Too Many Cooks Spoil the CRM System

The more integrated your CRM is with the rest of your IT, the more sensitive information an admin can see and inadvertently override.

By David Taber
Opinion Oct 27th 2009

CRM systems have varying degrees of security and privilege management, but all the serious CRM options, whether on premises or in the cloud, have fine-grained security because the data is meaningful and must be carefully controlled. CRM users, particularly in sales, will quickly discover that they can’t change things to make them look the way they want to with their normal user level data access. So they will invent a plausible reason for why they need system admin privileges, and all too often they’ll be granted full super user status in the CRM system.

And this would be a good idea, why? What trouble lies ahead? Let’s start with the fact that users haven’t been trained in the intricacies of the CRM system. They have no idea what kind of damage they can do with seemingly insignificant changes. They don’t understand the security model, the object model, the external integrations, or the workflows. Even if all they’re trying to do is move around a field on the screen, doing it wrong can wreck havoc on users and business processes they didn’t even know existed.

Fortunately, untrained admins are unlikely to actually destroy a lot of existing data. Of course they can, but usually when they’re trying to change data, it’s just their own records. As long as you have audit trails turned on, it’s fairly straightforward to reconstruct the crime.

More interesting than data damage is the risk of a super user seeing data that’s supposed to be off-limits. The more integrated your CRM system is with the rest of your IT infrastructure, the more sensitive information an administrator can see and the more process controls they can inadvertently override. This can include the full company bookings forecast, inventories, contracts, commissions, and even employee home phone numbers. You don’t have to be an attorney to shudder about the potential regulatory and legal problems here.

Fortunately, there are clearly defined best practices here. Let’s start with “just say no.” Even if there is a good reason why a manager or user needs some special privileges, the number of administrators for a CRM system should be strictly limited. I have yet to find a good reason why an organization should have more than 6 CRM administrators, and that assumes a 24x7, round-the-world operation. To be an administrator means a significant amount of training both in the classroom and on the job–and it’s not a temporary or part-time role, except in organizations with fewer than 100 users.

The system administrator role needs to include at least one person who is a data steward looking out for the health and cleanliness of data by controlling design and external data inputs. If your CRM system is highly integrated with the rest of your IT systems, the CRM data steward should be part of a larger configuration control board that manages the evolution of policy, process controls, and system changes.

Many marketing users may need to have read access to a broad scope of data, and a few need to be able to use mass-importing tools, but that doesn’t mean they should be super users. Create specific profiles and delegated administrative privileges for these users, and limit the login hours and locations for them, in order to contain the risk of abuse.

If your CRM system doesn’t have role-based security or enable delegated authority, this is one of the better reasons to have a serious conversation with your CRM vendor. Also look at the vendor’s feature roadmap: in the long run, the best security functionality must come from the platform. If they don’t have security high on the agenda it’s a signal you need to start looking elsewhere.