How to protect data in crm?

S

Sergey Bard2018-02-12 09:52:40

CRM

Sergey Bard, 2018-02-12 09:52:40

Hello. There is an internal crm system for the team, inside the system collects various data for analysis on client projects, from different resources, only employees and project owners can enter the system, crm itself is located on a subdomain of the main site. Now we need to somehow figure out how to protect this very data, since the system is self-written (the previous developer decided that it would be better), and not written in the best way, the transition to the framework is planned. but now we need to somehow secure the data, maybe someone - that is, thoughts on this, how best to do it ?, in addition to the usual authorization system, I added authorization at the domain level for different user groups, but I would also like to somehow secure the database itself, I will be grateful for the ideas!)

Reply

Answer the question

In order to leave comments, you need to log in

3 answer(s)

A

athacker, 2018-02-12
@athacker

Protect from what? Read on the topic "building a security model", estimate such a model for your system, from there it will be clear what to protect and how it can be done.
There is even an automated service on this subject (model building, not security ;-) ): www.threat-model.com

C

CityCat4, 2018-02-12
@CityCat4

Well...
No anonymous logins like manager1, manager2, etc. - only accounts tied to people.
Strong passwords.
Logging of ALL actions.
It is clear that this will not save you from data theft anyway - you can even rewrite the data on a piece of paper, but at least it will be clear who did what.

K

Konstantin Nagibovich, 2018-02-12
@nki

Start by answering the questions - what do we protect and from whom do we protect? After that, get a threat model and then develop your own protection option.