Tablets have played a role in expanding both ERP and CRM platforms by putting actionable data into the hands of the mobile workforce. Now, some analysts and industry watchers are saying that both technologies are at the heart of Bring Your Own Device (BYOD) initiatives, as companies want to open their ERP and CRM platforms to users with personal tablets and smartphones.
Factoring mobile ERP and CRM and BYOD planning is about ensuring the technology, compliance, data ownership, and security over your organization’s highly sensitive data happens end-to-end, from the system to the BYOD device, without compromising user experience.
While CRM and ERP systems from companies such as Sage Software, SAP, and others have free iOS and Android apps, opening up backend CRM and ERP systems to BYOD users requires some technical considerations and planning.
Here are some ERP and CRM mobile app and device-side considerations to factor into your BYOD planning:
- Native mobile apps for the CRM or ERP platform are more secure alternatives, but do your due diligence and testing up front. Mobile apps are a requirement if you expect to be using cameras or bar code scanners.
- Browser-based access, even through a mobile device such as an iPad or Android tablet, is flexible. This interface can often be easier on your help desk because there’s no extra app to support.
Moving onto the ERP and CRM platform, you also need to factor the following into your BYOD planning:
- Additional licensing costs for mobile access.
- Additional configuration on the system side required for mobile access.
- Additional auditing and reporting that can be put in place to track system access of BYOD users.
Your data center administrators should also be participating at this planning stage to ensure that enough bandwidth is available to accommodate a potential rise in mobile device access to your ERP and/or CRM systems to support an influx of new BYOD users.
Data ownership and compliance
Permitting access to corporate ERP and CRM systems from personal devices mean it’s time to have a documented data ownership policy in place before going down the path to BYOD.
A data ownership policy requires input from management, legal, and other business stakeholders. Depending on your industry, your auditors might need to get involved to ensure compliance as well. There are requirements for Payment Card Industry Data Security Standards (PCI DSS), Health Insurance Portability and Accountability Act (HIPAA), and Gramm-Leach-Bliley Act (GLBA) that BYOD devices must meet to make sure that your organization remains in compliance.
The question of data ownership takes on a different meaning when it comes to sales people, CRM, and BYOD devices. If a sales person retains a a customer from a previous employer or has done business with that client over the years, then the lines around customer data ownership might blur. In these cases, BYOD policy planners should work with sales management to work out an equitable policy workaround about such customer data on a case-by-case basis. Typically, this means an addendum to any BYOD and data ownership policies signed by both the sales person and sales management.
Engineers and manufacturing personnel accessing ERP data from a BYOD device should fall well within your BYOD and data ownership policies.
ERP and CRM systems are a treasure trove of corporate secrets, which makes them vulnerable. Unfortunately, the App Store descriptions and marketing literature that accompany many of these apps often contain just a “black box” level of detail.
Data ownership and device security factor heavily into some compliance programs. While BYOD is still a relatively new, yet popular phenomenon, there’s also the risk of shifting opinions. So, on BYOD and customer information, in particular, be proactive by engaging your auditors and other compliance team members when beginning your BYOD planning. This can help prevent misunderstandings later on in the project.
Before breaking down the BYOD side of security, it’s important that the administrators document how mobile devices communicate with the backend ERP and/or CRM system.
Employee device onboarding/exiting
Since not every employee needs mobile access to the corporate ERP or CRM system from their BYOD device, I advocate the following during onboarding:
- Roll out mobile CRM and ERP access to BYOD users on an as-needed basis, based on the employee’s position.
- Highlight CRM and ERP security as part of your BYOD training.
- Set time limits (6 months/1 year) to mobile access from BYOD devices, with the option to renew access at that time. This is already a standard practice in some compliance programs, but I’m including it here, because it makes good sense for smaller enterprises as well.
Enabling access to the kind of sensitive and proprietary data that resides in any ERP or CRM system to BYOD users requires up-front analysis and planning to ensure that your platforms, infrastructure, and security protect your critical corporate data. Does your organization enable access to ERP or CRM systems to BYOD users? Share your experience in the discussion thread below.