The thought of storing thousands of pieces of customer data in the cloud can raise red flags for decision-makers. With the frequent headlines about data breaches, they may wonder just how secure a cloud CRM solution can be.
With so much customer data at stake, it’s good to be concerned about CRM data security.
While all prospective CRM buyers need to ask potential vendors about data security, enterprise customers must understand what measures a vendor takes to keep their data secure.
With that in mind, here’s how two popular enterprise CRM vendors, Salesforce and Microsoft, keep customer data safe.
Microsoft Dynamics CRM
Dynamics CRM is based on the tried-and-true SQL Server technology, which has been around and evolving since the late 1980s. Using these servers, Microsoft provides uptimes over 99.9%. As one of the largest software providers in the world, Microsoft has also been one of the biggest targets for hackers. This has given them unique insights into what it takes to develop and maintain CRM data security.
Multiple Data Centers
Dynamics CRM data is stored in redundant regional data centers, so a problem at one data center won’t cause downtime or lost data. Each data center features robust disaster protection, fire suppression, access controls, redundant power supplies, and more. The data centers, and the policies governing them, are ISO-27001 certified, as well as being certified by the Cloud Security Alliance (CSA) Cloud Computing Matrix (CCM).
Encrypted Transmissions
Connections to the Dynamics CRM servers are made using the latest Transport Layer Security (TLS) and Secure Socket Layer (SSL) protocols. This establishes a highly secure, encrypted connection between the servers and the point of use.
User Security
Dynamics makes it easy to ensure that CRM data security isn’t breached due to user errors. Using a multi-layered and tiered approach, each employee is given only the roles, privileges, and access they absolutely must have to do their jobs. Dynamics also provides proactive monitoring for unusual behavior.
Someone attempting to access CRM data using a misplaced iPhone that is logged into Dynamics would likely trigger an alert, allowing you to deactivate that account. Dynamics also offers two-factor authentication for access to CRM data. Even with a logged-in device, a would-be thief would need to overcome another level of security before being able to access or change data.
Hack Resistant
To date, Dynamics CRM Online has not suffered an outside breach. The last reported breach at Microsoft was an internal penetration caused by users accessing a third-party developer website that had been infected with a trojan.
Salesforce
Oracle Database has existed in various forms since the late 1970s. Like Microsoft, it has long been a target of hackers. However, it has used that experience to build one of the most popular and secure database systems available.
Also boasting uptimes over 99.9%, it’s no surprise that Salesforce chooses to run on Oracle Database. As of June 2013, Salesforce entered into a deal to standardize on Oracle platforms, meaning they’ll stick with this system for the foreseeable future.
Oracle Database has been around, in various forms, since the late 1970s. Like Microsoft, they have long been a target of hackers. They have used that experience to build one of the most popular, and secure, database systems available.
Global Datacenter Backups
Salesforce utilizes many of the same practices and principles as Microsoft when it comes to securing customer data. The company has many compliance certifications. Each data center is mirrored with another global data center, providing a real-time backup of all information stored on the servers.
Certified Transmissions
Connections to the salesforce.com service require a minimum 128-bit VeriSign SSL certification and 2048-bit RSA public keys. This secure connection prevents the interception and interpretation of communications between Salesforce and users.
End User Protection
Salesforce employs a multi-tiered approach to user security. Access permissions, user roles, session timeouts, and more are easily customizable. In the event that a device is lost or stolen, it will quickly become useless, as access from an untrusted network requires a pre-issued security token that only authorized users can access. These and many other features ensure that your CRM data is only accessible to employees with a legitimate need for it.
Lessons Learned
In 1999, Salesforce introduced the world to cloud-based CRM, and in the years they’ve been in business, there has only been one security breach. In 2007, a Salesforce employee fell victim to a targeted phishing scam and was tricked into providing admin credentials to the perpetrators.
After the incident, salesforce.com led the industry in tightening security measures for cloud-based software and introduced two-factor authentication. In the many years since they were hacked, Salesforce hasn’t suffered another breach.
Data Security Equals Customer Confidence
It’s easy to get caught up in overdramatized hype and headlines about data security these days. It’s important to remember that a problem or breach at one cloud-based software company, whether it’s a CRM vendor or otherwise, is not representative of cloud computing as a whole.
Enterprise CRM vendors have developed a laser focus on CRM data security and, when viewed in comparison with on-premises installations, offer security of equal or better quality. They have to, in a way, because any customer that feels their data isn’t secure won’t be a customer for very long.
It may not grab the headlines and spotlight like new features, integrations, and user interfaces, but you can bet that data security is a top priority for every vendor that wants to stay in business, and they all do.