Salesforce's data security woes are but one area of concern for those checking out hosted CRM. Recently Auckland, New Zealand-based industry observer David Watson reported that the New Zealand Police "cancelled a tender for a Web-based CRM system because the preferred vendor could not meet security requirements."
The police had been seeking a CRM system, Watson writes, "to be provided either as a hosted service or housed on their own servers, but the tender was cancelled because the proof of concept failed." The potential vendor was not identified by Watson.
NZ Police procurement manager Peter Rendall said in a prepared statement that "this tender was terminated at the proof of concept stage, as the preferred vendor was not able to meet with the police security requirements."
Hosted CRM systems have been gaining in popularity in recent years, as Watson says, "as they have a flat per-monthly charge and are provided on a rented, or SaaS basis."
However, as Salesforce.com is learning to its chagrin, "not wanting sensitive data hosted off-site has been cited as a reason by some organizations for preferring to keep to the in-house, on-premise CRM model," Watson says.
Industry observer
Stacy Cowley was one of the first to catch a whiff of the Salesforce.com phishing disaster, as she (presumably, apologies if not) posted on her blog back on October 23 that "payroll services firm ADP put out a warning last month about a phishing scam targeting its clients."
The note said the initial attack was made on a third-party "business contact" information system that ADP uses to hold client and other third party information, and that ADP determined that the stolen e-mail contact information in this database is being used to notify clients and others with the "from" address spoofed to look like a valid ADP e-mail address."
As Cowley reported, "multiple sources, including the
Washington Post, now say that third-party database was Salesforce.com. ADP has long been one of Salesforce.com's marquee enterprise accounts; it has more than 7,000 licensed users on Salesforce.com's CRM system."
She noted that Salesforce.com's trust.salesforce.com portal, "created in the wake of a spate of outages to reassure customers and prospects about Salesforce.com's uptime, includes primers on avoiding phishing and spoofing attacks."
As Cowley noted at the time, "Something bad went down with a customer, and no, Salesforce isn't going to talk about it.”
--------
David Sims is a contributing editor for ContactCenterSolutions. To see more of his articles, please visit his columnist page.