ANALYSIS OF CONFIDENTIAL DATA STORAGE TECHNOLOGIES IN CRM/ERP BUSINESS PROCESS MANAGEMENT SYSTEMS OF AN ENTERPRISE
Keywords:
CRM, ERP, cyber threat, storage of confidential data, cloud security, social engineering, comprehensive security strategyAbstract
The article examines CRM (Customer Relationship Management) / ERP (Enterprise Resource Planning) systems as established components of modern business processes with an emphasis on the features of their architecture and, accordingly, advantages and vulnerabilities, as well as the need to improve the means of secure storage of confidential data and minimize the risks of unauthorized access to them. The purpose of the study is to analyze modern technologies for storing and protecting confidential data in CRM/ERP business process management systems and provide practical recommendations for improving the security of information storage in the context of escalating cyber threats. The results of the study demonstrate that the cloud architecture of CRM/ERP systems has advantages (automatic updates, including security updates, lower operating costs for maintenance). In addition, social engineering is an extremely serious threat to secure data storage using CRM/ERP systems. The GDPR and ISO/IEC 27001 standards can help mitigate this threat. However, due to technical factors (GDPR is rarely updated, ISO/IEC 27001 is advisory), these standards can only be considered one component of a comprehensive digital business security. To ensure data confidentiality is maintained, a comprehensive security strategy should be followed, which should be regularly reviewed in line with changes in the threat and risk landscape. A list of effective measures to enhance the security of sensitive data storage is provided, with an emphasis on the need for further efforts to identify potential risks and explore ways to mitigate them.
References
Gartner Magic Quadrant for Cloud ERP for Product-Centric Enterprises. 2023. URL: https://www.gartner.com/en/documents/4800931 (дата звернення: 24.04.2025).
Lobschat L., Mueller B., Eggers F. et al. Corporate digital responsibility. Journal of Business Research. 2021. Vol. 122. Р. 875–888.
Cloud Security Alliance (CSA). Security Guidance for Critical Areas of Focus in Cloud Computing v4.0. 2021. URL: https://cloudsecurityalliance.org (дата звернення: 24.04.2025).
OWASP Foundation. OWASP Top 10: The Ten Most Critical Web Application Security Risks. URL: https://owasp.org/www-project-top-ten/ (дата звернення: 24.04.2025).
Microsoft. Dynamics 365 Security Whitepaper. 2023. URL: https://learn.microsoft.com (дата звернення: 24.04.2025).
ISO/IEC 27001:2022. Information security, cybersecurity and privacy protection – Information security management systems – Requirements. Edition 3. Geneva : International Organization for Standardization, 2022. 19 р.
Regulation (EU) 2016/679 of the European Parliament and of the Council (GDPR) of 27 April 2016 on the protection of natural persons with regard to the processing of personal data. URL: https://gdpr.eu (дата звернення: 24.04.2025).
Скляренко О. В., Федік О. І., Колодінська Я. О. Digital рішення для управління проектами та бізнес-процесами в умовах сучасних викликів. Економіка і управління. 2021. № 2. С. 85–90. URL: https://e-u.edu.ua/journal/1088.pdf (дата звернення: 24.04.2025).
Яровий Р., Улічев О., Скляренко О., Пашорін В. Моделювання мультиагент- них систем захисту інформаційних ресурсів. Вісник Хмельницького національного університету. Технічні науки. 2024. № 3 (2) (337). С. 278–284. URL: https://doi.org/ 10.31891/2307-5732-2024-337-3-42 (дата звернення: 24.04.2025).
Дмитрик І. О., Загороднюк О. В. Роль BPM, CRM та ERP систем у цифровій трансформації українського бізнесу. Вісник Уманського національного університету садівництва. 2024. Вип. 104.2. С. 191–201. URL: http://journal.udau.edu.ua (дата звернення: 24.04.2025).
