If CRM has been a struggle or a passion for you then Infosys’ CRM blogs is the place to be in. Come join us as we discuss the latest trends, innovations and happenings which will have a bearing on CRM.

« Marketo: Rising from the ashes? | Main | CRM and Maslow Need Theory »

How secure is your cloud based CRM solution?

A seemingly legitimate solution to a business problem is often a founding stone for another unforeseen challenge. As we grow with time and technology, we need to ensure that we do not complicate things today to have an unfussy tomorrow.

While cloud based solutions (such as SaaS CRM) are inevitable, the concept also has many dilemmas enveloping it. There are concerns and apprehensions about its sustainable future, one of those concerns revolve around security. 

The Enterprises of today need technology that can not only assist and better the core business operations but also house the need to scale up, go mobile & accommodate faster with newer customer & business information necessities. 
A seemingly legitimate solution to a business problem is often a founding stone for another unforeseen challenge. As we grow with time and technology, we need to ensure that we do not complicate things today to have an unfussy tomorrow.

While cloud based solutions (such as SaaS CRM) are inevitable, the concept also has many dilemmas enveloping it. There are concerns and apprehensions about its sustainable future, one of those concerns revolve around security. 

The Enterprises of today need technology that can not only assist and better the core business operations but also house the need to scale up, go mobile & accommodate faster with newer customer & business information necessities. 

There's no denying in the convincing rewards of moving to the cloud. However, the enterprises of tomorrow must acknowledge that there is a lot more! Chief technologists are concerned about the security of organizations' data as with new measures of security, sprout new hacking minds too.

Agreeing to Cloud Security Alliance (CSA) the top 9 security threats to cloud solutions are - 

  • Data Breaches
  • Data Loss
  • Account Hijacking
  • Denial of Service
  • Insecure APIs
  • Malicious Insiders
  • Abuse of Cloud Services
  • Insufficient Due Diligence
  • Shared Technology Issues 

You may download the research here - https://cloudsecurityalliance.org/research/top-threats

The idea of entrusting important data to another company is worrisome. CIOs hesitate to take advantage of cloud computing because it's difficult to find a trust worthy solution partner. More importantly, cloud solutions with privacy assurance are expensive - defeating one of the very objectives of moving to cloud. Discussing all 9 major security threats isn't the objective of this blog post, neither it is in the scope; one must muse over minimizing the risks - something that doesn't just shift the fulcrum of the issue into the future but resolves the existing challenge of security concerns. 

Data Encryption
Encryption of data isn't a new practice; and adopting the same technique when we host our information on cloud can do a lot. Consider this; a user enters a customer's information in the CRM through a mobile app or browser. This information is then encrypted with a secret pair of keys and stores it over the cloud servers. Here, a secret pair of digital codes called 'keys' encrypts the data. 

And while accessing the same information, the 'keys' helps decrypt the data and presents all the relevant information on the user's screen. Hackers or impish competitors who attempt to circumvent company's protocols shall retrieve only gibberish alphanumeric characters. Who-so-ever possesses the key, the best practice is to destroy and re-generate the keys more often. 

Encryption and Tokenization
Organizations incorporate a number of AES-based formats as encryption schemes which is used to secure cloud-based data before it leaves the enterprise network, with no impact on the usability or functionality of cloud applications.

They also provide customers with the option of retaining the data on-premises while using cloud-based applications. This concept is called tokenization where actual data resides locally in a token cache and tokens that are structurally similar to the actual data are sent out to the cloud. 

Have a third-party security solution partner
Many organizations don't want to have this complex mechanism done by themselves simply because of lack of expertise in cloud computing and security. A trusted third party can help evaluate various security solutions that fit your needs and keep things simple. It's always great to have a sense of security over your sensitive data and having spent more time on your core business operations.

Though, there are disadvantages of the above mentioned concept, it certainly is one of the most robust ways to secure data.


References:
http://readwrite.com/2013/03/04/9-top-threats-from-cloud-computing#awesm=~oal7WEbQzSfKqS
http://blog.ciphercloud.com/what-the-financial-services-sector-needs-to-know-when-adopting-the-cloud-securely/
http://www.ciphercloud.com/tokenization-cloud-data.aspx

Post a comment

(If you haven't left a comment here before, you may need to be approved by the site owner before your comment will appear. Until then, it won't appear on the entry. Thanks for waiting.)

Please key in the two words you see in the box to validate your identity as an authentic user and reduce spam.

Subscribe to this blog's feed

Follow us on

Blogger Profiles

Infosys on Twitter