How to Securely Share Analytics
by Tony Rosa, on Oct 22, 2021 1:32:02 PM
October is Cybersecurity Awareness month. The goal is to raise awareness about ways people can be more cyber secure in their lives, especially as it relates to the work we do.
Cybersecurity is crucial for organizations no matter the industry. In the world of data and analytics, and when building applications and dashboards, security must be baked into every aspect from the data sources and systems to the platforms and tools. In fact, ensuring data security is paramount, as cyber criminals are constantly looking for vulnerabilities that will give them access to your data.
To gain insights to drive business decisions, companies invest a lot in building analytics applications and dashboards, which serve up what teams, partners and customers require. In order to help organize and secure these analytics investments, many organizations provide a curated catalog of analytics content and data to internal and external users. These catalogs help increase the value of B2B and/or B2C relationships by enabling fast and secure access and collaboration that leverages user identities.
User identity management, also known as identity and access management (IAM), is a critical discipline for verifying user identities and the level of access they have to a specific dashboard, application, platform or system. IAM includes both authentication and access control, which are required to secure data.
Using validated identities, teams can control access to an analytics catalog within an organization. This can be done securely and economically across business entities without creating new burdens for IT and also minimizing changes to existing identity processes such as Joiner Mover Leaver (JML).
Over the years, additional security protocols have been built into technology platforms. For example, changes to cloud capabilities within Azure and Amazon Web Services (AWS) allow for a streamlined federation of user identities for internal corporate users and external users such as affiliates, consultants, contractors, strategic partners, etc. Federated identity management is a method of linking a user's identity across multiple and separate identity management systems, which allows users to move quickly from one system to another while maintaining security. Single sign-on (SSO) is one form of federated identity management, which allows users to input a password one time and then work in multiple applications and systems without having to log into each one separately.
If you are planning to share analytics and applications with external partners and customers, there are additional security aspects to consider. Be sure to review the checklist below before opening your systems to external users.
- Understand your data security model – Role based access control (RBAC) models for row and column security must be reviewed.
- Understand the data classifications – Are you exposing Protected Health Information (PHI) or Personally Identifiable Information (PII)? Has the data been de-identified?
- Ensure security compliance and general JML processes are current – In most cases, existing processes will support external users with some minor changes, but they must be validated.
- For your cloud services, understand the current Identity and Access Management architecture. Does it support federation? If not, make sure you know the options and alternatives to keep your system secure.
- Are your analytics solutions licensed appropriately to support external use?
When it comes to managing data and analytics security across teams and organizations, identity federation is not the only approach. There are alternative methods for sharing analytics. One example is the use of custom web portals for external users. These solutions can be configured to deliver analytics with most web-based solutions. Many options also exist to support embedded content from Qlik, Power BI, Tableau, and Looker. These options depend on your cloud security architecture, and most involve some middleware layer to support custom authentication and integration to your existing IT infrastructure.
Many analytics and application developers use free or shared code sources, and it’s important to note that the security of these shared sources rests with the consumers and users. So, while it may seem simple to download and deploy sources from GitHub, you will need to ensure that what has been developed is truly secure and has no known vulnerabilities. Failing to test for security vulnerabilities exposes the organization to potential security breaches. Therefore, testing and third-party security assessments are a MUST.
Understanding the existing security architecture at your organization is vital to identifying cybersecurity risks, requirements, and resources. Most businesses have heavy investments in security and tools to protect their systems and applications. Altering these tools requires the ability to clearly articulate the changes needed while minimizing disruption to the existing technologies and processes that run the business. When leveraging clouds based in AWS and Azure, the federation capability is either built-in or can be added to your existing subscription. However, you may have to do additional work for hybrid clouds with on-premise and public clouds. For hybrid needs and cases where legacy challenges exist, Axis Group leverages Fuse to address unique scenarios where a business unit has a security need and wants to augment their existing enterprise approach. Dealing with security around legacy analytics tools can be a challenge, but you have options!
To learn more about Axis Group’s Security and Integration Services Offerings, click here.
Axis Group delivers data and analytics consulting services and innovative solutions to enterprises and government organizations. Axis Group meets companies where they are on their digital transformation journeys in order to help them achieve their data and analytics goals. Axis Group delivers data visualization, greater data literacy, and drives analytics adoption to enable self-sufficiency resulting in smarter teams and better business outcomes. Axis Group combines business acumen, leadership, and industry-specific experience with technical expertise to tackle the toughest data problems. Axis Group is the Enablement® company.
With 25 years of experience, Tony Rosa has engaged in the architecture and implementation of Analytics and SOA solutions. He leads our managed services team, supporting operations and engineering. Before joining Axis Group, Tony held positions in IT management at Nielsen Beverage Data Network, a leading provider of Beverage Alcohol Depletion and Retail Sales data, and IT professional services at Critical Path, part of OpenWave Messaging, a messaging, security, and identity management solutions company.