Just in case you weren’t aware, cybersecurity is a BIG deal. With so much data being collected, transferred, stored and analyzed these days with powerful software like Power BI, it’s vital that organizations know how that data is being protected and if it’s not- the steps that need to be taken to protect it properly. According to the Symantec 2019 Internet Security Threat Report, in 2018, more than 70 million records were stolen or leaked from poorly configured S3 buckets. Off-the-shelf tools on the web allow attackers to identify misconfigured cloud resources. The report also stated that attackers also increased their use of methods, like spear-phishing, to infiltrate organizations. While intelligence gathering remains their primary motive, attack groups using malware designed to destroy and disrupt business operations increased by 25 percent in 2018. Can your organization just absorb the loss of millions of dollars worth of lost or stolen data? Probably not…so let’s take a look at the factors that need to be considered when you’re working with a lot of proprietary data and what software – like Power BI- does to comply with those strategies.
1. Data Encryption
This is Cybersecurity 101- data encryption is so important, especially when it’s in transit. All of the data that is transmitted by Power BI is encrypted using HTTPS to connect from the data source to the Power BI service. Once a secure connection is set with the data provider, THEN the data crosses the network. According to Gemalto’s Breach Level Index, a global database that tracks data breaches, during the first six months of 2018, the equivalent to 291 records were stolen every second- 99 percent of those records weren’t encrypted. When you’re working with business intelligence software like Power BI, data encryption is absolutely necessary in this world that has gone digital. Taking it a step further, Power BI also encrypts the cached data and is stored in Azure SQL Database. The pinned visuals in the Power BI dashboards are also encrypted and cached in the same database. In Power BI, data is either at rest (data that is not being used) or data is classified as in process (data that is being worked with or updated).
2. Security Compliance
Checking to see if the software you’re working with is compliant with national and regional requirements in regards to data collection and usage is another factor that needs to be considered. Power BI uses two primary repositories for storing and managing data- the Azure BLOB storage and Azure SQL Database. When authenticated users are connected to the Power BI service, the connection or any request is managed by the Gateway Role/Azure API Management, which in turn interacts on the user’s behalf with the rest of the Power BI service. This allows organizations to keep databases and other data sources within their network on-premises in a secure way while using that data in reports and dashboards. Power BI offers two types of gateways- one that allows one user to connect to sources that cannot be shared with others and another that allows multiple users to connect to multiple on-premises data sources. The on-premises data gateway is a local service that is registered with the Gateway Cloud Service through Azure Service Bus. Think of the gateway as your security checkpoint at the airport.
3. Controlled use of administrative privileges
When working with BI software, not only do we need to consider what kind of data we’re collecting, but organizations need to keep track of WHO exactly has access to that data. It’s important to know how to work with your software to ensure that only the people who absolutely need access to that data have it. In Power BI, you can provide access to Power BI artifacts to certain people within the organization and restrict views of data within reports and dashboards to specific users. This feature is absolutely necessary when users may be creating different reports for different people or clients. Not having a solution like this is a recipe for having that information fall into the wrong, unreliable hands. For example, once a dataset is published to the Power BI service, the owner assigns users to certain roles. Brilliant! Keep that list short.
In Power BI, you can enable row-level security in reports so based on the credentials of each user logging in, you can set the data they will see. Pretty nifty huh? Keeping data secure is more than just keeping it from external hackers. A lot of the breeches are due to internal employees not following best practices and not managing that data properly within the organization, so it’s best to keep access to certain information as limited as possible. Users can enable row-level security in Power BI reports by using the user tables in the model and the USERNAME or USERPRINCIPALNAME functions in the DAX expression when creating security roles. Once those parameters are set, the Power BI service passes the credentials of the user logged into the service and viewing the report or dashboard to the function and uses that value to filter the data.
4. Vulnerability Assessments
In order to protect the data you’re collecting and storing, it’s especially important to understand where the weaknesses are and how to mitigate them. Implementing a commercial vulnerability management system is imperative to a cybersecurity strategy. Just because you start out with decent cybersecurity measures in place- one can only assume that operations within an organization are subject to change, people within the organization may come and go, etc…so it’s important to check in on how secure your software is and if any adjustments need to be made. While software might have a number of provisions in place to secure that data, if an authenticated user is not using best practices and not careful, they could be potentially leaking that proprietary data without knowing it. For example, if a person who has the proper credentials connects to data sources and then shares a report or dashboard that includes that data, unauthenticated users will now have access to that data report.
5. Train your workforce
As previously mentioned, software can safeguard data by holding data behind certain gateways and holding access for certain users, but if those users aren’t trained to use that software and handle that data properly, then you’re leaving your organization and data very vulnerable. Make sure your workforce is aware of your data protection policies and what they need to do to keep that data secure – especially if you’re working with data in the cloud and on-premise. For instance, you might want to have a pow-wow with that co-worker who likes to connect to their local Starbucks’ Wi-Fi and has their password set to “password.” It would give any IT person heart palpations for days. Working with powerful software like Power BI requires training in order to use it properly and securely. It will make or break your organization.
With cybersecurity becoming a growing issue, it’s important to be aware of what and how the software you’re utilizing is protecting your data. Over the last 5 years, security breaches have increased by 67 percent, according to Accenture’s global survey- that’s huge. As cyber crimes become more advanced, it’s not a matter of if it can happen (because they can) it’s a matter of when and what measures you have in place to mitigate or block certain attacks. Cybercrime damages are anticipated to cost businesses $6 trillion annually by 2021, according to the 2019 ACR from Cybersecurity Ventures. That’s not a number to take lightly.