Hello, We’re looking for someone to help further develop and customise suitecrm to our needs.
We’ve been using suitecrm for a number of years and have built up alot of protective data over the course of using the platform.
The concern we have is that finding a developer online and giving them full access to our data is a potential risk to a breach of our data.
My big question really is… Is there a way to give a developer access to our website to customise suitecrm to our needs but exclude them from being able to access our data. By our data I am referring to our leads, opportunities etc.
Thanks so much for any advice you can offer on this matter!
You’ll have a hard time navigating that situation… although it is possible if you can set up a clone server without the data, have them work on it, and then move the changes to the production server (which might not be an easy task at all).
The normal thing to do, I would say, is…
Pick a developer or company with a reputation. If they value their reputation more than they would value getting their hands on your data, you should be ok.
Ask them to sign an NDA, a non-disclosure agreement.
A different approach I’ve seen some people take is to have the developer work through a team-viewer style connection to your PC, so that you watch them do everything. Not very efficient, obviously.
Are you able to clone your suiteCRM system and run it on another server or location, login and do everything as normal? That is helpful anyway for testing: (it needs some tech skills to setup. And don’t forget to switch off any cron jobs or schedules - and disable email sending… to stop sending double emails to your customers… etc!
If you have that: -then next question - do you have SQL query skills? - To create some anonymising queries:
ie to run on the core ‘personal data’ tables: and to change the personal data to be anonymised.
EG : on Contacts table - replace first_name and last_name with random names.
and same with telephone numbers.
Then in Email_address table (where email addresses are saved) the same.
Then your custom fields in contacts_cstm table - do any of those need anonymising.
And the Accounts tables: accounts and accounts-cstm.
And in the Emails tables, to anonymise TO FROM and CC entries
.
That’s is the core = but you may also have Orders with personal data fields…
You would also want to delete all rows in the audit tables (as they contain old values of fields that have been changed).
I looked in the SuiteCRM store (paid for plugins) - and there is a plugin that says it does this : " Data Anonymizer for SuiteCRM"
But, it seems to have very little support questions, so is maybe not used very much, which may be a concern.