data before it gets sent to salesforce.com servers.
Learn More
For more information on cloud-based CRM and information security, salesforce.com offers excellent white papers on Salesforce security, as well as Force.com security.
Meanwhile, are you looking for today’s top CRM project recommendations? See our hot picks for marketing, sales, customer service, and CRM technology.
Post and thumbnail photos courtesy of Flickr user Mark Rain.
This is the number one thing people ask us about when asking about the viability of our cloud solution: will my data be secure?
Just as you explained above, the answer is resoundingly a yes, and is almost a given considering the point you made about businesses trying to run their own on-premise software.
Cloud companies live and breath on secure and available software, which takes a huge load off a business’ shoulders in terms of cost, time, and IT headaches. You just can’t beat it.