FairWarning Issued Patent for Detecting Fraud and Misuse in CRM Systems

The U.S. Patent and Trademark Office has issued U.S. patent 9,202,189 to FairWarning, a provider of data protection solutions for mission-critical applications such as Salesforce.com, electronic health records, and cloud-based applications. The patent covers the method of detecting fraud and improper access of business information in a customer relationship management (CRM) computer environment using audit logs.

The need for this kind of technology becomes increasingly important as companies move their customer and company data to the cloud, according to Kurt Long, founder and CEO of FairWarning and inventor of the technology that just received the patent.

"Companies hold all kinds of proprietary information about the company and its business," he says. "As that information went to the cloud, companies left security behind."

The CRM industry, Long states, "has fallen behind fairly dramatically" with regard to having adequate security controls and governance in place.

And simply trusting that cloud hosting providers have taken adequate security measures might not be enough, Long warns. Even those companies "are behind in monitoring and governance," he says. "Most cloud vendors have not done a good job of putting security in place."

Companies are at great risk of data theft and misuse from thousands of current employees, departing employees, or employees whose credentials could have been compromised, meaning that confidential information, such as investor, shareholder, patient, customer, and prospect information, could all potentially be accessed, exported, and downloaded by anyone with access, often without detection.

The patent is the intellectual property foundation for FairWarning for S, a solution for Salesforce.com users to manage data protection and governance from anywhere, anytime. FairWarning for Salesforce is available in the Salesforce App Exchange and also relies on Salesforce.com's own Salesforce Shield security layer.

FairWarning provides a comprehensive platform for performing access reports, enforcing access policies, conducting legal investigations, and improving compliance effectiveness. Companies set the parameters for what activities FairWarning looks for—whether its large file downloads or data dumps, file deletions, remote access, or changes to system administrator privileges—and then the technology alerts the appropriate managers or information security officials when it detects suspicious activity.

Though the FairWarning application does not act 100 percent in real time, Long says that is a priority for his company and Salesforce.com this year.

In addition to the Salesforce.com application, FairWarning also works with many other mission-critical applications, such as electronic health records and cloud applications, enabling businesses to comply with federal and state privacy laws, such as the federal Health Information Portability and Accountability Act (HIPAA) the Payment Card Industry Data Security Standards, Sarbannes-Oxley, and the European Union's Data Protection Act.

FairWarning's healthcare solution is currently being used by more than 7,500 hospitals and healthcare facilities around the world.

Long initially filed for the patent in 2006, at a time when electronic health records and CRM systems were undergoing extreme growth. "I saw this as a big opportunity to give businesses the ability to protect themselves against insider breaches as well as remediate quickly," he says.

The patent took 10 years to reach fruition. Long says, because the industry wasn't ready to accept the risk before.

"It took a few big breaches before the industry took notice," he says. "Now, finally, everyone is hunkering down on the security issue."