Data security has been a hot topic the last few years with several major data breaches bringing the issue to the forefront of companies’ business intelligence (BI) discussions. Data security is not only important to companies but to their customers as well. This is why at 5000fish, developing an exceptionally secure business intelligence solution through Yurbi’s App Shield feature has been one of our primary goals since Yurbi’s inception.
What is Yurbi App Shield?
The companies with which we work collect ample amounts of data and use Yurbi to filter, analyze, and transform their data into digestible reports and dashboards. However, not all of a company’s data is appropriate for anyone and everyone to see.
Therefore, our customers must be able to easily assign and define users’ data restrictions within Yurbi without compromising security, which is why App Shield is such an important and powerful feature. App Shield is Yurbi’s security feature that allows customers to pull reports securely and efficiently and automatically limit them to only the information they are allowed to see.
How Business Intelligence Security Typically Works
Traditionally, business intelligence vendors hard code security restrictions at the report level. For example, if you have 10 user audiences for the same data set, the business intelligence team would pull 10 different reports with unique restrictions based upon the user profile.
This method of data security is incredibly time-consuming, especially if you have to go back and modify any of the reports – you’re not just modifying one report, but 10. Once the reports have been modified, business intelligence teams must deliver the reports in a change management process that places heavy burdens on business intelligence teams because throughout the process, they must still maintain a high level of security. Not only is this security method inefficient, but it can be incredibly expensive if your business intelligence team is not in-house.
How Yurbi’s App Shield Tackles Business Intelligence Security
App Shield is a security layer that sits underneath the entire Yurbi platform and protects all of the data within all connected data sources. App Shield allows companies to create complex security policies that relate to one or more data sources to assign field level data security for each user or group of users.
Here are the benefits of App Shield’s database-level security:
Extra security: This may sound redundant, so let us explain: App Shield’s field-level security provides more security than the typical hard coded security within other business intelligence products. Within App Shield, the security policy set for each user group applies to every task a user would perform in Yurbi, from viewing dashboards to building reports, and restricts the data to which the user has access across the entire BI platform. This means there are no back doors into data that a user doesn’t have permission to see and there are fewer chances for data leaks.
Reduction of operation and maintenance costs: Yurbi’s App Shield also alleviates operational and maintenance costs because users don’t have to make as many reports and spend as much time modifying reports since the security profile is applied to every activity performed within Yurbi. Yurbi App Shield can save a considerable amount of time when it comes to sending scheduled reports and notifications.
Increased performance of the product. Traditional business intelligence solutions use the server processing method of gathering data, where data is pulled for every user profile and the security is applied afterward. This results in repeated, large data pulls that can wear out the business intelligence system (not to mention the target database). In App Shield, the security is applied when we retrieve the data from the database. This means that for each user security profile, we don’t have to fetch giant data samples for each different report and then apply security, Yurbi only pulls what each user profile needs to see because our security profiles are embedded as a part of the initial query. This type of data pulling is easier on the database because Yurbi is pulling less data for each report, versus the same, large data sample that is pulled in the traditional processing method.
Increased flexibility. For the BI solutions that do offer field-level or data-level security models, they typically only support restrictions on the actual fields of data within the databases’ tables. Yurbi is able to go one step beyond data or field-level security and apply virtual field-level security. A virtual field is a calculation or derived value that sits on top of the master database and isn’t hard coded into the security profile.For example, if you have a database with five years’ worth of data, you don’t want users to accidentally pull data that extends five years back because that takes a major and unnecessary toll on your database. With virtual field-level security, Yurbi users can set additional restrictions, such as a 90-day data window, that apply to specific user profiles but aren’t hard coded into the master database. These virtual field-level security calculations would be applied to everything the user does and sees within Yurbi, which means the user wouldn’t accidentally pull five years’ worth of data. You don’t have to modify your database schema to create a Last 90 Days field, Yurbi can create a virtual field and apply it dynamically.
Complete audit and data governance. Yurbi’s App Shield also provides administrators complete audit and data governance, which allows them to see all of the user activity within Yurbi and maintain a pulse of what data users are pulling.
How App Shield Works
Yurbi App Shield is an administrative feature that can only be controlled or changed by Yurbi admins. The concept behind App Shield is that Yurbi admins have access to a set of security policies, and each security policy has a set of constraints or grouping of constraints that applies to a specific user group or multiple user groups. Each policy has an on/off switch, that allows for easy activation, deactivation, and testing.
Yurbi admins have the ability to set up each policy within App Shield. Admins should name and describe the policy for reference purposes and then define the policy’s constraints. Constraints are made up of four elements, which require Yurbi admins to take four actions:
Select the applications within Yurbi to which the policy will allow access. This may include one or multiple applications, such as the helpdesk application or dashboard application. If the user has access to multiple applications, the application selection process must be repeated.
Select the report types to which the policy will allow access. Once an admin selects the Yurbi app or apps to which a policy provides access, the admin will be prompted to define constraints for the report types a policy will allow to be seen. If the user has access to multiple report types, the process must be repeated.
Select the fields to which the policy will allow access. The Yurbi App controls which fields of a database to which a user has access, and App Shield adds another layer of security. The admin is able to apply criteria filters on every field in the Yurbi App which a user could use to view or build reports. By bringing in the necessary joins of tables in the database that contain the data restriction elements into each report type, users can by automatically and dynamically limited to only the information they should see. Perfect for multi-tenant SaaS environments as well as internal separation of group data.
Admins can add as few or as many field constraints as needed for each security policy, including time frame constraints, username constraints, elapsed time constraints, and more.
Select the assignment for the policy. The final step of creating a policy is choosing assignment constraints. This allows Yurbi admins to choose the group or groups of users to which the security policy will apply.[Show screen shot of group selection]These assignment constraints can also be assigned to individual people, which allow admins to overlap security constraints in an effort to adopt the maximum-security position with the Yurbi App.
Once the admin hits “finish,” the security policy is created. If the admin must add the security policy to additional apps or reports, the admin will need to edit the policy and go through the constraints process for each additional app or report type. This process allows the admin to apply one security policy to multiple apps and report types, which is a big time-saver for Yurbi admins.
The Bottom Line
Yurbi was built from the ground-up with business users in mind, which has allowed us to build an incredibly secure and functional product. Yurbi’s App Shield is a powerful tool that enables Yurbi users and administrators to tailor data pulls to each individual user profile, while maintaining very tight security. This means IT and the Security team can rest easy and know that their data is safe.