Hi,

I'm struggling with the lazy data protection within Zoho One.

Our corporate policy is 'separation of concerns'.

Sales take care of the revenue,

Development/Support takes care of building the product and helping the customer.

I think Zoho is too open with corporate data between departments.

As we will use external support agents, I need to prevent revealing too much information, company internals, sales figures, and IPA to the Agents. By default, Agents get to see everything from the CRM, even all deals.

Also, an Admin in one Application may not see all of the information in other applications.

But

If you connect Zoho Desk to Zoho CRM, the Desk administrator can see all information of the CRM, even if he is only in charge of the Desk users/customers and he is not interested in any sales figures and upcoming projects.

In other CRM or ERP solutions, the data access is filtered on the source side of the data, not on the integrated side.
An Administrator of the integrated side must only see the information he would see in the source application or what the administrator of the data source allows him to see. Naturally, he can only populate or grant access to these data in his administration domain. In such systems, a data breach is more unlikely than in Zoho One.

How do you deal with these issues?