THE ASPECT OF INFORMATION SECURITY IN MODERN CRM-SYSTEMS IN THE ERA OF DIGITALIZATION OF THE ECONOMY AND BUSINESS
DOI:
https://doi.org/10.32851/tnv-tech.2022.4.4Keywords:
digitalization of the economy, information security, unauthorized access, authorization protocol, CRM-platform, CRM-system.Abstract
The subject of the article is the application of CRM class systems in the modern economy. In the conditions of informatization of economic data of all enterprises, regardless of the forms of ownership, the importance of using CRM-systems is growing rapidly. Modern CRM-systems allow businesses to make high-quality and timely management decisions based on data received from CRM-class systems. Of course, one should not forget about information security, which consists in the protection of data from unauthorized access. Data protection is one of the main parameters for choosing a CRM-system. Therefore, as a result, the problem of CRM-systems arises, which consists in finding a compromise between security characteristics and ease of use, so the goal of this article is precisely to achieve the necessary information security with the maximum comfort of users of this system. The article examines the peculiarities of digitalization of the economic sector by combining CRM-systems with modern frameworks and IT-security technologies. The features of the functioning of the modern digital market, CRM-systems and security technologies are analyzed. The main modern technologies, standards and security protocols in the conditions of digitization are considered. The principles of security and convenience, on which CRM-systems should be based, are highlighted. In this study, the advantage in terms of efficiency, convenience, safety and security was given to the Oauth2 protocol and the technology implemented by Keycloak. Data security in the proposed CRM-system is ensured by flexible access settings. These two powerful tools allow you to protect any resource from unauthorized access without transferring important user data to another party and provide quite convenient options and alternatives for authorization. Using these technologies when developing your own CRM or integrating them into an already ready system is almost the best security solution.
References
De Capitani di Vimercati S., Foresti S., Samarati P. In Security, Privacy, and Trust in Modern Data Management. Authorization and Access Control / Petković M, Jonker W (eds.), Springer Berlin Heidelberg, 2007. P. 39 –53. ISBN: 978-3-540-69860-9. DOI: 10.1007/978-3-540-69861-6_4.
Nuñez D., Agudo I. BlindIdM: A privacy-preserving approach for identity management as a service. International Journal of Information Security, Apr. 2014, Vol.13(2). P. 199–215. DOI: 10.1007/s10207-014-0230-4
What is CRM Software? A Comprehensive Guide and Historical Overview of CRM (Customer Relationship Management) software. SalesForce : веб-сайт. URL: www.salesforce.com/crm/what-is-crm-infographic (дата звернення: 20.05.2021).
JWT and Social Authentication using Spring Boot. Medium : веб-сайт. URL: https://medium.com/javarevisited/jwt-and-social-authentication-using-spring-boot- 90e4faaa9204 (дата звернення: 18.08.2020).
Campbell B., Mortimore C., Jones M. RFC 7522: Security Assertion Markup Language (SAML) 2.0 Profile for OAuth 2.0 Client Authentication and Authorization Grants. Technical Report, Internet Engineering Task Force (IETF), May 2015. 15 p. https://tools.ietf.org/html/rfc7522.
Maler E., Machulak M., Richer J., Hardjono T. User Managed Access (UMA) 2.0 Grant for OAuth 2.0 Authorization. Technical Report (Draft, work in Progress), Internet Engineering Task Force (IETF), February 2019. 37 p. https://datatracker.ietf.org/doc/ html/draft-maler-oauth-umagrant-00.
Jones M., Campbell B., Mortimore C. RFC 7523: JSON Web Token (JWT) Profile for OAuth 2.0 Client Authentication and Authorization Grants. Technical Report, Internet Engineering Task Force (IETF), May 2015. 11 p. https://tools.ietf.org/html/ rfc7523.
