We are in the era of digital disruption and it’s not just about companies like Uber and Airbnb. Organizations in every industry, because of the ridiculously fast pace of technology innovation, are dealing with disruption. They must develop digital transformation strategies that focus on utilizing new technologies and business models to more effectively engage with customers at every touchpoint.

Furthermore, there is clear evidence that companies that embrace digital transformation and offer a superior customer experiences are outperforming their competition in terms of attaining and retaining customers.

Today’s customers are more empowered than ever before. With almost unlimited information about your company (and your competitors) at their fingertips, it is paramount to deliver an extraordinary customer experience. To accomplish this, you need to understand and map out the customer journey. On top of that, you need to operationalize it. In our latest post disruption series post, SugarCRM’s Martin Schneider talks with Kristian af Sandeberg, the CEO at Addoptify. Addoptify delivers best-practice plug-in solutions that helps organizations bridge internal efficiency with customer centricity. Martin and Kristian discuss Addoptify’s Customer Journey Plugin for Sugar, and how visualizing and operationalizing the customer journey will increase user adoption of Sugar and drive more business.

 

 

Earlier today, we received information about a lengthy post from a member of our community regarding security issues in SugarCRM’s products and operations. Let me start by saying that SugarCRM takes product and IT security very seriously and has enjoyed a long and productive history of working with the security community. These engagements have helped improve our products and operational processes immensely. Our security protocols and policies include a prompt response to any report of security vulnerabilities or incidents by researching, analyzing, scoring, correcting and providing public notification of the issue(s), and corresponding remediation and product improvements.

Regarding today’s post, the content and issues cited are currently under review by our security, product and operations teams. As we analyze the issues, I’ll continue to post updates on this blog.

4 PM PT Update

Quick update: Our technical and operations folks are doing a line-by-line analysis of the blog post to determine the accuracy and status of the issues cited. We’ll have a more detailed update as quickly as we can work through all of them, but I’d like to shed some light on the history and structure of our SugarCRM technology and solutions.

As noted in the original post, the security issues found were based on an analysis of Sugar CE (Community Edition) open source. The Sugar CE code base comes from our previous generation of CRM product (Sugar 6.x). Four years ago, Sugar released the next and current generation of our CRM solutions (Sugar 7.x), simultaneously ending the evolution of our open source program. Thus, the current version of Sugar (version 7.9 will be available shortly) is neither the same architecture or code represented in our old CE edition. That said, there is some code that is shared between the two, so the comments raised must be reviewed in the context of the current generation of solutions as well. Regardless of version, technology or time frame, we err on the side of safety and analyze all reports, checking against all supported versions of our CRM product.

6 PM PT Update

Analysis: First results are in

Our research is ongoing, but I want to keep folks updated here.

The vulnerabilities cited in part one of the researcher’s post are described as PHP Object injection vulnerabilities. We have made a series of changes over a period of time to fully address these issues, and we were able to mitigate them through a combination of an update provided in SugarCRM 6.5.24, released in July 2016, and the PHP 5.6.25 upstream release, which occurred in September 2016. Notwithstanding, we recognize that the usage of unserialize has an elevated risk and we already have plans to move away from it in a future release.

12 PM PT Update (4/25/17)

The vulnerabilities disclosed in the second section of the researcher’s post were addressed as part of the Sugar 7.7.2.0 release, which went live October 2016. When potential issues are initially reported, we score them using the CVSS (Common Vulnerability Scoring System).  Based on impact and reach, none of the vulnerabilities in in the second section scored higher than ‘medium’. Per our security policy, issues in the medium category are addressed in the next regularly scheduled patch release. SugarCRM’s On-Demand customers have all been upgraded to 7.7.2.0 or successor versions. This release was provided to our on-premise customers as well. It’s important to note that updates based on issues scored as ‘medium’ are no longer provided to our last-generation open source Community Edition (CE), so the bloggers post no longer aligns with our current commercial products and solutions.

I should add that our prior policies reflected our view that security issues ranked ‘medium’ (in CVSS) or lower did not merit inclusion in release notes. We recognize that we can further improve transparency and will be amending this policy going forward.  

4 PM Update (4/27/17)

Three separate vulnerabilities were disclosed in part three of the post that bear on our internal support infrastructure. Two of those vulnerabilities were initially identified by the blogger in September 2016, and the third was newly reported in the post.

The first vulnerability, which enabled access to FTP account information, was fixed within 24 hours of the report.  Per our policy, we immediately notified the two affected customers of the disclosure. For each customer, we identified what information was accessed, reviewed our process and actions, and asked the customers to make certain adjustments to mitigate future risks. We also reviewed our logs for irregularities and forced the rotation of all FTP credentials to mitigate the risk of illegitimate access.  After thorough and detailed reviews, we believe that no active customer (CRM) data was accessed. In order to help mitigate these types of attacks in the future, we also immediately instituted a new customer support policy to ensure that FTP credentials are no longer accessible to customers in the context of support cases and that usernames and passwords are appropriately isolated.

The second vulnerability referred to by the researcher as “stored XSS Vulnerability” was resolved within 10 days of his September report.   

The third vulnerability, which potentially could have enabled the blogger to access cases without authentication, was newly disclosed by the researcher in his recent blog post and we promptly fixed the issue within 24 hours (on April 25, 2017).

Analyst reports can be very valuable tools when making a software purchase decision. Analysts pour over tons of details, product roadmaps, and talk to several partners and customers of the products they review.

However, G2 Crowd does it a bit different – their rankings come 100% from users like you. The peer-review concept is gaining steam, and SugarCRM is proud that its users are so satisfied with Sugar the product that they drove us into the Leader quadrant in G2 Crowd’s latest rendering of its midmarket Grid for CRM.

Best_CRM_Software_in_2017___G2_Crowd

Again, this ranking comes from nearly 150 satisfied Sugar users – and nothing else. G2 allows site visitors to peruse thousands of reviews from real, verified users. So, we’re especially proud of this honor.

If you’re a mid-sized company looking for a CRM partner, don’t take our word for it, ask the satisfied reviewers at G2 Crowd.

We are in the era of digital disruption and it’s not just about companies like Uber and Airbnb. Organizations in every industry, because of the ridiculously fast pace of technology innovation, are dealing with disruption. They must develop digital transformation strategies that focus on utilizing new technologies and business models to more effectively engage with customers at every touchpoint.

Furthermore, there is clear evidence that companies that embrace digital transformation and offer a superior customer experiences are outperforming their competition in terms of attaining and retaining customers.

If there was ever a business process in need of disruption, it’s email. In our latest disruption series video, SugarCRM’s Martin Schneider talks with Trevor Poapst, the vice president of marketing at Riva. Riva, through its CRM integration tools, provides a better way to sync SugarCRM contacts, calendars, and tasks to Outlook, Gmail, Google Apps, IBM Notes and Domino, and GroupWise. Companies use Riva to improve CRM adoption, increase sales productivity, reduce manual data entry, and reduce flip-flopping between Sugar and email applications.

Have your expectations for what your mobile CRM provides grown dramatically? We hope so. You’re right to expect more than a downsized version of the “classic” desktop experience fits on your phone. AS CRM users continue to execute more of their daily (and nightly) tasks on their phones and tablets, the mobile experience has become about providing access to the information you absolutely need, right when you need it in real-time.

With that in mind, we recently enhanced Sugar Mobile with several new features:

A Redefined User Experience – The new version introduces a redesigned user experience based on customer feedback, with improved navigation and re-ordered tabs and elements. We reduced the number of clicks needed to reach critical CRM data.

Support for Apple Touch ID – Sugar Mobile 5.0 also now supports Apple Touch ID. Touch ID is one of the most secure ways to authenticate users within iOS apps, making the login experience more convenient and user-friendly.

Enterprise Mobile Management (EMM) – Enterprises now have a better, more secure way to distribute and manage the SugarCRM mobile app with EMM support. By using “app wrapping”, Sugar administrators can control who gets access to the SugarCRM Mobile app and when. Sugar Mobile 5.0 also includes the AppConfig standard, which makes it easier for administrators to manage the app using Enterprise Mobile Management (EMM) solutions.

Deep Linking – Deep Linking allows links to be created that push a user directly into a record or page in SugarCRM Mobile. Deep links mean the user can click on a link and it will launch the SugarCRM Mobile app. Deep linking can be used to perform many tasks, including viewing, creating, and editing records.

Sugar Mobile is available for all Sugar Professional, Enterprise and Ultimate customers. It features “offline storage mode” so users can be productive even when they aren’t connected to Wi-Fi. All existing installations of SugarCRM Mobile will be upgraded to Sugar Mobile 5.0 through the phone or tablet’s native upgrade functionality. Alternatively, upgrades can be performed by searching for “SugarCRM Mobile” in the application stores of your device or using the following links:

Google Play Store

Apple App Store

We are in the era of digital disruption and it’s not just about companies like Uber and Airbnb. Organizations in every industry, because of the ridiculously fast pace of technology innovation, are dealing with disruption. They must develop digital transformation strategies that focus on utilizing new technologies and business models to more effectively engage with customers at every touchpoint.

Furthermore, there is clear evidence that companies that embrace digital transformation and offer a superior customer experiences are outperforming their competition in terms of attaining and retaining customers.

How many emails do you get per day? I’d bet the number is significant. A good number of these emails likely come from prospects that you’d like to eventually turn into customers. In order to increase your chances of doing that, it helps to capture the information from email directly into Sugar. Also, when corresponding with a prospect or customer, having the latest Sugar data right at your fingertips increases your efficiency and improves the customer’s experience when they interact with you.

Collabspot provides a seamless integration with GMail (and soon Office 365) to bring Sugar into your inbox. What’s more, the team at Collabspot is utilizing “email analytics” to provide greater insight for sales and support teams. In our latest disruption series video, check out SugarCRM’s Martin Schneider’s interview with Brandon Sellers, the vice president of Business Development and Strategic Partnerships at Collabspot.

(Editor’s Note: SugarCRM CEO Larry Augustin contributed to this blog post, which originally appeared on the Huffington Post)

Uber. Airbnb. Netflix. These brands are at the forefront of the disruptive tech we’ve seen emerge over the past few years. The way we consume media, book holidays, and order taxis and takeaways has changed beyond recognition. ‘Disruption’ has become the buzzword to describe the companies leading the charge for transforming how we use technology in our everyday lives. But then again, new technologies are introduced all the time, and they’re not necessarily disruptive. What really makes these brands disruptive is how they’ve changed the customer experience in ways that we didn’t even know we needed.

The common thread among disruptive brands — and why they’ve become such trailblazers for innovation — is the way they not only meet the basic needs of customers, but have had the vision to pre-empt ways to revolutionize their products and services to transform our lives. The mantra these disruptor brands live by is: Don’t deliver what the customer asks for; rather, deliver what he needs. As Henry Ford famously said, “If I had asked people what they wanted, they would have said faster horses.”

In other words, businesses today need to create change. Many “status quo” brands consistently tell their customers what features and functionalities they need in a solution. Disruptive brands do more than this. Of course they deliver what the customer needs from them, but they take this one step further by creating an experience for their customers which is unique and exciting. Essentially, disruptive brands reframe how the customer thinks about a problem, and then the answer maps back to their innovation. Try to think of booking a taxi without your mind wondering to the Uber app on your phone. Difficult isn’t it? The Uber brand has done what all businesses strive to do: it’s become synonymous with the industry it represents.

The idea of delivering what the customer needs versus what he says he wants — and using digital technology to create a unique customer experience — has led to some incredible stories of disruption. Take Netflix as an example. It started as a DVD-by-mail business in 1998, and, as technology caught up, it launched into streaming media and video-on-demand online.

By leveraging transformational digital technology and focusing squarely on the customer experience (i.e. making movie rentals easier and more convenient), Netflix displaced almost all of its competitors (the disrupted) in one fell swoop. More recently, Netflix again disrupted the television-watching experience. Understanding consumers’ affinity for binge-watching content, they now release entire seasons at one time.

Netflix is a simple example, but disruption is happening in every industry. Recently, my colleagues at SugarCRM visited a potential customer in Ireland. It was a long-time family business that makes uniforms — essentially, a garment manufacturer that makes uniforms for medical personnel and law enforcement. Even in this narrow business, the CEO is planning for disruption. The future of his industry is wearables: Connected clothing will change his business and he must keep up to meet his customers’ needs.

Arguably, the next frontier for digital disruption is the automotive industry. Google gets a lot of credit as a disrupter in this industry with its autonomous, self-driving car, and five years from now, we may even be able to buy one at a dealership. I’d argue that true disruption will only occur when Google or someone else completely changes the customer’s experience in the car — and I mean really change it so that it’s unrecognizable as compared with what it used to be.

What does this look like? Instead of everyone facing forward, maybe we now face each other. Maybe the back window becomes a television screen – or the car itself is a browser and its glass windows deliver an immersive Internet experience all around. Suddenly, the car is not just for shuttling passengers from point A to point B. It’s also a chance for passengers to be productive while stuck in traffic. In other words, the customer wants a car to get him from here to there, but the car manufacturers provide him with what he needs — additional time in his day to get through his to-do list. I know this is coming because there are companies already thinking about how to monetize the “new” automotive experience.