Customer Relationship Management (CRM) systems are cited as one of the major technology successes of the last decade. These 'super databases' enable the real-time sharing of information across global organisations, increasing the visibility of the sales pipeline and providing a central control of the customer experience. A far cry from the early databases which were supported in the locally networked environment, CRM systems have pushed database capabilities into the enterprise arena, providing accurate monitoring of customer information and enabling corporations to sell and market to customers through a centrally managed delivery mechanism. . . .
Customer Relationship Management (CRM) systems are cited as one of the major technology successes of the last decade. These 'super databases' enable the real-time sharing of information across global organisations, increasing the visibility of the sales pipeline and providing a central control of the customer experience. A far cry from the early databases which were supported in the locally networked environment, CRM systems have pushed database capabilities into the enterprise arena, providing accurate monitoring of customer information and enabling corporations to sell and market to customers through a centrally managed delivery mechanism.

This increased fluidity of information across multiple interfaces effectively brings customers and suppliers closer together. By its very nature, however, such free-flowing information introduces inherent risks in system security; a fact which many developers and users of these web-facing enterprise systems are now being forced to address.

Globally accessible CRM systems are built on the principal that they can be operated in real time by the user and, subject of course to locally determined permissions, allow the read and write functionality of shared information. The CRM package itself is responsible for the transfer, processing and storage of this data. As a system, it is made up of several applications that sit on top of standard web servers and database platforms, feeding information to and retrieving it from the massive database that lies behind.

It is this web interaction and multi component composition which introduces the possibility of increased security risk, even if the server (or servers in a load balanced situation) upon which the CRM is installed may be hosted in a secure and regularly tested network environment.

Many of the applications which constitute the packaged CRM solution, such as chart servers and search engines, may in fact be third party items which the CRM manufacturer has bundled with its product. Obviously it is entirely possible that these individual products have been tested thoroughly and configured in such a way that the dataflow between them is secure. But this is not what security experts are finding.

The link for this article located at ebcvg.com is no longer available.