IT Governance and Law - Report Example

? of Institute] of Discipline] ‘IT Governance and Law’ ‘In-House CRM Software versus Cloud Based CRM’ [Name of Student] [Date of Submission] INTRODUCTION The advent of information technology has boosted the globalization arena. Information systems are one of the most cherished of inventions of the modern times. Removing the distances between man and machines the information systems not only bridge the gap but also enhance the productivity of the computing machines themselves. This is mainly owing to the increasing usability that is achieved by the deployment of information systems. CRM or Customer Relationship Management is the process whereby all the information relative to a customer linked to an organization is properly catered. This is done mainly with the help of information systems. Proper handling of information relative to customers is the key to the prosperity of any organization. The processing of customer related information such that it becomes the center of the information flow of any organization is the core responsibility of the Customer Relationship arena or CRM. Traditional CRM systems have been promoting the business arena for a number of years now. Benefitting from their services organizations have also evolved with the increasing technological advancements. The way CRM systems have incorporated with the emerging phenomenon of Cloud Computing and what the implications of such incorporation may be are integral need of the day discussions. The report is aimed such that the relativeness of CRM systems is narrated first as an introductory term and then as a discussion evaluating the significance of the conventional old systems and the new cloud incorporated systems. Figure 1: Customer Relationship Management. Source: http://dl.sugarforge.org/training/training/IntroductiontoCRM/CRM_Fundamentals.pdf WHAT IS CRM? CRM or Customer Relationship Management refers to the management of information relative to a customer for the organization. The software system that is incorporated just in order to achieve integrated customer data management is termed as the CRM. CRM software systems are designed so as to suit the organizational structure of each respective business environment. Customized particularly to each business’ needs CRM systems not only manage data but also result in the overall analysis and prosperity of sales figures. CRM for Investment broker? The main services that a Retail brokerage firm offers are collectively termed as Wealth Management Services. These include coverage of stock trading for individual investors, investments in different mutual funds and other financial products like insurance products. They also offer advisory services to strengthen their relationship with their customers. A new class of customer relationship managers has emerged that focused specially the business of offering financial services. Due to this development it is extremely essential for the Retail brokerages to opt for a sophisticated and proven Customer Relationship Management system in order to achieve better productivity, customer satisfaction and yield. What is cloud? The term cloud has become much prevalent nowadays. The cloud, in common words, may be referred to as a collective pool of resources which can be accessed by multiple users. The usage of the resources on the cloud is often associated with the authorizations given to the users but as per need the resources may be made publically accessible as well. The core concept of cloud, in a formal definition narrated by the National Institute of Standards and Technology (NIST) the organization terms cloud as: A model that provides accessibility to a set of resources being made available in the form of a pool. The resources are linked to network access of the on-demand type, which is being provided with suitability. The examples of the shared computing resources may be networks, storage areas, services, applications and servers etc. These readily available resources are available with very little effort and interaction from a service provider who is actually offering the cloud facility to the users. The cloud models are commonly characterized with the presence of essential characteristics which are five in number, three service models and deployment models which are five in number. (NIST) Introduction to SaaS Delivering applications over the internet in the form of a service is often termed as Software as a Service or Saas. The provisions that the Saas provides is that instead of installing devices and application software on each and every system within your organization you only simply need to get connected to access all the required hardware and software resources via internet. There, these services are being offered as a service. This concept of Saas frees the user from a series of complex issues that arise if all the software and hardware are being managed locally. (Salesforce, 2000) SaaS is commonly referred to as a software which is based on web or one which is On-Demand, that is, meaning to say that it is made available only which its need arises and in the rest of the times its management, accessibility and handling issues are foreign to the user. These applications and software are designed in particular to work on the servers of the provider of the service and not on the client’s local domain. Since the software as a Service is managed completely by a separate provider, its management issues and security problems are also not the concern of the users or the clients. Software as a Service or SaaS is being referred to as one of the most advanced and rewarding information systems applications to have been invented so far. The transferring of resources fro on site premises to a network accessed pool of resources is often referred to as a transfer from a fat client to a thin client. Saas relieves organizations of the need to make extensive purchasing of hardware and software packages for their extensive office environment. SaaS as a cloud based CRM? A CRM which is based on cloud simply means that the entire IT related environment that is needed to a customer related data is not required to be installed on the on-site premises of an organization but instead can be accessed via network connectivity. The application software IT based resources that are being accessed via network are storage databases etc. Al the CRM related resources can now be accessed via the internet instead of being installed and incorporated separately on each individual desktop system. The biggest edge this sharing gives is that each individual from the organization may it be a common worker or an executive, can all access the set of information and resources readily and in realtime. As long as access to the internet is maintained, the accessibility to the CRM software is established as well. Via the help of a cloud this is done in a more effective, timely and less costly manner. Cloud eliminates the need for purchase of extensive hardware by businesses. The same set of CRM information can be accessed from multiple locations whether that may be from any physical locations. Due to convenience and usability Cloud is the growing trend in businesses enabling suability and What is On-Premise CRM? On-Site CRM is just the kind of traditional CRM that has benefitted organizations since years. Conventional CRM software is installed on each and every computing system within the organization and has often been considered as flexible and convenient. SaaS CRM BENEFITS The characteristic features of SaaS are basically the ways that can undoubtedly be accounted for as its benefits as well. These factors are as stated underneath: Dropping of Total Cost of Ownership SaaS brings a drastic reduction in the Total Cost of Ownership. Over the years research has narrated that the Saas implementation of CRM lessens computing as well as Total cost of Ownership as compared to the conventional on site CRM systems. Implementation Risks Decrease SaaS is a cloud based service provider in which most of the infrastructure is taken care of by the service provider and does not have to be taken care of by individual users. This is the main reason why the risks involved with infrastructure setup and implementation are eliminated and lessen to a very low scale for the individual users. Software related issues like selection and installation, practical usability, licensing and security issues all become foreign to the user and are inadvertently taken care of by the SaaS service provider themselves. Software Implementation Accelerated Software implementation is far more accelerated in cloud based CRM. This is owing to the fact that since all the applications are being accessed via the cloud service provider; the user/client does not need to take care of any technical details at all. As a result the software startup time reduces and at the client end no time is spent on the structuring and implementation of the software. The CRM projects that are based on SaaS are thus faster and result in quicker completion than their conventional counterparts. The SaaS based CRMs are eventually characterized and signature as being faster in startup. Expertise via Outsourcing The embedding of IT systems and their CRM modules with Saas becomes beneficial for the company as a whole. Via Saas a number of tasks relevant to an organization are outsourced leaving the company with ample time to focus on their main critical tasks such as policy making tasks and other internal matters. The managers of any firm get their highly strategic tasks done timely leading to continuation and maintenance of proper business flow. The specialities that are outsourced with the help of a SaaS are often intensely related to performance optimization, information security of business processes, disaster recovery mechanisms do’s and don’ts and the continuity of businesses. Software Reserve And Assimilation The ability of SaaS to be readily accessible from any physical location just by the availability of an internet connection is its key feature. This facility is possible only owing to the capability of SLA Service Level Agreement being embedded into Saas based CRM. Companies that have their business centers located at multiple geographically distant locations find this provision highly feasible. With the provision of signing into the CRM cloud securely from just about anywhere, the CLOUD CRM is also characterized with that fact that its systems down times are penalized with financial penalties. Thus, in orders to avoid such penalties, ample arrangements are made by the cloud service provider to eradicate instances of system downtime. The Cloud based CRM is also capable of being scaled at runtime. If the size of the organization grows or diminishes then the feature of scaling on demand that characterizes the CRM can be well suited in such organizations. Flexible integration of on-site CRM into cloud based CRM makes matters much easier for organizations. Eventually the migration of the conventional CRM into the cloud based CRM is extensively fluent eliminating the need of purchasing third party software. Usability, Adaptability and Adoption Since Saas CRM is handled by the service provider, the client organizations do not have to worry about the up-gradation and handling of the system. For the client, thus, the usability of the system enhances. Depending only on the providence of an internet connection, the usability of SaaS CRM is increased manifolds since it can be accessed upon just about any computing system may it be an individual’s personal desktop assistant or a mere smartphone/tablet. ? Cost and Benefit Analysis A five year based comparison of Total Cost of Ownership of three CRM products of two different companies that are Sage Group and SalesForce are presented using Table 1.0. The table does not include the cost of maintenance with both the On-Premise and Cloud versions that is mandatory. The initial TCO analysis reveals that the adaptation of SalesForce cloud (SaaS) is comparatively a lot costlier than an On-Premise CRM solution. Down the road after five years it would be almost 4 times more expensive to have a SalesForce cloud CRM for small and medium business. According to Business Technology Insights (2012), “On average, a company with 25 ACT! users will save over $50,000 (?34,722) compared to Salesforce.” Table 1.0. Comparison of 5 years of TCO Name of Product ACT!? ?Premium ACT!? ?Pro Sales ?Cloud ?Professional ?Edition Company Sage Group Sage Group SalesForce.com URL Sage Group ACT! Premium  (act.com) Sage Group ACT! Pro  (act.com) SalesForce.com Sales Cloud Professional Edition  (salesforce.com) Model of Deployment On Premise / Client Server On Premise / Client Server SaaS (Software as a Service) Supporting Business Size Small and Medium Business Small and Medium Business Small and Medium Business Pricing ?24 ?per ?User ?per ?Month ?11 ?per ?User ?per ?Month ?45 ?per ?User ?per ?Month 5 year TCO ?1440 per User per ? 660 per User ? 2700 per User Sources: Business Technology Insights (2012), FindTheBest.com Inc. (2012) Still, the comparison does not end here as there are certain benefits of both that need to be taken into account before drawing any conclusion in this regard. A brief comparison of benefits is appended in the text below. The decision of opting for cloud or On-Premise solution is very much related to the situation of the business. SalesForce should be preferred when, An organization does not require ultimate customization capability. Immediate (without setup time) usage of the system is required. The business has none or limited information technology expertise on premises. The hassle of in house servers and security management needs to avoided. On the other hand SAGE Act! Pro On-Premise solution is good when, Advanced integration and customization options are required. A lesser TCO is required. A business has ample in-house IT expertise and resources for CRM solution to be implemented. A business cannot trust any other organization or body with its data storage and wants to have ultimate control of its data. The comparison of benefits in our case indicates that although the Total Cost of Ownership is higher with SalesForce, its benefits are accordingly valuable and advantageous. Some of the security features that suite this scenario include, Field Level Security Roles and Hierarchy creation Admin Profiles creation for security Creation and Management of User Groups. As the given business requirements indicate, three users are authorized to manage the customer details. Hence the restricted user roles with categorical security profiles can be created using SalesForce. Sage ACT! Pro offers a usual on-site data behind firewall security which may pose a considerable threat to organizational data. Glitches of SalesForce as compared to Sage ACT! Pro A cloud is not a magical entity that takes away all the hardships of every business and offers smooth sailing. It still needs to be managed with comparatively different kinds of difficulties. Some of those are highlighted in the text below, With every attempt of integration one needs to connect each time with a security token. For each process integration attempt, SalesForce requires installation of a separate program. The costs of upgrade, report generation and automated weekly backups are additional and does not include in the package. Same can be done using Sage ACT! Pro without any additional cost. SalesForce is not easy to setup all the time. In SalesForce it requires seventeen clicks to perform a mail merge while Sage ACT! Pro it requires just 8. The mass mail myth is not without limitations in SaleForce. With Professional Edition, 500 per day per user are max. Risk Management and Compliance (Justification) The ISO 27k series standards are international standards that define the laws regarding data protection and security. The BS7799 (originally British but now international) standard elaborates the data protection and security laws to a greater extent as compared to ISO 27k series standards. The UK Data Protection Act (1998) binds all UK organizations with the laws regarding fair and legal usage of people’s data. The BS7799 compliant organizations in UK are also likely to come into terms with DPA(1998). The DPA outlines eight principles to enforce legal usage of data. The eighth principle states that “Personal data shall not be transferred to a country or territory outside the EEA unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing” (DPA 1998). The option of SaaS based CRM may violate this principle as the cloud servers may exist in outside the allowed territorial boundaries of the country without any assurance of suitable level of legal protection. The Combined Code encompasses all listed London Stock Exchange companies. The FSA (UK Financial Services Authority published it. The aim of this law is to secure the UK investors from improper governance of the corporate arena. The code strongly and legally binds the entrepreneurial leadership of corporate organizations regarding implementation of risk assessment and management protocols. The directors of companies are strictly bounded to verify that the risk management procedures, and the integrity and security of the financial systems in place are flawless, valid and robust. The Turnbull Report is a legal document that provides elaborated guidance to the directors of London Stock Exchange Listed companies regarding the implementation of Combined Code for enforcing Internal Control. Under ISO 27k the organizations are expected to comply with 11 areas of risk assessment, risk management and compliance. The SaaS based CRM like SalesForce is likely to have certain issues in this regard as mentioned in the section below. However, there are ample security measures that are deployed to fulfill the legal requirements outlined under ISO 27k/BS7799. The creation of User Groups, Definition of User Roles and Rights, Access Control Policies, Information Encryption and Secure Communication are some of those measures. In line with Combined Code and Turnbull Reports the clause 4.2.1.c of ISO 27001 standard (named as “Define a systematic approach to risk assessment”) states that, “an appropriate risk assessment, suited to the ISMS and the identified business, legal and regulatory requirements, shall be undertaken. The risk assessment should identify the threats to assets, vulnerabilities and impacts on the organization and should determine the degree of risk.” (ISO 27001) KEY RISKS/CHALLENGES AND COMPLIANCE ISSUES RAISED BY Saas CRM Integrating Saas into the conventional CRM is not devoid of challenges. It comes with a number of challenging issues that can well be addressed individually. Their being dealt with individually is good for their proper handling resulting in the desired outcome. Following is a list of the features that are characteristics of SaaS CRM and prove to be competitive challenges for clients: • “Controllability • Visibility and Flexibility • Security and Privacy • High Performance and Availability • Integration and Composition • Standards.” (Buyya et al., 2011 ) INTEGRATION and COMPOSITION Integration is supported by SaaS CRM in multiple business lines. Companies that are foreign to the organizational structure based on multiple business lines find it comparatively harder to incorporate Saas CRM. The composition of each CRM has to be in line with the structure of each respective organization. This may often become a serious operating and structural challenge. DEFICIENT APIs The challenge of integration being faced by an organization is often handled by introducing APIs. These APIs often become a challenge themselves. This issue occurs as a result of the fact that the APIs themselves cannot survive without needing sufficient amounts of coding and maintenance. The absence of a standard format for the implementation of APIs often leads to spending of excessive time only in the maintenance and handling of API supported Saas CRM Systems. SECURITY ISSUES REGARDING DATA TRANSMISSION Data security is the most integral issue regarding any organization. As data issues involve the stakeholder’s personal information such as those related to their clients, businesses. The transferring of data from on-site conventional systems to the integrated Saas CRM cloud is the most challenging task. For this data transfer to be successful it is essential that the on-site and cloud based CRM sets are fully interoperable. Applications and data from most conventional CRM software is not in line with any single convention thus making it very hard for them to get converted into the Saas CRM format with fluency and ease. The distributed and decentralized nature of on-site (conventional) CRM systems makes it necessary for the Saas CRM to provide multiple integration formats which in itself is a grandeur challenge. “Data integrity, Confidentiality, quality and value have to be preserved as services and applications are interlinked and saddled to work together.” (Buyya et al., 2011) Conclusions and Recommendations: After a critical evaluation of features, benefits and cost analysis of both the systems following are some conclusions and recommendations. The adaption of Sage ACT! Pro for the given business requirements seem appropriate in terms of cost effectiveness. The Sage Group is a Listed Company on London Stock Exchange and fully compliant with BS7799/ISO 27k standards, DPA 1998 and The combined code. Clouds or SaaS CRM are risky to adapt. The standards followed by SalesForce are originally US based and it does not fully comply with the BS7799, The Combined Code and The Turnbull Guidances. REFERENCES: BUYYA, R., BROBERG, J., & GOS?CIN?SKI, A. (2011).Cloud computing: principles and paradigms. Hoboken, N.J., Wiley. BaselineMag. 2009. 10 Benefits of SaaS collaborative Work Management. [Online]http://www.baselinemag.com/c/a/Project-Management/10-Benefits-of-SaaS-Collaborative-Work-Management-650788/ [Accessed 2012, August 20] Gagnon, S, Nabelsi, V, Passerini, K, & Cakici, K 2011, 'The Next Web Apps Architecture: Challenges for SaaS Vendors', IT Professional, 13, 5, pp. 44-50, Computers & Applied Sciences Complete, EBSCOhost, viewed 20 August 2012. SalesForce. 2012 Benefits of SaaS. [Online]. Availble http://www.salesforce.com/saas/benefits-of-saas/ [Accessed 2012, August 20] Sultan A. 2007. SaaS 101: The Benefits. [Online]. Available http://www.saasblogs.com/business/saas-101-the-benefits/ [Accesed 2012, August 20] WRYCZA, STANISBAW. (2012). Research in Systems Analysis and Design Models and Methods, 4th Sigsand/Plais Eurosymposium 2011, Gdansk, Poland, September 29, 2011, Revised Selected Papers. Springer Verlag. Wu, W, Lan, L, & Lee, Y 2011, 'Exploring decisive factors affecting an organization's SaaS adoption: A case study', International Journal Of Information Management, 31, 6, pp. 556-563, Business Source Complete, EBSCOhost, viewed 20 August 2012. Symantec and Salesforce.com Partner to Deliver Stronger Security for; Cloud-Based Applications; New Symantec Security Assessment for Salesforce on AppExchange Will Extend Risk and Compliance Visibility to the Cloud', 2011, Market Wire (USA), 3 May, NewsBank, EBSCOhost, viewed 20 August 2012. IT Governance – A Manager’s Guide to Data Security and BS7799 / ISO 17799, 3Ed, Calder and Watkins, Kogan Page, 2005 Salesagility.com. n.d. Introduction to CRM. [online] Available http://dl.sugarforge.org/training/training/IntroductiontoCRM/CRM_Fundamentals.pdf [Accessed 2012, August 20] Business Technology Insights llc. 2012. Sage Act vs SalesForce. [online] Available http://www.businesstechnologyinsight.com/Compare-Act-by-Sage-and-Salesforce.html [Accessed 2012, August 20] Read More