Earlier today, we received information about a lengthy post from a member of our community regarding security issues in SugarCRM’s products and operations. Let me start by saying that SugarCRM takes product and IT security very seriously and has enjoyed a long and productive history of working with the security community. These engagements have helped improve our products and operational processes immensely. Our security protocols and policies include a prompt response to any report of security vulnerabilities or incidents by researching, analyzing, scoring, correcting and providing public notification of the issue(s), and corresponding remediation and product improvements.

Regarding today’s post, the content and issues cited are currently under review by our security, product and operations teams. As we analyze the issues, I’ll continue to post updates on this blog.

4 PM PT Update

Quick update: Our technical and operations folks are doing a line-by-line analysis of the blog post to determine the accuracy and status of the issues cited. We’ll have a more detailed update as quickly as we can work through all of them, but I’d like to shed some light on the history and structure of our SugarCRM product.

As noted in the original post, the security issues found were based on an analysis of Sugar CE (Community Edition) open source. The Sugar CE code base comes from our previous generation of CRM product (Sugar 6.x). When Sugar released the next and current generation of our CRM product (Sugar 7.x), we ended support for our open source program as well. Thus, the current version of our products (Sugar 7.9 will be shipping shortly) is not the same technology or code represented in our CE edition. That said, there is a significant amount of code that is shared between the two, so the comments raised may very well apply to the current generation of products. Regardless of version, technology or time frame, we err on the side of safety and analyze all reports, checking against all supported versions of our CRM product.

6 PM PT Update

Analysis: First results are in

Our research is ongoing, but I want to keep folks updated here.

The vulnerabilities cited in part one of the researcher’s post is described as PHP Object injection vulnerabilities. We have made a series of changes over a period of time to fully address these issues, and we were able to mitigate them through a combination of an update provided in SugarCRM 6.5.24, released in July 2016, and the PHP 5.6.25 upstream release, which occurred in September 2016. Notwithstanding, we recognize that the usage of unserialize has an elevated risk and we already have plans to move away from it in a future release.

Analyst reports can be very valuable tools when making a software purchase decision. Analysts pour over tons of details, product roadmaps, and talk to several partners and customers of the products they review.

However, G2 Crowd does it a bit different – their rankings come 100% from users like you. The peer-review concept is gaining steam, and SugarCRM is proud that its users are so satisfied with Sugar the product that they drove us into the Leader quadrant in G2 Crowd’s latest rendering of its midmarket Grid for CRM.


Again, this ranking comes from nearly 150 satisfied Sugar users – and nothing else. G2 allows site visitors to peruse thousands of reviews from real, verified users. So, we’re especially proud of this honor.

If you’re a mid-sized company looking for a CRM partner, don’t take our word for it, ask the satisfied reviewers at G2 Crowd.

We are in the era of digital disruption and it’s not just about companies like Uber and Airbnb. Organizations in every industry, because of the ridiculously fast pace of technology innovation, are dealing with disruption. They must develop digital transformation strategies that focus on utilizing new technologies and business models to more effectively engage with customers at every touchpoint.

Furthermore, there is clear evidence that companies that embrace digital transformation and offer a superior customer experiences are outperforming their competition in terms of attaining and retaining customers.

If there was ever a business process in need of disruption, it’s email. In our latest disruption series video, SugarCRM’s Martin Schneider talks with Trevor Poapst, the vice president of marketing at Riva. Riva, through its CRM integration tools, provides a better way to sync SugarCRM contacts, calendars, and tasks to Outlook, Gmail, Google Apps, IBM Notes and Domino, and GroupWise. Companies use Riva to improve CRM adoption, increase sales productivity, reduce manual data entry, and reduce flip-flopping between Sugar and email applications.

Have your expectations for what your mobile CRM provides grown dramatically? We hope so. You’re right to expect more than a downsized version of the “classic” desktop experience fits on your phone. AS CRM users continue to execute more of their daily (and nightly) tasks on their phones and tablets, the mobile experience has become about providing access to the information you absolutely need, right when you need it in real-time.

With that in mind, we recently enhanced Sugar Mobile with several new features:

A Redefined User Experience – The new version introduces a redesigned user experience based on customer feedback, with improved navigation and re-ordered tabs and elements. We reduced the number of clicks needed to reach critical CRM data.

Support for Apple Touch ID – Sugar Mobile 5.0 also now supports Apple Touch ID. Touch ID is one of the most secure ways to authenticate users within iOS apps, making the login experience more convenient and user-friendly.

Enterprise Mobile Management (EMM) – Enterprises now have a better, more secure way to distribute and manage the SugarCRM mobile app with EMM support. By using “app wrapping”, Sugar administrators can control who gets access to the SugarCRM Mobile app and when. Sugar Mobile 5.0 also includes the AppConfig standard, which makes it easier for administrators to manage the app using Enterprise Mobile Management (EMM) solutions.

Deep Linking – Deep Linking allows links to be created that push a user directly into a record or page in SugarCRM Mobile. Deep links mean the user can click on a link and it will launch the SugarCRM Mobile app. Deep linking can be used to perform many tasks, including viewing, creating, and editing records.

Sugar Mobile is available for all Sugar Professional, Enterprise and Ultimate customers. It features “offline storage mode” so users can be productive even when they aren’t connected to Wi-Fi. All existing installations of SugarCRM Mobile will be upgraded to Sugar Mobile 5.0 through the phone or tablet’s native upgrade functionality. Alternatively, upgrades can be performed by searching for “SugarCRM Mobile” in the application stores of your device or using the following links:

Google Play Store

Apple App Store

We are in the era of digital disruption and it’s not just about companies like Uber and Airbnb. Organizations in every industry, because of the ridiculously fast pace of technology innovation, are dealing with disruption. They must develop digital transformation strategies that focus on utilizing new technologies and business models to more effectively engage with customers at every touchpoint.

Furthermore, there is clear evidence that companies that embrace digital transformation and offer a superior customer experiences are outperforming their competition in terms of attaining and retaining customers.

How many emails do you get per day? I’d bet the number is significant. A good number of these emails likely come from prospects that you’d like to eventually turn into customers. In order to increase your chances of doing that, it helps to capture the information from email directly into Sugar. Also, when corresponding with a prospect or customer, having the latest Sugar data right at your fingertips increases your efficiency and improves the customer’s experience when they interact with you.

Collabspot provides a seamless integration with GMail (and soon Office 365) to bring Sugar into your inbox. What’s more, the team at Collabspot is utilizing “email analytics” to provide greater insight for sales and support teams. In our latest disruption series video, check out SugarCRM’s Martin Schneider’s interview with Brandon Sellers, the vice president of Business Development and Strategic Partnerships at Collabspot.

(Editor’s Note: SugarCRM CEO Larry Augustin contributed to this blog post, which originally appeared on the Huffington Post)

Uber. Airbnb. Netflix. These brands are at the forefront of the disruptive tech we’ve seen emerge over the past few years. The way we consume media, book holidays, and order taxis and takeaways has changed beyond recognition. ‘Disruption’ has become the buzzword to describe the companies leading the charge for transforming how we use technology in our everyday lives. But then again, new technologies are introduced all the time, and they’re not necessarily disruptive. What really makes these brands disruptive is how they’ve changed the customer experience in ways that we didn’t even know we needed.

The common thread among disruptive brands — and why they’ve become such trailblazers for innovation — is the way they not only meet the basic needs of customers, but have had the vision to pre-empt ways to revolutionize their products and services to transform our lives. The mantra these disruptor brands live by is: Don’t deliver what the customer asks for; rather, deliver what he needs. As Henry Ford famously said, “If I had asked people what they wanted, they would have said faster horses.”

In other words, businesses today need to create change. Many “status quo” brands consistently tell their customers what features and functionalities they need in a solution. Disruptive brands do more than this. Of course they deliver what the customer needs from them, but they take this one step further by creating an experience for their customers which is unique and exciting. Essentially, disruptive brands reframe how the customer thinks about a problem, and then the answer maps back to their innovation. Try to think of booking a taxi without your mind wondering to the Uber app on your phone. Difficult isn’t it? The Uber brand has done what all businesses strive to do: it’s become synonymous with the industry it represents.

The idea of delivering what the customer needs versus what he says he wants — and using digital technology to create a unique customer experience — has led to some incredible stories of disruption. Take Netflix as an example. It started as a DVD-by-mail business in 1998, and, as technology caught up, it launched into streaming media and video-on-demand online.

By leveraging transformational digital technology and focusing squarely on the customer experience (i.e. making movie rentals easier and more convenient), Netflix displaced almost all of its competitors (the disrupted) in one fell swoop. More recently, Netflix again disrupted the television-watching experience. Understanding consumers’ affinity for binge-watching content, they now release entire seasons at one time.

Netflix is a simple example, but disruption is happening in every industry. Recently, my colleagues at SugarCRM visited a potential customer in Ireland. It was a long-time family business that makes uniforms — essentially, a garment manufacturer that makes uniforms for medical personnel and law enforcement. Even in this narrow business, the CEO is planning for disruption. The future of his industry is wearables: Connected clothing will change his business and he must keep up to meet his customers’ needs.

Arguably, the next frontier for digital disruption is the automotive industry. Google gets a lot of credit as a disrupter in this industry with its autonomous, self-driving car, and five years from now, we may even be able to buy one at a dealership. I’d argue that true disruption will only occur when Google or someone else completely changes the customer’s experience in the car — and I mean really change it so that it’s unrecognizable as compared with what it used to be.

What does this look like? Instead of everyone facing forward, maybe we now face each other. Maybe the back window becomes a television screen – or the car itself is a browser and its glass windows deliver an immersive Internet experience all around. Suddenly, the car is not just for shuttling passengers from point A to point B. It’s also a chance for passengers to be productive while stuck in traffic. In other words, the customer wants a car to get him from here to there, but the car manufacturers provide him with what he needs — additional time in his day to get through his to-do list. I know this is coming because there are companies already thinking about how to monetize the “new” automotive experience.

If you’re spearheading a new CRM project within your organization, it’s important to remember you are not on an island. Your colleagues, presented the right amount of information, will likely be interested as well because everyone has something to gain from it.

In fact, “selling” project internally is critically important. If you don’t do this your whole CRM initiative will face an uphill battle right from the beginning.

There are some tried and tested outcomes that you can aim for when you first get started with a new CRM platform. It always helps to see see fast and tangible results to help get your CRM off to a great start.

These goals are designed to get a number of departments involved and motivated early on in the process, and they form a backbone to develop an organization-wide CRM strategy.

1) Help Sales to acquire new customers

New customers are something that no business would turn down. CRM is great for shaping sales behavior – giving salespeople tools, processes and information to boost their performance and win rate.

CRM helps salespeople prioritize opportunities and think smarter about working their pipelines – it’s about using a qualification process. Simple and effective!

2) Help Account Management  boost revenue with customers

One of the most important things you can do with CRM is more deeply understand your customers so you can better anticipate and serve their needs.

Getting account management features set-up from the start brings customer information together in a digestible way so you can profile customers and help account managers plan their cross-sell / up-sell activities.

3) Help Marketing to engage more effectively

CRM helps you understand your audiences and engage with them meaningfully. It can also measure the effectiveness of your marketing campaigns so you can do more of what works and less of what doesn’t.

By measuring marketing effectiveness, CRM can form a closed-loop system that lets you track responses and attribute leads to specific campaigns – even when engaging offline.

4) Enable effective, efficient customer service

Streamlining customer service and giving agents better support reduces costs and boosts customer satisfaction.

Customer service reps can can tackle inquiries quickly and independently when they’re supported with the right tools, workflows and information in CRM.

5) Provide business intelligence that lets everyone act on fast

Practically everyone in an organization benefits from being able to monitor and measure performance. CRM helps you keep an eye on anything that’s meaningful, from headline figures to granular detail.

By setting up dashboards looking at leading indicators and how they affect outcome goals, helps you improve as an organization.