In principle, the “network is the system” idea has a lot of merit. The benefits of having all your data stored in some reliable, secure, redundant database that’s centrally managed and hooking into it with whatever device is at hand — be it a desktop machine or a cell phone — has a lot of appeal. Keeping a system available on the net, up to date with fixes and patches, and secure is no trivial job. It’s exactly the sort of thing that should be left to someone who is a professional at it.

[Revised: Less than 24 hours after I posted this, I received a phone call from a salesforce.com representative, apologizing for the misuse of my information. My understanding is that one of their partners is to blame; that the misuse originated outside their organization. I was looking forward to receiving more details in an e-mail, but in preparing to let their mail pass my spam defences, I messed up — and all mail has been bounced from late Friday through most of the weekend. Hopefully they will re-send it so I can add more factual information to this. At this point, it’s clear that at least Salesforce takes this sort of misuse very seriously, and I have accepted their apology.]

The big hold back has always been that “secure” part. How reasonable is it to assume that some third party is going to take as much care of sensitive information as its owner would? Somehow I’ve always had this nagging concern that the security of data isn’t really as important to these application hosting companies as they want us to think it is. That might sound a little paranoid, but a little paranoia tends to be healthy when it comes to system security.

This is one of the reasons why I’ve tended to advise clients to save the monthly per-user fees they would pay to an application hosting firm, use it to set up their own secure server and to pay for someone to maintain it. In most cases there’s a free tool available that will exceed the requirements of most small to medium sized enterprises, and the actual amount of time required to keep a system secure makes it cost effective to maintain control of the systems while outsourcing the maintenance.

One of the more popular web applications is contact management. The leader in this field, salesforce.com, has been wildly successful at helping companies spend less energy on the systems that support the sales process and more time on actually selling. Generally speaking this is a good thing. A few years back I did a business analysis of the Salesforce solution versus some low-to-no cost alternatives like SugarCRM.

As part of that analysis, I signed up for a free account at salesforce.com. now when I sign up for something like this, I usually create a unique mail address — so I can trace spam back to the source and beat up whoever failed to protect my data. Over the last few years, there’s been a real drop in the number of companies that will unscrupulously resell a mail address. This has been the result of both a huge backlash against spam and some well placed legislation. These days, when a trace address gets spammed, it’s usually the result of a misdeed; someone deliberately copies the data and sells it without the knowledge or consent of the company who owns it.

Well last week my Salesforce.com trace address got spammed. Here’s part of the headers:

From - Fri Sep 14 07:38:59 2007
>From dealmakermedia_2CD269C9A686B38C3141790CE0B1990652961EAF3BE0B1A3@response.whatcounts.com Fri Sep 14 06:38:12 2007
Received: from common1.wc09.net ([38.100.231.181])
 by xxx.yyy.com with esmtp (Exim 4.68)
 (envelope-from <dealmakermedia_2CD269C9A686B38C3141790CE0B1990652961EAF3BE0B1A3@response.whatcounts.com>)
 id 1IW9Up-0008L1-Dc
 for (deleted)@ambitonline.com; Fri, 14 Sep 2007 06:38:12 -0500
Received: from josephine.whatcounts.com (192.168.127.32) by common1.wc09.net (PowerMTA(TM) v3.2r8) id ht9mui0c2qc7 for <(deleted)@ambitonline.com>; Fri, 14 Sep 2007 04:16:37 -0700 (envelope-from <dealmakermedia_2CD269C9A686B38C3141790CE0B1990652961EAF3BE0B1A3@response.whatcounts.com>)
From: "Dealmaker Media" <dealmakermedia@response.whatcounts.com>
To: (deleted)@ambitonline.com
Subject: The Momentum 15: Ladies and Gentlemen, place your bets!
Date: 14 Sep 2007 04:47:01 PDT
Reply-To: "Dealmaker Media" <dealmakermedia_2CD269C9A686B38C3141790CE0B1990652961EAF3BE0B1A3@response.whatcounts.com>
ENVID: WC-1189770421372-F78F7
Message-ID: <2CD269C9A686B38C3141790CE0B1990652961EAF3BE0B1A3@response.whatcounts.com>
MIME-version: 1.0
Content-type: text/html
X-Mailer: WhatCounts

That caused me to forward the message to a support address at salesforce.com:

Date: Fri, 14 Sep 2007 08:22:10 -0400
From: Alan Langford <jal at remove_this_nospam ambitonline.com>
User-Agent: Thunderbird 2.0.0.6 (Windows/20070728)
MIME-Version: 1.0
To:  support@salesforce.com
Subject: [Fwd: The Momentum 15: Ladies and Gentlemen, place your bets!]

As you can see from the headers of the message below, when I provided 
information to your organization, I used a highly traceable address in 
order to detect violations of my privacy. I can assure you that the 
address "(deleted)@ambitonline.com" was provided exclusively to your 
organization. In my experience, this sort of violation is frequently due 
to unauthorized use of data, and as such it is probably as serious a 
matter for you as it is for me.

I look forward to a report from you on how this personal and proprietary 
information wound up in the hands of the group who sent this message, 
and the actions you are taking to prevent it from happening again. 
Moreover, given your inability to protect this information, please 
explain why I should trust your organization with something as sensitive 
as my own contact database.

After receiving no response, I sent another message to them this morning (September 20, 2007), informing them that I was planning on making their data loss public. Still no response.

So that’s it. Either salesforce.com is violating their own privacy policy, which seems highly unlikely; or they have had an “unauthorized data leak” and they don’t want to talk about it much. There’s a third alternative, which is that a response from their support team takes more than a week.

The first two possibilities are serious indeed. Serious enough for me to confidently say don’t trust your sales data with salesforce.com, ever! Set up your own system (and most likely save a boatload of money in the process). As for the third possibility, well… just save a boatload of money and get better support in the process.

It turns out I wasn’t so paranoid after all.