Keeping Your CRM System Secure From Human Error
By Jim Berkowitz
Here are several excerpts from an article by David Tabor about the importance of limiting access to administrative functions within a CRM system, Too Many Cooks Spoil the CRM System:
CRM systems have varying degrees of security and privilege management, but all the serious CRM options, whether on premises or in the cloud, have fine-grained security because the data is meaningful and must be carefully controlled. CRM users, particularly in sales, will quickly discover that they can't change things to make them look the way they want to (read: game the system) with their normal user level of data access. So they will invest a plausible reason why they need system admin privileges, and all too often they'll be granted full superuser status in the CRM system.
And this would be a good idea why? What trouble lies ahead? Let's start with the fact that users haven't been trained in the intricacies of the CRM system (and with systems like Salesforce.com, Microsoft Dynamics, or Oracle the ante can amount to a full week's worth of classes). They have no idea what kind of damage they can do with seemingly insignificant changes. They don't understand the security model, or the object model, or the external integrations, or the workflows. Even if all they're trying to do is move a field around on the screen, doing it wrong can wreck havoc on users and business processes they didn't even know existed.
Fortunately, untrained admins are unlikely to actually destroy a lot of existing data. Of course they can, but usually when they're trying to change data it's just their own records. As long as you have audit trails turned on (such as Salesforce.com's History Tracking) it's fairly straightforward to reconstruct the crime.
More interesting than data damage is the risk of a superuser seeing data that's supposed to be off-limits. The more integrated your CRM system is with the rest of your IT infrastructure, the more sensitive information an administrator can see. And the more process controls they can inadvertently override. This can include the full company bookings forecast, inventories, contracts, commissions, and even employee home phone numbers. You don't have to be an attorney to shudder about the potential regulatory and legal problems here.
The right answer Fortunately, there are clear best practices here. And let's start with "just say no." Even if there is a good reason why a manager or user needs some special privileges, the number of administrators for a CRM system should be strictly limited.
Use your CRM system's security features to create delegated authority for administrative tasks and access. For example, many marketing users may need to have read access to a broad scope of data, and a few need to be able to use mass-importing tools. But that doesn't mean they should be superusers. Create specific profiles and delegated administrative privileges for these users, and limit the login hours/locations for them, in order to contain the risk of abuse.
If your CRM system doesn't have role-based security or enable delegated authority, this is one of the better reasons to have a serious conversation with your CRM vendor. Find out what's available as "optional extras" on their platform (including third-party add-ons), and make sure your personnel are trained to use whatever security features are available. Also look at the vendor's feature roadmap: in the long run, the best security functionality must come from the platform. If they don't have security high on the agenda it's a signal you need to start looking elsewhere.
About the Author:
Jim Berkowitz is a seasoned executive with more than 30 years of professional services and project management experience related to Customer Relationship Management (CRM) and Financial Management (Accounting & ERP) software solutions for small, mid-sized and Fortune 500 companies. As a Sales Force Automation and CRM Consultant, Jim has assisted more then 100 companies with the design and implementation of custom CRM solutions.
Mr. Berkowitz is the founder and President of CRM Mastery, Inc.; a company dedicated to serving small and mid-sized enterprises (SMEs) by offering affordable tools and guidance to help them plan for and succeed with their CRM initiatives.
is an iEntry, Inc. publication --
iEntry, Inc. 2549 Richmond Rd. Lexington KY, 40509
archives | advertising info | news headlines | free newsletters | comments/feedback | submit article