Peter posted recently about RealFutureCRM which is a US company specialising in CRM for the Real Estate Industry. That post created some hot discussion about solutions already available in Australia and claims that they were being overlooked. Representatives from a number of Australian companies chimed in with posts in support of their own product.
Mo raised that fact that Hubonline, owned by REA, was built on SugarCRM.
Eddie Cetin, the National Business Development Manager for HubOnline contacted me and confirmed that their new version (v2) that had just been completed was built on SugarCRM. I had a demo of the old version of Hubonline last year so Eddie invited me to preview the new version when he flew to the Gold Coast next.
For the sake of background and disclosure we have been using the old Multiarray Sales System for 8 or 9 years with a fairly advanced set of activity trails integrated into the program that features several hundred letters, surveys, scheduled phone calls, personal follow-ups and other individual activities over 40 pre-programmed activity trails.
Our market research back then showed Multiarray was the only company who had a serious CRM ability. That program is now quite dated but on a feature for feature basis it is interesting how well it stands up today. Stuff that we were doing around 10 years ago HubOnline still cannot do today, but more on that later.
I was involved with the Beta Testing of the new Multiarray version which was released last year although as yet we have not installed the latest version. The initial rollout was only an internet based solution… (please note that there is huge differences between a web and an internet based solutions) and they have only just released the inhouse server version. Despite my involvement with the beta testing we still undertook market research recently to consider out options. After that we decided to proceed with the Multiarray version when they brought out the inhouse server option as it is more suitable for our database size and that is how we are still moving forward.
HubOnline
Firstly let me say that the new version of HubOnline is a breath of fresh air over the old one and it is indeed built on SugarCRM. The program layout, speed and general usability appears far superior to the old version and is an essential upgrade for their current users. Now I did not get to drive because of time restrictions but I certainly asked to see more of sections that I thought warranted further investigation. I asked lots of questions and offered my opinion here and there.
The Good
SugarCRM provides them with an excellent framework to work upon. The technologies used are the very latest and you can see that straight way. The system appears very stable which is the SugarCRM pedigree at work and usability seems much improved. The ability to roll out new features on such a system should be a real advantage to the HubOnline team.
Unlike other solutions, they don’t have to program it from the ground up. A lot of the grunt work has been done and is world class. They just have to worry about adding the Real Estate flavour to it all.
The Bad
This really is just a prettied up version of the old HubOnline. As far as features go this is fancy new dress, but the same old girl as before although she is apparently booked in for a significant makeover.
The feature list is not really improved from the previous version but to be fair, Eddie advised that this was conscious decision for the first release was only to mirror the features of their original version. This should make upgrading their current user base as painless as possible. Current users have to concentrate only on the new interface, rather than learning a host of new features at the same time. I am sure they plan to implement new features in the very near future.
Despite being built on top of a world class CRM, because the feature list has not been improved upon it is still a case with usability of a real estate admin package with a CRM bolted on.
The best way I can explain this is to give you real world examples that we have been using with out current system for nearly a decade. I covered each of these examples (and others) with Eddie Cetin and explained why each was important. Since Hubonline was still working with the old feature list I did not bother covering any of the more advanced CRM features in the current version of Multiarray.
With Hubonline whenever you change the status or contact type you have to “remember” to activate the right activity trail. That to me appears archaic and prone to far too much human error forgetting to add the activity trail. I believe that if you upgrade an appraisal to a listing in the system for example, the CRM should be smart enough to automatically know to ask you if you want to stop all the prior “appraisal activities” that are now no longer valid and automatically offer for you to select from a list of relevant listing activity trails.
The old version (and certainly the new version) of Multiarray integrates the CRM changes into the administration changes. Whether it be expiring a listing, marking a property under contract or the dozens of other changes, it automatically provides you with the relevant selection leaving nothing to memory.
Running any CRM software in a real estate office will obviously result in substantial mail being generated by the system every day. Things like thank you letters, performance surveys, anniversary letters etc etc etc. Some days we can have in excess of 100 letters generated by the system and even on a slow day we will still have 20 or more.
With Hubonline daily mail merging is still a fully manual operation and each letter has to be merged one at time. Depending upon your setup these can be done by each individual salesperson or collectively by an admin staff member. The productivity wasted to do this over the course of a year would be huge and if left to each salesperson how many would really make it the mail. Far from all I would suggest.
For nearly 10 years in our office the day’s pre-programmed letters are printed at the press of one button. With that one press all the letters are printed and the contacts history is updated.
These are just two features relating to the CRM integration with the admin side of the system that HubOnline struggles with. Thankfully the SugarCRM connection means integrating these and other more advanced features should be fairly simple.
Hubonline has dashlets in the system which allows you to add and arrange information panels into the program. This works similiar to iGoogle. The concept is good but the dashlets have some layout issues that need to be looked at because the amount of vertical scrolling is obscene. The current size of the dashlets is very inefficient and so much space is wasted with having to scroll down being the only solution..
The dashlets problem is also made worse because the program is really for high resolution displays. The dashlets or the program dont dynamically resize based on the screen size and we were using a 1024×768 resolution on a laptop and there was horizontal scrolling as well as vertical scrolling which is going to annoy a lot of people.
If you check out the screenshot from RealFutureCRM you can see how much information you can squeeze into just one page. For Hubonline to display all this information would require a lot of vertical scrolling.
The Ugly
Web based solutions are great for flexibility because anybody with a browser can access the information from anywhere in the world. This however brings about problem that few consider till it happens to them. Security!
Password security is better than no security at all, but as a true measure to protect an asset as valuable as a mature database is very very dangerous.
Just one scenario for you to consider. As an agency principal you have a salesperson that has been with you for a few years up and leave and setup his own agency down the road. If you operate a web based system for your office anybody can access that information, as long as they know a correct username and password. As soon as you know he is leaving you shut out his account but because he has been with you for several years he knows one of your admin staff just uses her three kids names as her password, alternating them every few weeks whenever she is forced to updated it. Another staff member uses the same word but just changes the last number every time. It might be Sydney1, Sydney2, Sydney3 etc etc etc. This and similar stories happen in just about every office, real estate or not, right around the country and the world.
Without any advanced computer knowledge or hacking skills that salesperson turned competitor now has fulltime access to your database. He knows every single appraisal you do, every sale you have made, every single listing you make and every single buyer you have. How much would that cost if it happened to you?
Web based CRM solutions like HubOnline have to start taking security of the database seriously. There is a number of methods they can use to protect the data such as locking down some accounts to unique IP addresses. Most admin accounts will only ever need to be accessed from within the office so locking those accounts to a static IP will assist with protection. Locking salespeople’s accounts down to a specific IP range used by your ISP will also help. So will enhanced password security forcing upper and lowercase letters and numbers in each password. Refusing passwords too similar as past passwords.
Logging all accesses by each account and displaying the last login to the user every time will raise suspicions if somebody else is using your account. Forcing an office wide password change every time a staff member is marked as inactive will also help.
Overview
I was genuinely impressed with the new version of HubOnline. I think the move to SugarCRM was a positive one that will certainly pay dividends. Advanced real estate CRM.. Certainly not. Not yet anyway. But they are positioned to have an excellent solution within a revision or two.
Right now and strictly as far as the CRM aspects are concerned I could only recommend it for their existing users and those that do not want to operate an advanced CRM solution. The existing Hubonline users can have their staff get use to the new interface before new features are implemented.
As a direct comparison Multiarray’s solution offers right now a far better CRM experience however it has to be pointed out that there is a fairly large difference between the two in price. In fact, their previous version has been offering for years many things that HubOnline are still to implement.
It’s important to understand that such a comment has to be viewed in perspective though as there is much more to a real estate solutions than the CRM with both software offering different feature sets and each solution needs to be looked at as a whole and I certainly did not get time to see those aspects of HubOnline.
Security needs to be improved and I believe that if they can they harness the real CRM ability of SugarCRM and integrate it into the administration tasks plus fix a few of their layout issues they will have one of the best solutions in Australia.
It will be interesting to see if they build on it over the next couple of updates and take advantage of what they have got.
I have received an email from Eddie Cetin since the demo replying to a number of questions that I had sent him. In that email he advised that they are currently looking at the security issues I raised and are implementing the automatic daily mail merge. The automatic prompting of activity trails and more minor issues not raised here are not yet under consideration for implementation.
12 Comments
Barney
Security is a big, big problem for real estate agents and any system they use on the web. You are opening your data to millions of hackers and your staff accessing it from home. A lot of offices have the password on post it notes stuck on a screen or written on a wall. You know this is the case, I see it all the time. Your are right, staff leave and all your office information is available to anyone. One particular site hired a person who was there a short time and then they went to another competitor for a time and then opened up themselves with data from the other sites. Most owners are not computer literate and expect the IT company to be the experts. You say Eddie says they are currently looking at security. THEY SHOULD have always been looking at security. A person like me with a long time in IT is appalled at the amateurs professing to be experts to Real Estate agents who do not have a clue how the internet works and just how vulnerable they are to their data walking out the door and most of the time you will not even know it has happened.
Glenn Batten
Barney..
I have to agree with you 100% when you say they should have always been looking at security. Relying strictly on password security is simply asking for trouble.
With web based solutions like Hubonline its probably impossible to tighten security to where it should be however I personally believe that they should have a far better security in place than they do have. They know that password security does not work. You just have to look at the banks experience with that and with offices the threat is most often from within than the outside.
Obviously they could offer tokens and USB dongles which allow principals to physically repossess the units to cause a lockout no matter what passwords they have but can you suggest of any others that they might be able to integrate to make their web solution more secure?
Multiarray had the extra layer of security by using a client software even though it accessed an internet hosted database. By limiting access to the actual client software itself then staff could not install it on whatever computer they liked. Whilst this is better I still suggested more including authentication by the client software to the server before it was allowed to proceed with the session. This meant that should a salesperson leave with a copy on his laptop the principal can still lock him out by removing his individual installation authentication. Should a staff member get access to the client installation files, without an authentication code the program is useless. They are still to implement something like this but I believe it is in the planning.
Eddie Cetin
Glenn,
Thanks so much for taking the time to write up your review of the new HubOnline. We are all really excited about it so we appreciate your interest. If any business2.com.au readers have any questions about it, they can contact me by email at
[email protected]
I’d be happy to chat.
Glen Barnes
I would disagree that web based solutions are less secure than installed software. The security in most small businesses is far worse than a properly managed web service. Would you rather trust a one-man band IT service company to properly secure your data or Salesforce.com? How many small businesses do you think have a bullet-proof backup system and secure servers?
We have outsourced payroll and a bunch of other sensitive data to third parties so why not CRM? If you are that worried about security then use the SecureID cards and 2 factor authentication. It does work.
The benefits of web based solutions far outweigh any disadvantages. The future is the web.
Glenn Batten
Huh?
I have talked about access security not backup and disaster recovery. That is another issue entirely, and as you point out that is one of the strong points for web based (or internet based) software.
That benefit though does not just erase the need for access security. Web based solutions are certainly here to stay, but there is no way they are more secure that an office based solution. In that case you have several levels of security including phsyical security to bypass.
The security risks for Web based solutions can be made acceptable… but just using password security is fraught with danger. Just look what has happened with Internet banking and all the fraud and phishing that goes on. The banks have now added tokens, captcha’s and sms login numbers to their security arsenal because simple username passwords were so open to abuse.
Barney
http://www.net-security.org/secworld.php?id=5813
Glenn, you said ;
snip[ would disagree that web based solutions are less secure than installed software. ]
Check the link provided. If you read the PDF on this site and pages 53-56 on just the current keyloggers, spyware, trogens and all of these are risks, of course webbased solutions are less secure than installed software.. not mentioned slower and have less features in most cases.
—
snip[ The security in most small businesses is far worse than a properly managed web service. Would you rather trust a one-man band IT service company to properly secure your data or Salesforce.com? ]
Salesforce is still a web app and has all the vulnerabilities shown in this security review. Re the ONE MAN show.. if they cannot secure it get another one man. Seriously if clients what the best security they need a managed firewall approach, it is the only secure way to go in the internet age.
Remember the big problem is password access and changing them regularly. I know clients who have left one office and gone to another can still login into their account weeks after they have left.
An interesting legal point when we had a detective at our offices invited by us and the client where fraud had taken place. As the agent could not prove that he had a system of issueing and changing passwords, and therefore anybody could have had access, including the IT person.. any body could have done it. Even though there was only one person did the job, the money was missing, the transaction were dodgy.. the police would not formally charge the person.
Therefore webbased solutions you would need to change passwords every 30 days, keep a log and control all employees. OK how many offices are out their doing this ?
Also it is such a simply task to got to Google find a logger or password finder and run it on a system you want info from.
Agents need to realise they are sending their data in clear text across the web to a site. This means vendors phone numbers, address details and even price paid. Yes it is happening every day. Most times the password and user name is in clear text as well. Technically every new sales person or support person you give access to the system, and you know the staff turnover is high can go home and download all the data they like and the agent is oblivious to it.
—
snip[ How many small businesses do you think have a bullet-proof backup system and secure servers? ]
You hope the hosting company has this covered and they do not have a major staff issue which happened recently and a staff member wiped all the data because they saw a job add and thought the boss was adevertising their job. Of course after the incident they were.
Glenn Batten
Barney
It’s a bit confusing with the two Glenn’s here (although he is Glen and I am Glenn), but I justed wanted to thank you for your contribution. The pdf on that link is a great read.
You said you have been in the IT industry for a long time. Are you currently in Real Estate or are you still in IT ?
The examples I offered were how somebody could get access without any advanced computer knowledge or hacking skills. As you suggested, tools like keyloggers and trojans make password security on these web apps appear more like an inconvenience rather than an effective security measure.
I am still interested in what you believe web apps like Hubonline and others can implement to effectively increase the agents security. I nominated a few but are there any other easy ones to implement that come to mind?
Another point aligned with the whole backup and disaster recovery issue is will the company who hosts your database be their tomorrow? Many of these web apps dont allow you to backup the database to your own computers. What if you come in to work tommorrow and try and login and the website is gone?
The security of your data lies with these providers and agents need to make sure that the will be their for the next 1, 5 or 10 years that they expect to operate the database. This is where companies like Hubonline now that they are owned by the REA group will shine over other smaller operators. Everyone starts out small, even REA was started in a garage, but these smaller startups come with a higher risk that you should be aware of because the best database in the world is useless if it disappears overnight.
Web apps provide a fantastic and cost effective alternative. Hubonline is a good solution that will suit the vast majority of offices and if they fix some issues it will make a good solution a great one. This however only highlights the importance to get the security issues right. I would go so far as to say it is their responsibility, their duty. Most agents would not have a clue. In fact most agents see the security as an obstacle… till the day they need it.
Glen Barnes
I guess I was talking about security in its broader sense which is securing data. Something that includes both the theft and loss of data. I still maintain that a reliable web hosted service can do this better than most small offices.
[current keyloggers, spyware, trogens and all of these are risks, of course webbased solutions are less secure than installed software]
Spyware, Viruses and Trogans are just as bad as for installed software as they can infect the local machine making it unusable. This effective puts a DOS attack on the agents machine meaning they can’t get access to the data and are unproductive.
[Re the ONE MAN show.. if they cannot secure it get another one man.]
The thing is how do you know that they are secure? Most small businesses blindly trust their IT person and don’t know the first thing about IT (They are experts in selling things like property and not computers.) I would still put far more trust in Salesforce.com than I would in local server security. You then have one main point of failure (the login process) as opposed to many points of failure (firewall, physical access, server passwords, user passwords, fire, theft, hardware failure…)
Glenn Batten
Glen
[Spyware, Viruses and Trogans are just as bad as for installed software as they can infect the local machine making it unusable.]
The difference is, should someone get your password with an installed software they have to break into your office to be able to use it. That’s an extra level of protection. The vast majority of security issues are based around online solutions. Banking, credit cards used on online shopping, website hacking etc etc..
Nothing is perfect, and online apps hold some great benefits… some of which you have pointed out, and the other one is cost. Online apps are cheaper to roll out, therefore they are cheaper for the end users.
Unfortunatley they have one or two Achilles heels, the main one being security. The other is speed, but with broadband availability this issue seems to be reducing every year, which coincides with more and more web apps. They can’t just put their head in the sand and say it is the client’s responsibility when they know the are custodian of such a valuable commodity and in the real world basic password security just does not work.
Andy Sheats
The argument should be whether Hub, salesforce.com, MA, etc have security that is fit-for-purpose.
That a real estate professional would require consider 2-factor authentication necessary for the CRM system, and then store all of their money at Westpac, nab, ANZ or CBA — all of which rely on password access alone — should speak volumes on this question. Is it perfect? No. Is it trusted by 99% of online banking customers in Australia? Yes.
The issue you have raised on password selection and management is very valid. Stupid passwords are not secure.
The fault with separate authentication devices is assuming that people can actually carry a little usb dongle and/or RSA chip for each password they have. I can see my key ring now.
(full disclosure: I work at realestate.com.au)
Glenn Batten
Andy,
Thanks for your comments.
“Westpac, nab, ANZ or CBA
Pat Ander
RealtynaCRM
RealtynaCRM is a new entrant to the market. It is an add-on for RPL developed on Joomla CMS, is a Real Estate CRM specially designed and developed based on business processes and models required by real estate agents/brokers. It has a lot of differences with other Real Estate CRMs in the market because this CRM is tied to ‘Properties’ and ‘Website Visitors’. In other CRMs agents have to enter the information themselves for managing their own contacts. Whereas in Realtyna CRM , the website forms feed the contacts to the CRM. Normal contacts can also be added by agents.
It is on-premise, one-time-fee and for unlimited users.