The Skinny on BI Security – A Refresher

Share on LinkedInTweet about this on TwitterShare on FacebookShare on Google+

Organizing, managing and analyzing data is a fundamental part of running a good business. Securing that data should be of main concern, regardless of your companies’ size or industry. It is important to ensure that member’s of your organization can easily access the data they need, but with that access must come safeguards.

When was the last time you took a good long look at the security of your BI tool? Ok, how about the last time it even crossed your mind? It’s fairly common to assume that the security provided by your BI software is on point, but we all know what happens when you assume…

With repercussions ranging from minor performance issues to serious security breaches, it is important to know the key security features to look for when purchasing a BI tool.

Unauthorized access to data could simply be an irritant, for example a West Coast Sales rep that somehow gets all the data for the East Coast. It’s not the end of the world, but wasting time slogging through unnecessary information definitely won’t help that rep, or the company. Time is money, as the old adage goes, and in this economy who has money to spend wasting time?

Improper security could also lead to far worse things than inefficiency. What would happen if a disgruntled employee suddenly had improper access to proprietary sales information? And leaked it all to, say, a competing software developer?

BI security is in place for a reason: to keep your data safe, and ensure that it is efficiently disseminated to the proper users. There are two modes of doing this: authentication and authorization.

Authentication is a means of ensuring that the user is who they say they are. A person in the marketing department should not be able to sign into the system as the CFO. It is important to check that your software comes with built in authentication capabilities, as well as being able to support external ones. Single sign on is fairly standard right now, but with the efficiency it provides it is important to make sure. FOSS software, for example, often comes without any security, so you just want to make sure you are not taking the inclusion of a critical feature for granted without confirmation.

Authorization establishes what data the user can see and run based on their established role.
There are five ways to do this.
• The first is ‘permissions.’ This title is basically self-explanatory. The user can only view the resources, catalogues and templates which are of interest to them (i.e., for which they have permission.)

Once you have taken care of permissions, you can proceed in four ways:
• With parameters, where the application can automatically pass parameters based on the user’s role – sales region, product line etc. This means that one report template can be used by a range of users within an organization.

• A catalogue can be built with Row Level Security, a metadata based security method. Here, the query is limited based on the role permissions built into the catalogue.

• Report Bursting is an alternative to the above security techniques. Bursting can similarly limit the data available to users, but requires fewer DBMS and server resources. With report bursting, data from a single query can be used to create distinctive reports.

Some BI tools, such as Inetsoft, only support single hierarchy bursting, for example, bursting a credit card report to a company. Others, like Jinfonet Software’s JReport, support bursting on multiple hierarchies, so the credit card use could be broken down specifically by employee, as well as providing the CEO with a comprehensive statement.

• Another important security feature is Page Level Security. Page Level Security allows you to organize data into groups; the report is then divided into corresponding pages. The user’s role then determines what pages of the report result are visible to the user.

Greg Harris, a 30 year veteran in Business Intelligence, recently put out a whitepaper with an in depth dissection of what security in BI should really consist of. For a comprehensive discussion on these security features, as well as other crucial aspects of BI software security, click here: JReport Security White Paper.

Greg is also hosting a Webinar, “How are you Protecting your Data?” on June 9th.  (Note: This webinar is now available in our On-Demand Webinar Library)

When choosing your BI reporting software you want to ensure that it will support, not hinder, your decision making process. Ask questions, and really look at what the tools are offering. Do they include the above features? Do they come out of the box, or for an additional cost? JReport is the only tool that includes all of these essential elements without additional fees.

Many commercial open source software companies seem to take care to avoid mentioning security at all, let alone offer a description of precisely what features a consumer is actually getting when purchasing their product. Finding out exactly what safeguards are supplied shouldn’t be like trying to find a needle in a haystack.

Today it’s time to shake off complacency. Take a page out of the Boy Scout book and ‘be prepared!’ Or at the very least actually ensure that your BI tools’ security is up to par.

-Samantha Small

Share on LinkedInTweet about this on TwitterShare on FacebookShare on Google+

Leave a Reply

Your email address will not be published. Required fields are marked *

Test * Time limit is exhausted. Please reload CAPTCHA.