The thought of storing thousands of pieces of customer data in the cloud can raise red flags for decision makers. With the frequent headlines about “hacking” and data breaches, they may wonder just how secure a cloud CRM solution can be.
With so much customer data at stake, it’s good to be concerned about CRM data security.
While it’s important for all prospective CRM buyers to ask potential vendors about data security, it’s especially crucial for enterprise customers to understand what measures a vendor is taking to keep their data secure.
With that in mind, here’s how two of the most popular enterprise CRM vendors, salesforce.com and Microsoft, keep customer data safe.
Microsoft Dynamics CRM
Dynamics CRM is based on the tried-and-true SQL Server technology. This database technology has been around and evolving since the late 1980s.Using these servers, Microsoft provides “up-times” in excess of 99.9%. As one of the largest software providers in the world, Microsoft has also been one of the biggest targets for hackers. This has given them unique insights into what it takes to develop, and maintain, CRM data security.
Multiple Data Centers
Dynamics CRM data is stored in redundant regional data centers, so a problem at one data center won’t cause downtime or lost data.
Dynamics CRM data is stored in redundant regional data centers, so a problem at one data center won’t cause downtime or lost data. Each data center features robust disaster protection, fire suppression, access controls, redundant power supplies, and more. The data centers, and the policies governing them, are ISO-27001 certified, as well as being certified by the Cloud Security Alliance (CSA) Cloud Computing Matrix (CCM).
Encrypted Transmissions
Connections to the Dynamics CRM servers are made using the latest Transport Layer Security (TLS) and Secure Socket Layer (SSL) protocols. This establishes a highly secure, encrypted connection between the servers and the point of use.
User Security
Dynamics makes it easy to ensure that CRM data security isn’t breached due to user errors. Using a multi-layered and tiered approach, each employee is given only the roles, privileges, and access they absolutely must have to do their jobs. Dynamics also provides proactive monitoring for unusual behavior.
Someone attempting to access CRM data using a misplaced iPhone that is logged into Dynamics would likely trigger an alert, allowing you to deactivate that account. Dynamics also offers two-factor authentication for access to CRM data. Even with a logged-in device, a would-be thief would need to overcome another level of security before being able to access or change data.
Hack Resistant
To date, Dynamics CRM Online has not suffered an outside breach. The last reported breach at Microsoft was an internal penetration caused by users accessing a third-party developer website that had been infected with a trojan.
Salesforce.com
Oracle Database has been around, in various forms, since the late 1970s. Like Microsoft, they have long been a target of hackers. They have used that experience to build one of the most popular, and secure, database systems available.
Also boasting up-times in excess of 99.9%, it’s no surprise that salesforce.com chooses to run on Oracle Database. As of June, 2013, Salesforce.com entered into a deal to standardize on Oracle platforms, meaning they’ll be sticking with this system for the foreseeable future.
Oracle Database has been around, in various forms, since the late 1970s. Like Microsoft, they have long been a target of hackers. They have used that experience to build one of the most popular, and secure, database systems available.
Global Datacenter Backups
Salesforce.com utilizes many of the same practices and principles as Microsoft when it comes to securing customer data, also earning them an ISO-27001 certification. Each datacenter is mirrored with another global datacenter, providing a real-time backup of all information stored on the servers.
Certified Transmissions
Connections to the salesforce.com service require a minimum 128-bit VeriSign SSL certification and 2048-bit RSA public keys. This secure connection prevents the interception and interpretation of communications between Salesforce.com and users.
End User Protection
Salesforce.com employs a multi-tiered approach to user security. Access permissions, user roles, session timeouts, and more are easily customizable. In the event that a device is lost or stolen, it will quickly become useless, as access from an untrusted network requires a pre-issued security token that only authorized users can access. These, and many other features, ensure that your CRM data is only accessible by those employees who have a legitimate need for it.
Lessons Learned
In 1999, salesforce.com introduced the world to cloud-based CRM, and in the 14 years they’ve been in business, there has only been one case of security breach. In 2007, a salesforce.com employee fell victim to a targeted phishing scam and was tricked into providing admin credentials to the perpetrators.
After the incident, salesforce.com led the industry in tightening security measures for cloud-based software and introduced two-factor authentication. In the more than six years since they were hacked, salesforce.com hasn’t suffered another breach.
Data Security Equals Customer Confidence
It’s easy to get caught up in overdramatized hype and headlines about data security these days. It’s important to remember that a problem or breach at one cloud-based software company, whether it’s a CRM vendor or otherwise, is not representative of cloud computing as a whole.
Enterprise CRM vendors have developed a laser focus on CRM data security and, when viewed in comparison with on-premises installations, offer security of equal or better quality. They have to, in a way, because any customer that feels their data isn’t secure won’t be a customer for very long.
It may not grab the headlines and spotlight like new features, integrations, and user interfaces, but you can bet that data security is a top priority for every vendor that wants to stay in business, and they all do.
