HubSpot’s ability to integrate with top sales and marketing platforms and equip marketing teams is a primary reason companies love it. The problem a lot of businesses face is managing who can see what within HubSpot, especially as they add more integrations. Keeping your customers’ data secure can be both painful and problematic.
So Much Data, So Little Control
Everyone uses data. Marketing collects and stores email addresses for nurture campaigns. Sales collects and stores emails and phone numbers to manage the buyer journey. Customer service collects and stores emails, phone numbers, and, sometimes, payment details like account number and address.
All of this information is sensitive. All of this information can present either a privacy compliance risk or a data security risk.
Managing it can be a nightmare. If you’re bringing all your applications together in a single location, you have a lot of people accessing a lot of information. Often, you have people accessing sensitive data that they don’t necessarily need to perform their duties. For example:
- Marketing doesn’t need to know telephone numbers
- Sales doesn’t need to know payment account numbers
- Customer service doesn’t need to know addresses
When you’re protecting sensitive customer data, a best practice is to grant access on a “need to know” basis.
More Integrations, More Problems
Every time you add a new integration, you add a new data access problem. Integrations are great at eliminating communication silos and streamlining daily activities. This is also one of the reasons that they’re a data access problem.
In order to manage access to your customers’ data, you must understand what sensitive information is syncing to the platform. This can be tricky since various marketing and finance systems sync different data into the Hubspot platform.
Let’s take a look at how different naming conventions for systems integrations may lead you to accidentally provide employees access to sensitive information they don’t need.
First up, we have the differences with Salesforce data:
Now let’s take a look at the Quickbooks integration:
So, what’s the data issue? Think about this:
- Salesforce Opportunities translate to HubSpot Deals
- Quickbook Invoices translate to HubSpot Deals
Because both Salesforce Opportunities and Quickbook Invoices translate to HubSpot Deals, you might have a data access problem. Invoices usually have payment information, like account numbers and addresses.
Sales teams don’t need this information. More importantly, they shouldn’t have access to this information.
Data Privacy and Security Threats
As companies collect more information, they also increase their data privacy and security risks. Data breaches are costly, but privacy law violations can also cost your company even more.
You probably already have a “cookie” warning on your customer facing website to meet European Union General Data Protection Regulation (GDPR) requirements. If you’re selling consumer products to someone in California, you need to know the California Privacy Rights Act (CPRA) compliance requirements. As if that’s not hard enough, Colorado just passed a new privacy law.
Cookie acceptance is just the tip of the privacy iceberg. Nearly all of these regulations talk about limiting access on a “need to know” basis. Nearly all of the privacy laws include a discussion of data “de-identification.” In other words, you need to have something in place to make sure that people seeing data can’t make inferences.
A lot of times, the easiest way to do this is to mask the data, or hide information in a way that prevents someone who shouldn’t see it from seeing it. For example, often a social security number will just be ***-**-0000.
Managing Access is Just Difficult
There’s no easy way to say this. Managing how people access data across these integrations is just difficult.
Too Hard to Compare
Most of the time, limiting access is really technical. First, you have a lot of different types of access. For example, HubSpot has eight different types of user permissions. Quickbooks has nine different types of user permissions.
None of these are defined the same way. HubSpot has four different ways of limiting Sales access.
Quickbooks has one way of limiting Sales access.
These definitions and lists seem to have no connection to one another. You can try to limit access across the integration, but you’re going to have a hard time getting it right. Often, you need someone with specialized skills to help you.
Even if you have someone with the right skills, it still takes a long time to set everything up. You need to know how people use data, what data they have access to, why they access it and question whether they really need it.
Then, you need to set the rules that limit access. If the applications don’t have what you need, then you might need to create customized rules. All of this takes time, and time is money.
Limit as Much as Possible
Most tools only work on the application level. In other words, once you give someone access to HubSpot or Quickbooks, there’s not a lot of ways to limit what they can do and see more precisely. Once they’re in, they have access to everything.
Your sales team needs access to Contacts and Opportunities during the buyer journey, but they don’t need access to Invoices at that point. However, once they have access to HubSpot, they automatically have access to everything integrated with HubSpot, including your Salesforce and Quickbooks integrations.
Protect Privacy and Get Compliant Quickly with Nullafi
Nullafi makes this whole process easy. With just a few clicks, you can create specific access limitations that protect information and get you compliant.
If you do a strategy and systems audit, you get insight into how people are using the systems and whether it’s efficient. This lets you streamline business processes, but it also sets the stage for what information people need and when they need it.
With Nullafi, you can use the built-in roles and apply access limits based on the outcome of your strategy and systems audit. For example, if your developers need access to HubSpot, you don’t want them to see customer or prospect emails.
We make it easy to create new rules. Our drop-down roles and plain language rule creation make this something anyone can do.
Ready to kick-start your company’s email strategy? Talk to us about what you want to achieve, and we’ll help build out your email program. Whether it’s your first send or you have a seasoned list, we can help you get the most out of email marketing. Learn more about demand generation by Aptitude 8.
Easily Manage Access to Contact Properties
This is what Developers see before using Nullafi:
Click on “Developers”:
Choose the technology:
Limit the access:
Create a title and give a reason:
Refresh the webpage, and your rules automatically apply:
Protecting Date Should Be Easy
We worked hard to make data privacy easy. Protecting sensitive data is a business “must” not “want” in today’s market. Ensuring data privacy and limiting access within HubSpot protects your company from violating privacy laws.
More importantly, protecting information builds customer loyalty. Customers care about how you protect their information, and you care about your customers. Protecting privacy doesn’t have to be difficult, and with Nullafi, it isn’t.