Blog
Contact UsFor CRM users and strategists, the inherent value of centralizing customer data for the purposes of collaboration and presenting a single face to the customer is well understood. The goal is to break down functional and individual silos to bring value to the customer relationship and encourage an open means of communication, management, planning and support. Current and historical customer data represents tremendously valuable intellectual property and institutional memory that lives beyond the attrition of any individual in the organization.
Having said that, what happens when the vision becomes a reality? What happens when this valuable IP is readily accessible at the fingertips of your sales reps? These questions are often met with a feeling of gratitude and accomplishment at first, but that feeling is soon followed by a sinking feeling that resembles that of the first time you realized that you left your teenager home alone for the weekend. You want to trust that they will do the right thing, but there is that part of you that is not so sure.
How does an organization balance the benefits of deploying on enterprise CRM solution with the challenges protecting corporate IP? If you open up your data to be completely “collaborative,” are you being reckless? If you lock it down into silos, are you any better off than you were before?
Remember your objectives
Before you hit the panic button and lock down the system to the point where there is no possibility for collaboration, remember your core objectives. The security model can be no more restrictive than the business processes that have been established. For example, customer service cannot better service the customer without any visibility into the activity surrounding that customer. When designing your system, include thoughtful steps to ensure that users have enough information to service their customer base, but this doesn’t necessarily mean that they need the keys to the entire castle. Categorize the data needs of individual and groups of users to make sure you are striking the correct balance.
Separate real security issues from paranoia
There are legitimate security concerns that impact the competitive position of the organization. There may also be legal obligations imposed by regulation or commitments to customers that must be honored as part of your design. These issues need to be accounted for in your requirements, and your CRM system’s security model must be robust enough to accommodate them.
A separate class of concern arises out of paranoia of what might happen if customer information is viewed, shared, printed, downloaded, or stolen. Security breaches are much more likely to come from an internal source than an external one. The decisions made to address this type of concern need to weigh the risks against the opportunity costs of locking down the data. The answers are generally not black and white, so be prepared to compromise and live with at least some level of risk.
Leverage technology
The tools used to manage customer data will allow you some flexibility to be creative in the information you choose to share vs. protect. As part of your data categorization effort, identify whether it is necessary to secure entire classes of data, only certain records, or maybe just particularly sensitive data fields. The trade-off here is that, the more exceptions you make, the more complex the administrative effort is going to be maintain the system.
Trust, but verify
When addressing change management, we generally try to suppress the notion of a CRM system being used as “Big Brother” to the sales force. However, there is some validity to the need to monitor activity and look for behavior that may create cause for concern. The use of activity reports and logging of usage information can be helpful in identifying trends.
When security concerns still remain, some organizations have drafted non-disclosure agreements and usage policies for all of their CRM users to sign. As a last resort, this can provide your organization with some legal protection and also helps to reinforce the sensitivity of the data with the users.