In this five-part series, I’m walking you through some of the details around trusted data discovery, or governed data discovery. The goal is to get you past the mom-and-apple-pie idea of trusted data discovery, and into some specific areas you can address at your company.

In Part 1, I covered trusted sources. Part 2 instead focuses on a secure, stable, scalable platform for analytics. The business needs to be able to trust that they can get their reports in a timely manner, whenever they need them, and that only authorized consumers are viewing the reports. Not only that, but you need to make sure your valuable information is not exposed to attack.

This blog is intended to highlight the requirements you need in place to trust your platform. It’s not a deep dive of how to configure this functionality on the SAP BusinessObjects Business Intelligence (BI) platform – you can find this information on Greg Wcislo’s security series on SCN.

First: Timely Reports

The biggest key to timely reports, which includes scalability and stability, is making sure that you have an appropriately-sized deployment. How many servers will you need to support your user base? (Also, please plan for growth, because you know everyone’s going to want those sweet reports!) How much data will you be using in the reports? What kind of network connectivity can you count on? Can users refresh the data in reports?

The answer to these questions feeds directly into stability. Constantly pushing a deployment to the edges of its capabilities is pretty risky. To build momentum in your company, you need fast reports that are available.

Second: User Security

Are the right people accessing only the data they have privileges for? Are the right people security_usersviewing only the data they can? Are these user rights managed in a separate system, where duplication and user error can enter?

SAP Lumira can address all of these issues with our integration to the BI platform. Administrators can use Active Directory, LDAP, or SAP security, and manage the BI privileges via the CMS.

Data encryption is also important! Not only must the calls between the authentication methods be encrypted (you can use SSL, too), but the data that resides in CMS must also be, and is, highly encrypted.

Third: Secure the Web Tier

The web tier is often the most vulnerable area of your deployment. Lock it down!

  1. Hide the CMS information, so users can’t make mistakes and connect to where they shouldn’t be.
  2. Secure the communication channel with TLS.
  3. Protect active directory SSO passwords with a keytab!
  4. Make sure communication with the web application container server (WACS) is secured.

Fourth: Firewalls and Platform Encryption

  1. Use Federal Information Processing Standard (FIPS)-certified encryption libraries, like the SAP SAP BusinessObjects BI platform.
  2. Encrypt server-to-server channel encryption (CORBA SSL) by configuring it in the BI platform.
  3. Protect the server that contains your report content on the file system – especially where those reports are saved as PDFs. You can restrict folder access, use file level encryption, run scheduled virus scans at non-peak times, and lock down the type of content that can be uploaded to this server (to avoid executables, etc., from being uploaded).
  4. Manage the accounts. Not only should you change the default Administrator to something else, but you should be locking after too many failed attempts, and actively disabling unused accounts.
  5. Set specific port ranges or bind to specific ports to reduce risk of attacks.
  6. Lock down temporary files, which may contain some data.

For details, make sure to read Greg’s excellent blog series, and check out the BI platform space on SCN. If that still isn’t enough for you, SAP has published a whitepaper that details all of the security standards that each product must pass before release.

All blogs in this series: