44 ◾ Security Strategy: From Requirements to Reality
policy focused on the customer and then redefi nes company policies, processes, and procedures
based on understanding its current customer base, what satisfi es them, and what it will take to
attract new customers.
e theory is that changing your business model to a customer-centric one will help your
company become more profi table by gathering customer data that helps you satisfy their needs.
e security function is an important aspect of an enterprise that is moving in this direction. For
instance, as company processes become more customer-centric, security can help a company avoid
costly mistakes by providing security policies, processes, and control measures designed to ensure
the confi dentiality of customer data, including document-shredding requirements, clean desk/
locked cabinet policy, and customer data accountability for terminated employees.
Although CRM originally started as a category of software tools, this discipline has grown to
include a companywide business strategy approach, including all customer-facing sectors of the
greater enterprise. Implementation of CRM can dramatically impact the revenues and success of a
company. A CRM approach changes the way marketing, sales forces, and customer service sectors
do business through analytical capabilities integrated throughout these organizational groups.
Software vendors such as Oracle, Microsoft, SAP, Amdocs, and Salesforce.com are designing
CRM software and systems for the marketplace. A most notable trend has been the recent growth
of tools delivered via the Web, particularly the development of cloud computing, which drastically
reduces the costs of utilizing a CRM approach in small and medium companies. Companies like
Google, Signals, Zoho, Dropbox, and MailBigFile are rapidly developing cloud services that allow
business to save time and money in CRM applications.
In companies that are utilizing CRM data, it is important to have security policies in place
before CRM is made fully functional. It is also important to create security policies for the
customer that are clear, respectful, and nontechnical and provide easy access to help informa-
tion. In a holistic approach to CRM, security will want to work with the entire value chain from
subcontractors to the customer to ensure secure processes and seamless policies throughout the
value chain.
In a recent Enterprise Security Today article titled “Protecting CRM Customer Data Requires
Vigilance,” Sanjeet Mall, a CRM architect at SAP, is quoted as saying, “Companies should con-
sider the issue of CRM and customer data security critically important, and this is true for com-
panies of all sizes…. Considering the regulations around customer information plus the value of
keeping it secure, companies really need to think about security as part of a holistic IT governance
strategy…. CRM is just one application, but customer data lives in many parts of an organization,
typically connecting to ERP or fi nancial systems, supplier management systems, or even living
outside the company if in a CRM on-demand solution, and so on.”
e lessons learned so far in companies that have begun to implement CRM are the need for a
clear strategy, risk assessments, benefi ts analysis, and cost quantifi cations in these areas: processes,
people, and technology. Poor planning, adoption, implementation, integration, and lack of a solu-
tion focus can create disappointing results.
Customer Value Management (CVM)
Many groups have been looking at Customer Value Management (CVM) as the next strategic
step in better utilizing customer data. Companies are looking at how CVM can help their orga-
nization make better use of their CRM strategies and programs. e premise of CVM is that a
company must develop the right strategy for attracting and keeping the right customers by pro-
viding better value for them than competitors can. is requires the entire company to focus on
TAF-K11348-10-0301-C003.indd 44TAF-K11348-10-0301-C003.indd 44 8/18/10 3:03:08 PM8/18/10 3:03:08 PM