Security

"What I really like about LinxCRM is that it's NOT on-line! I don't like my database going anywhere out of my control!" |  More feedback

Regain Control of Your Database


Data breach alerts

The great buzz-word these days is the "cloud". But have you really thought about the implications for your business? It could mean losing control of your database!

That would be bad enough in a non-finance world, but in finance you are the custodian of some very sensitive information so the risks are magnified.

By contrast, LinxCRM is an on-premise solution and yet offers you all the benefits of remote-access to your data and off-site backups, without the risks of your data being internet-facing or "in the cloud".  To help understand the difference in approach it might be best to define some terms:

  • "Cloud system" - Most people use this generic term to mean any software that does not reside on their local computer or device. An example would be Office 365 which is hosted by Microsoft for a monthly fee. Some people might use an online CRM system or even an online accounting system.  Both the application program and the data are "out there somewhere" - in the cloud, that is, in an unknown location or locations.
  • "On premise" -  This is where both the program and data reside on your premises, such as your office or home office. In a group environment it is typical for several people to be able to share the same data, which is on a central PC or a NAS drive. A typical example might be an internal accounting system.
  • "Private cloud" - This is the term often given to a clever combination of the above, where the program and data reside in a known physical location (either at your premises or hosted by a third party) and yet is available to your staff from wherever they are - in the office, at home or travelling. Private cloud systems are vastly more secure because you know where the data is and can maintain control. It is also not "internet facing" in the usual sense but sitting behind robust "thin-client" systems such as MS Windows Server. (Here's a quick explainer from Microsoft.)

LinxCRM can be used in either of these last two environments - keeping you in control of your data and reducing your exposure under the Privacy Act or similar legislation.

Of course, aggregators and other industry groups may try to persuade you to use their web-based systems in order to keep you "sticky". (Once you commit to their system you are less likely to join a different aggregator down the track.) Similarly, other software houses have produced web-based systems which they claim to be superior to on-premise systems. But before committing to any kind of cloud system we recommend some background research into the security risks.


What the experts say

Here's one of Microsoft's own security experts speaking in a conference promoting cloud computing, but cautioning again inappropriate use:

 

"Cloud computing is not always the right solution. If you need to protect
 your data behind a firewall then the cloud may not be the answer
."
Internal Microsoft Security Analyst speaking at TechEd Australia, Gold Coast, Qld, August 2010


Clearly there are right applications for cloud computing (such as non-sensitive data) and wrong applications (such as confidential business records).

Here are some other issues raised in the same Microsoft conference:

  • "Malicious insiders" - these are employees of the service provider, software house or data centre who see an opportunity to make money by selling your database. (In the case of financial services this is a considerable risk since identity theft is rampant. Just imagine what a malicious insider could do with your client's drivers licence, passport and bank account numbers!)
  • Account or service hijacking - this is where your services can be intercepted remotely to allow theft of data.
  • Sovereignty - this refers to where your data is physically located and the implications that this might have. For example many data centres are overseas. How does that affect your liability under the Privacy Act which has rules against the transfer of data overseas?
  • Unsubscribing - if you cancel your service, how do you know for sure that your data has been deleted?

Similarly, when one of our Directors was visiting Microsoft Headquarters in Redmond, USA, a senior Microsoft executive (their Marketing Manager, Small Business), was very clear in his warning: "Make sure you don't end up in jail. Customer details get out on the internet at an alarmingly high rate." 

 

Australian Banking Industry

Westpac, one of Australia and New Zealand's leading banks, has also made clear their position regarding data storage. In relation to one of their subsidiaries, RAMS Home Loans, it prohibits the storing of any CRM data on any third-party servers outside the Westpac/RAMS system. Several RAMS branches therefore use LinxCRM to help comply with this requirement. 


Legal ramifications










 

So why is the Cloud so heavily promoted?

Despite such risks, small business is constantly bombarded with offers of cloud services. Why is that? We hate to be cynical but, from inside the industry, we can say with certainly that the primary reasons are commercial:

  • So that you have to keep on paying. If you stop paying, you no longer have access to the application or data so, once you start, it's almost impossible to go back, thus providing a very attractive income stream for the service provider.
  • In the financial services industry, as mentioned above, it is to keep you "sticky" - making it hard for you to move your business to an alternative aggregator or group.

To illustrate the above points, a Jan 2012 Microsoft newsletter to their reseller partners had an article entitled "Turn the cloud into your next Cash Cow!" and went on to recommend that they "Start milking this opportunity..."!


LinxCRM - secure system

Protecting your independence

But it's not all about security in the usual sense. Keeping your database on-line can also be a threat to the very survival of your business in another way.

Can you imagine having a dispute with your aggregator, franchisor or other service provider? Would they have the ability to cut you off from your database? We have heard of several cases where this has happened and it has presented a serious risk to the businesses affected. Even if you left them under good terms, can you guarantee that you will be given all your CRM records, complete with supporting documentation, diary history and commission records? Can you rightfully argue that the data is yours or is there a clause (or sufficient ambiguity) in your contract to give them an excuse not to hand everything over?

LinxCRM gives you back your independence and respects your right to ownership of the data. You regain control of your database. You even have the option of buying the software outright so you can use it indefinitely without further cost if you wish. You also get the substantial bonus of having a system which will independently check your commissions.



What about off-site backups and remote access?Off-site backups

One of the few claimed advantages of on-line systems is that you don't need to backup your data - "it's all done for you".  Another claimed advantage is that you can access it from anywhere.

LinxCRM can give you both these features, and without the unnecessary risks. Our Help Desk can provide further information on how to create encrypted, off-site backups and how to access your data, securely, from anywhere in the world.

This can include attachments to files such as pdfs, spreadsheets, Word documents and even photographs, all stored in the FileStore system.

(Incidentally, another claimed benefit of cloud computing is a saving on hardware. This may be true for large government and corporate users who require massive servers and then could just manage with desktop systems to access those remote servers. But, for small business users, they only generally user smaller computer systems anyway, so there is unlikely to be any significant savings to be made).



Storm clouds approachingForecast: Storms approaching

Based on the above-mentioned risks we believe that cloud computing is a totally inappropriate medium for financial services data. Apart from the risks of your being cut off from your data due to a potential dispute with your service provider, aggregator or franchise group there is the ever-increasing risk associated with identity theft. We predict that this problem will get worse over time and some in the finance industry may ultimately be held legally liable.




Compare the pair

In summary, here's a quick comparison of cloud-based systems compared with LinxCRM:


Risk

Cloud

LinxCRM

Data Security

Location often unknown.
Open to malicious insiders.
Service open to hacking.
Risk of identity theft.

Location known.
Under your control.
File attachments all at hand.

Business Interruption

Can be switched off without notice.
Prone to internet service interruption.

Purchase option guarantees supply.
If local, not prone to internet service interruption.

Costs

You keep paying if you want access.

Can purchase outright at reasonable cost.

Remote access

Accessible from any internet PC.

Accessible from any internet PC via private cloud (thin-client) login.

Other

Privacy Act - potential breach if data stored overseas.

Under your control.


So, on balance, whether your cloud-based system is hosted with an aggregator, franchise group or other third-party, all the risks are one-sided - on you. By contrast LinxCRM gives you all the benefits and none of the risks!


Additional reading

Recent security issues

You can find out much more about the risks of standard cloud computing by searching the internet. Here's a small selection of suggested additional reading. (Note most are third-party sites and may contain advertising):

 

Deloittes client records get hacked from Microsoft Azure. - The Guardian 25/09/2017


Equifax credit records hacked. - The Guardian 07/09/2017


"All of us were wrong, and because of that, all of us are now vulnerable." - Mark Pesce


"Up to 500 million computers at risk of hacking." - ABC News


Recent Data Breaches: Secure Sentinel


About.com: Network Security Tips for the Paranoid

 

Wall Street Journal: To Cloud or Not to Cloud

 

Storm warning for cloud computing