Thinking About SaaS Risks – Part 1: Data Security

Andrew Staples —  October 5, 2015 — 4 Comments

If last year’s Sony hack reminded everyone that not securing your own data can be embarrassing, the recent Ashley Madison fiasco proved that failing to secure your customers’ data can be a whole lot worse.

The frequent headlines about cyber security breaches and hacking, along with concerns about data snooping by governments around the world, have caused many to inquire just how secure the data inside their CRM solution might be. They are right to ask. With so much customer data at stake, there is a lot to think about with CRM security.

Let’s look at what can go wrong:

Earlier this year, the FCC fined AT&T $25 million for data security and privacy violations that exposed about 280,000 U.S. customers’ names and full or partial Social Security numbers. The breaches occurred when employees at call centers used by AT&T in Mexico, Colombia and the Philippines accessed sensitive customer data without adequate authorization. According to the FCC, the employees took payment from third parties who were looking to use customer names and Social Security numbers to unlock stolen cell phones for sale on secondary markets.

More than 68,000 accounts were accessed without authorization, and more than 290,000 unlock requests were submitted by third parties through an AT&T online portal. The FCC also discovered that roughly 40 company employees in the Philippines and Colombia had accessed about 211,000 customer accounts for the same illicit purposes.

The $25 million fine is just the beginning of trouble. Even more painful and costly are the remediation and communication efforts with affected customers, and lost business that results when breaches are disclosed.

Hosting customer data in someone else’s cloud raises justifiable concerns about security. Customers need to know what levels of security the host is providing and need to address some critical questions:

  • What protection mechanisms are in place to prevent someone from hacking into the host?
  • Is there 24/7 monitoring to make sure that employees are not accessing data that should be off limits to them?

Deploying SugarCRM via the SaaS model (Sugar On-Demand) means multiple layers of protection and security. The Sugar application is hosted in Tier 1 data center facilities around the world. These data centers are protected by powerful physical security mechanisms such as 24/7 secured access with motion sensors, video surveillance, and security breach alarms. SugarCRM security and infrastructure components include: firewalls, robust encryption and sophisticated user authentication layers.

SugarCRM understands that data is a critical component of the daily business operations of its customers and that it is essential to ensure the privacy and protection of data regardless of where it resides. SugarCRM takes a holistic, layered and systematic approach to safeguarding that data and is constantly evaluating, evolving and improving the privacy and security measures it has in place. SugarCRM also offers customers the option to deploy Sugar on-premise, as well as in hosted and hybrid configurations, flexing to meet the broadest range of security and regulatory requirements.

For more information about our security related policies, please click here.

4 responses to Thinking About SaaS Risks – Part 1: Data Security

  1. 

    Good article! Also, in today’s world of uncertain, there are also lots of geo-political risks. The Safe Harbor may not be so same.
    http://venturebeat.com/2015/10/25/the-u-s-worries-russia-will-cut-undersea-internet-cables-during-times-of-conflict/
    It’s best to localize/store data as near to end users as possible.

  2. 

    Insightful article! Indeed, virtual data protection is really important these days. I find it necessary when running data room service.

  3. 

    Informative indeed. One of the major pitfalls SaaS/Cloud service has is that of some issues regarding privacy and security. I do think it is brought about by the fact that SaaS will entitle a third party into ones private data. However there are fraud detection and prevention services offered that are actually good countermeasures against privacy and security glitches among Saas/Cloud users. There are also SaaS support teams (e.g. Lirik – http://lirik.io/) available to assist matters with regard to SaaS.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s