What are the risks of open source CRM?

Open source software, including open source CRM, is incredibly popular.  Not only is it free to access, but it can be adapted and refined providing you with exactly the type of CRM that your business needs at a low cost.  In addition, if the adaptations to the open source software can be made in-house rather than you having to pay a developer, you can accrue even more cost savings.

Users love it because it is cheap and easy to use, and developers find that it provides them with a good base from which to start building highly customized CRM systems. But whilst open source CRM software comes with so many benefits, do company owners and managers actually take note of the risks involved?  And if so, what should they do to monitor and manage them?

Possible risks of using open source CRM

Let’s take a look at the advantages of using open source CRM software and how they can result in problems being created:

• Free to use
• Free to distribute
• Free to adapt
• Free to share

As you can see, it has deliberately been created in a very open environment, making it possible for anyone to access the source code and even add harmful code to the software as it stands.  So the big question is: how can your company overcome the risks of using an open source CRM? There are methods and processes that you or your developer should follow in order to minimize harm, ensuring that your business is protected.

Use our exclusive open source CRM buyer's guide to learn everything there is to know about open source CRM features, implementation, and cost

Some of the possible risks that you may face are:

• The presence of malicious code - how can you find out if any is present and what possible damage it could bring about?
• Tailoring the software to suit your needs – add to this support/maintenance/ license fee costs and the benefits may not be so attractive.
• Weak spots in the source code – these could result in breaks in the system and a loss of confidentiality, integrity, security and ultimately, availability.
• Lack of a strong open source inventory management system -  if you don’t keep track of the open source software that you are using,  this may result in unrecorded software being used and possible legal license/security risks.  List all open source components used to develop your CRM software showing versions in use and where you downloaded from.

Controlling OSS risks

The best way for your company to overcome these risks is to put in place and strictly adhere to an open source control process.  This should include such things as putting in place:

1. A definitive inventory of all open source software being used.
2. Processes that are clearly defined, ensuring that your developer or in-house team know exactly what should be used and that they adhere to sign-off procedures.
3. Precise controls for patch management.
4. Secure connections within the open source CRM to other software in use within all departments.

By following these steps, and maybe adding a few of your own as suggested by your developer or in-house IT team, you can minimize the risk associated with open source CRM.  With cybercrime constantly on the up and online criminals always seeking ways of identifying any weaknesses in IT infrastructure, businesses of any size can be hit and their most vulnerable spots being shot wide open.

For full peace of mind and as a way of minimizing your company’s vulnerability, a carefully thought out and concentrated control framework can enable you to make use of the many advantages of open source CRM software without putting your company at risk.