This increased fluidity of information across multiple interfaces effectively brings customers and suppliers closer together. By its very nature, however, such free-flowing information introduces inherent risks in system security; a fact which many developers and users of these web-facing enterprise systems are now being forced to address.
Globally accessible CRM systems are built on the principal that they can be operated in real time by the user and, subject of course to locally determined permissions, allow the read and write functionality of shared information. The CRM package itself is responsible for the transfer, processing and storage of this data. As a system, it is made up of several applications that sit on top of standard web servers and database platforms, feeding information to and retrieving it from the massive database that lies behind.
It is this web interaction and multi component composition which introduces the possibility of increased security risk, even if the server (or servers in a load balanced situation) upon which the CRM is installed may be hosted in a secure and regularly tested network environment.
Many of the applications which constitute the packaged CRM solution, such as chart servers and search engines, may in fact be third party items which the CRM manufacturer has bundled with its product. Obviously it is entirely possible that these individual products have been tested thoroughly and configured in such a way that the dataflow between them is secure. But this is not what security experts are finding.
The link for this article located at ebcvg.com is no longer available.
