securing sensitive information data security dashboards often contain the most important data in the...
TRANSCRIPT
![Page 1: Securing Sensitive Information Data Security Dashboards often contain the most important data in the company Securing that information makes business](https://reader035.vdocuments.us/reader035/viewer/2022062517/56649f275503460f94c3ec9e/html5/thumbnails/1.jpg)
![Page 2: Securing Sensitive Information Data Security Dashboards often contain the most important data in the company Securing that information makes business](https://reader035.vdocuments.us/reader035/viewer/2022062517/56649f275503460f94c3ec9e/html5/thumbnails/2.jpg)
Securing Sensitive Information
![Page 3: Securing Sensitive Information Data Security Dashboards often contain the most important data in the company Securing that information makes business](https://reader035.vdocuments.us/reader035/viewer/2022062517/56649f275503460f94c3ec9e/html5/thumbnails/3.jpg)
Data Security
• Dashboards often contain the most important data in the company
• Securing that information makes business sense
• In some instances, securing certain information is required by law or contract
![Page 4: Securing Sensitive Information Data Security Dashboards often contain the most important data in the company Securing that information makes business](https://reader035.vdocuments.us/reader035/viewer/2022062517/56649f275503460f94c3ec9e/html5/thumbnails/4.jpg)
Overview
• Securing External Access to CenterView Server
• Server-wide CenterView Settings
• Dashboard Settings
• Data Security
![Page 5: Securing Sensitive Information Data Security Dashboards often contain the most important data in the company Securing that information makes business](https://reader035.vdocuments.us/reader035/viewer/2022062517/56649f275503460f94c3ec9e/html5/thumbnails/5.jpg)
Overview
• Securing External Access to CenterView Server
• Server-wide CenterView Settings
• Dashboard Settings
• Data Security
![Page 6: Securing Sensitive Information Data Security Dashboards often contain the most important data in the company Securing that information makes business](https://reader035.vdocuments.us/reader035/viewer/2022062517/56649f275503460f94c3ec9e/html5/thumbnails/6.jpg)
Securing Server Access
• Put CenterView server behind firewall– Only allow access to http port– Only run CV in that app server
• Protect CV Admin– Run Admin on separate App Server– Firewall blocks access to Admin port– To manage CV, administrators would need to
be behind firewall, or to VPN in
• Apache instructions
![Page 7: Securing Sensitive Information Data Security Dashboards often contain the most important data in the company Securing that information makes business](https://reader035.vdocuments.us/reader035/viewer/2022062517/56649f275503460f94c3ec9e/html5/thumbnails/7.jpg)
Server Access cont….
• Run App server over SSL– Encrypts all data transfers with CenterView– Step by step instructions for installing a
certificate from a certificate authority can be found at the certificate authority’s website (Verisign or Thawte, eg.)
![Page 8: Securing Sensitive Information Data Security Dashboards often contain the most important data in the company Securing that information makes business](https://reader035.vdocuments.us/reader035/viewer/2022062517/56649f275503460f94c3ec9e/html5/thumbnails/8.jpg)
Overview
• Securing External Access to CenterView Server
• Server-wide CenterView Settings
• Dashboard Settings
• Data Security
![Page 9: Securing Sensitive Information Data Security Dashboards often contain the most important data in the company Securing that information makes business](https://reader035.vdocuments.us/reader035/viewer/2022062517/56649f275503460f94c3ec9e/html5/thumbnails/9.jpg)
Lock down CV Server DB
• CenterView Server database– Use own secured database, or– Password protect the installed postgres db
• Modify the Pgsql/data/pg_hba.conf file (Change ‘trust’ authentication method to ‘md5’, eg.)
– Change the password for the corda user: ALTER ROLE corda WITH PASSWORD 'somenewpassword';
• Change the password in the Administrator for the DF Query Cache and the Snapshot DB (and CenterView Server Database, if enabled)
![Page 10: Securing Sensitive Information Data Security Dashboards often contain the most important data in the company Securing that information makes business](https://reader035.vdocuments.us/reader035/viewer/2022062517/56649f275503460f94c3ec9e/html5/thumbnails/10.jpg)
CenterView Admin Settings
• Deploy in Production Mode
• Set HTML Console to Off– Change Console Key to something else
• Disallow displaying of status page
• Remove example dashboards (Dashboards page)
![Page 11: Securing Sensitive Information Data Security Dashboards often contain the most important data in the company Securing that information makes business](https://reader035.vdocuments.us/reader035/viewer/2022062517/56649f275503460f94c3ec9e/html5/thumbnails/11.jpg)
Named Users
• Named Users always have access CenterView Resources
• Two options for set up– Allow automatic assignment of a named user
on first login• Great when there are lots of people
– Manually select the users• May be preferred when there are a few executives
![Page 12: Securing Sensitive Information Data Security Dashboards often contain the most important data in the company Securing that information makes business](https://reader035.vdocuments.us/reader035/viewer/2022062517/56649f275503460f94c3ec9e/html5/thumbnails/12.jpg)
Self-Service Login
• Can only be used with CenterView Authentication
• Users can register themselves into the system
• Users can modify their own account identity settings– Change password– Set/Change email address– Recover password
![Page 13: Securing Sensitive Information Data Security Dashboards often contain the most important data in the company Securing that information makes business](https://reader035.vdocuments.us/reader035/viewer/2022062517/56649f275503460f94c3ec9e/html5/thumbnails/13.jpg)
Authentication Plug-in Access
• Active Directory plug-in shipped with CenterView
• Same plug-in for LDAP – may need some customization to use company scheme
• Tailor authorization to local environment by using the Auth Plugin API– Single sign-on– Business Objects– Salesforce– Directory is kept in database
![Page 14: Securing Sensitive Information Data Security Dashboards often contain the most important data in the company Securing that information makes business](https://reader035.vdocuments.us/reader035/viewer/2022062517/56649f275503460f94c3ec9e/html5/thumbnails/14.jpg)
Overview
• Securing External Access to CenterView Server
• Server-wide CenterView Settings
• Dashboard Settings
• Data Security
![Page 15: Securing Sensitive Information Data Security Dashboards often contain the most important data in the company Securing that information makes business](https://reader035.vdocuments.us/reader035/viewer/2022062517/56649f275503460f94c3ec9e/html5/thumbnails/15.jpg)
Dashboard Security
• Dashboard level access– Limit access to logged in users– Limit access to users in a specific group
• Pages and KPIs level access– Limit access to users in a specific group
![Page 16: Securing Sensitive Information Data Security Dashboards often contain the most important data in the company Securing that information makes business](https://reader035.vdocuments.us/reader035/viewer/2022062517/56649f275503460f94c3ec9e/html5/thumbnails/16.jpg)
Server Script User
• isLoggedIn()
• isUserInGroup(groupName)– Used in conjunction with ‘if’ tag, in the same
place show different kpis for each group
• isAuthorized(kpi1.kpixml)
• Demo
![Page 17: Securing Sensitive Information Data Security Dashboards often contain the most important data in the company Securing that information makes business](https://reader035.vdocuments.us/reader035/viewer/2022062517/56649f275503460f94c3ec9e/html5/thumbnails/17.jpg)
Overview
• Securing External Access to CenterView Server
• Server-wide CenterView Settings
• Dashboard Settings
• Data Security
![Page 18: Securing Sensitive Information Data Security Dashboards often contain the most important data in the company Securing that information makes business](https://reader035.vdocuments.us/reader035/viewer/2022062517/56649f275503460f94c3ec9e/html5/thumbnails/18.jpg)
Datafunnel Alias Override
• Username and password set in the datafunnel tag override the username and password set in the alias.
• An Auth plug-in could set custom variables that are the username and password for the database for that user
• Use these custom variables in the datafunnel tag to override the alias.
![Page 19: Securing Sensitive Information Data Security Dashboards often contain the most important data in the company Securing that information makes business](https://reader035.vdocuments.us/reader035/viewer/2022062517/56649f275503460f94c3ec9e/html5/thumbnails/19.jpg)
Database Access
• Business Objects – Login with BO Auth Plug-in– BO Auth Plug-in can supply groups– User in CenterView uses BO credentials in
datafunnel queries to BO Universe• Build your own report or run an existing report with
user granularity
setup
![Page 20: Securing Sensitive Information Data Security Dashboards often contain the most important data in the company Securing that information makes business](https://reader035.vdocuments.us/reader035/viewer/2022062517/56649f275503460f94c3ec9e/html5/thumbnails/20.jpg)
Database Access Cont…
• Salesforce.com– Setting up embedded dashboards in
salesforce– Privileges of the saleforce user are used in
querying Salesforce data
![Page 21: Securing Sensitive Information Data Security Dashboards often contain the most important data in the company Securing that information makes business](https://reader035.vdocuments.us/reader035/viewer/2022062517/56649f275503460f94c3ec9e/html5/thumbnails/21.jpg)
Securing Sensitive Information
• Securing External Access to CenterView Server
• Server-wide CenterView Settings
• Dashboard Settings
• Data Security
![Page 22: Securing Sensitive Information Data Security Dashboards often contain the most important data in the company Securing that information makes business](https://reader035.vdocuments.us/reader035/viewer/2022062517/56649f275503460f94c3ec9e/html5/thumbnails/22.jpg)