What are the risks of open source CRM?
Open source software, including open source CRM, is incredibly popular. Not only is it free to access, but it can be adapted and refined providing you with exactly the type of CRM that your business needs at a low cost. In addition, if the adaptations to the open source software can be made in-house rather than you having to pay a developer, you can accrue even more cost savings.
Users love it because it is cheap and easy to use, and developers find that it provides them with a good base from which to start building highly customized CRM systems. But whilst open source CRM software comes with so many benefits, do company owners and managers actually take note of the risks involved? And if so, what should they do to monitor and manage them?
Possible risks of using open source CRM
Let’s take a look at the advantages of using open source CRM software and how they can result in problems being created:
- Free to use
- Free to distribute
- Free to adapt
- Free to share
As you can see, it has deliberately been created in a very open environment, making it possible for anyone to access the source code and even add harmful code to the software as it stands. So the big question is: how can your company overcome the risks of using an open source CRM? There are methods and processes that you or your developer should follow in order to minimize harm, ensuring that your business is protected.
Some of the possible risks that you may face are:
- The presence of malicious code - how can you find out if any is present and what possible damage it could bring about?
- Tailoring the software to suit your needs – add to this support/maintenance/ license fee costs and the benefits may not be so attractive.
- Weak spots in the source code – these could result in breaks in the system and a loss of confidentiality, integrity, security and ultimately, availability.
- Lack of a strong open source inventory management system - if you don’t keep track of the open source software that you are using, this may result in unrecorded software being used and possible legal license/security risks. List all open source components used to develop your CRM software showing versions in use and where you downloaded from.
Controlling OSS risks
The best way for your company to overcome these risks is to put in place and strictly adhere to an open source control process. This should include such things as putting in place:
- A definitive inventory of all open source software being used.
- Processes that are clearly defined, ensuring that your developer or in-house team know exactly what should be used and that they adhere to sign-off procedures.
- Precise controls for patch management.
- Secure connections within the open source CRM to other software in use within all departments.
By following these steps, and maybe adding a few of your own as suggested by your developer or in-house IT team, you can minimize the risk associated with open source CRM. With cybercrime constantly on the up and online criminals always seeking ways of identifying any weaknesses in IT infrastructure, businesses of any size can be hit and their most vulnerable spots being shot wide open.
For full peace of mind and as a way of minimizing your company’s vulnerability, a carefully thought out and concentrated control framework can enable you to make use of the many advantages of open source CRM software without putting your company at risk.
Featured white papers
CRM software selection checklist
Plan your CRM selection project with over 100 actionable steps to successDownload
CRM pricing guide
Your completely up-to-date guide to CRM pricing in 2019Download
Mastering CRM demos in five easy steps
Use CRM vendor demos to make the best selection decision with this guideDownload
Is there a place for on-premise CRM?
The advantages and disadvantages of on-premise CRM
10 of the best CRMs for project management
Ten top project management CRMs to kickstart your selection shortlist
What should you know before scheduling a CRM demo?
What you should know about a CRM system and vendor before demoing