I apologise if this idea has already been submitted, I couldn't find it if so. Who is the feature for? Anyone that cares about data protection What is their goal? To prevent unnecessary access to personal information stored in HubSpot accounts What value will this add? By default HubSpot employees will not be permitted access to customer's data, and access granted will time out after a defined period, thereby increasing the protection of data and decreasing the risk of Bad Actors accessing data via the attack vector that is "HubSpot Employee". E.g. https://www.hubspot.com/en-us/march-2022-security-incident Examples of other places or products that have this feature? Many, however the most recent I have is Okta (user directory/authentication) Explaination Attacks via HubSpot Employee access are possible because HubSpot defaults to allowing HubSpot Employee access. This should be reversed, and the default should be OFF, with access being granted by a customer administrator only, and for a limited period of time after which it reverts to off. Currently, customers have to remember to turn this setting off, and have extra procedures to check that it is off, which is unhelpful and unnecessary. HubSpots default position should be that their employees DO NOT NEED acccess to personal data stored by Customers. Screenshots from Okta for illustration... Note: Access can be extended to a maximum of 3 days. If required the customer administrator can extend after 24 hours again (to keep a 3 day window open, it takes action rather than inaction).
...read more