Too Many Cooks Spoil the CRM System | Opinions | ChannelWorld.in

PARTNER HOTLINES

%%CLICK_URL_UNESC%%

Too Many Cooks Spoil the CRM System

By David Taber on Oct 27, 2009
David Taber About the author

David Taber

David Taber is the author of the Prentice Hall book, “ Salesforce.com Secrets of Success” and is the CEO of SalesLogistix, a certified Salesforce.com consultancy focused on business process improvement through use of CRM systems.

CRM systems have varying degrees of security and privilege management, but all the serious CRM options, whether on premises or in the cloud, have fine-grained security because the data is meaningful and must be carefully controlled. CRM users, particularly in sales, will quickly discover that they can’t change things to make them look the way they want to with their normal user level data access. So they will invent a plausible reason for why they need system admin privileges, and all too often they’ll be granted full super user status in the CRM system.

And this would be a good idea, why? What trouble lies ahead? Let’s start with the fact that users haven’t been trained in the intricacies of the CRM system. They have no idea what kind of damage they can do with seemingly insignificant changes. They don’t understand the security model, the object model, the external integrations, or the workflows. Even if all they’re trying to do is move around a field on the screen, doing it wrong can wreck havoc on users and business processes they didn’t even know existed.

Fortunately, untrained admins are unlikely to actually destroy a lot of existing data. Of course they can, but usually when they’re trying to change data, it’s just their own records. As long as you have audit trails turned on, it’s fairly straightforward to reconstruct the crime.

More interesting than data damage is the risk of a super user seeing data that’s supposed to be off-limits. The more integrated your CRM system is with the rest of your IT infrastructure, the more sensitive information an administrator can see and the more process controls they can inadvertently override. This can include the full company bookings forecast, inventories, contracts, commissions, and even employee home phone numbers. You don’t have to be an attorney to shudder about the potential regulatory and legal problems here.

Fortunately, there are clearly defined best practices here. Let’s start with “just say no.” Even if there is a good reason why a manager or user needs some special privileges, the number of administrators for a CRM system should be strictly limited. I have yet to find a good reason why an organization should have more than 6 CRM administrators, and that assumes a 24x7, round-the-world operation. To be an administrator means a significant amount of training both in the classroom and on the job–and it’s not a temporary or part-time role, except in organizations with fewer than 100 users.

The system administrator role needs to include at least one person who is a data steward looking out for the health and cleanliness of data by controlling design and external data inputs. If your CRM system is highly integrated with the rest of your IT systems, the CRM data steward should be part of a larger configuration control board that manages the evolution of policy, process controls, and system changes.

Many marketing users may need to have read access to a broad scope of data, and a few need to be able to use mass-importing tools, but that doesn’t mean they should be super users. Create specific profiles and delegated administrative privileges for these users, and limit the login hours and locations for them, in order to contain the risk of abuse.

If your CRM system doesn’t have role-based security or enable delegated authority, this is one of the better reasons to have a serious conversation with your CRM vendor. Also look at the vendor’s feature roadmap: in the long run, the best security functionality must come from the platform. If they don’t have security high on the agenda it’s a signal you need to start looking elsewhere.

Latest Opinions

  • Vijay Ramachandran

    From the Editor: Take it Easy

    It’s gravity, often with you at its center, rather than inertia, that holds your organization back.

    Vijay Ramachandran
  • Yogesh Gupta

    Plainspeak: Fast and Furious

    The six-movie series of Fast and Furious and the last 120 days of the global tech market have a string of common elements—they were both fast, frenzied, frantic and of course, furious.

    Yogesh Gupta
  • Girish Khare

    Channel Partners will be Instrumental to Your Success

    A channel partner can do much more, if his expertise is optimally leveraged.

    Girish Khare
  • Vijay Ramachandran

    From the Editor: Lever Legacy Out

    It’s time to insist that all technology must come with an expiry date and head for the scrap heap.

    Vijay Ramachandran
  • Yogesh Gupta

    Become the Next Alibaba

    The 18th century tale of Ali Baba and the forty Thieves, and the Internet success of Alibaba in the 21st century have a conjoined thread—they are both fascinating , thrilling, and magical.

    Yogesh Gupta