At Messina Group, our BI practice is continuously advising our clients to embrace self-service BI, releasing the shackles of IT controlled data and empowering the business with data discovery and visualization. This has done wonders for the business community, giving users the ability to conduct their own analysis on-demand, without the involvement of IT.
However, as we’ve noted to many of our clients when helping them craft their BI roadmaps, these new benefits of on-demand data can complicate one of the most important considerations in today’s IT landscape: Data security.
In the traditional BI landscape, data is physically controlled by IT and accessed in a much more limited fashion by the business community. Now with the advent of self-service BI, not only do you have data at the fingertips of a wider audience, these users are also accessing potentially sensitive data on multiple platforms, including personal devices such as phones and tablets.
As we’ve shown many of our clients on their journey to self-service BI, this creates an interesting conundrum: designing a platform for accessibility also opens up several more avenues for data to be compromised.
Here are a few best practices we’ve used to guide our clients in their self-service BI journey:
More Security = More Hurdles
Much of your security strategy is going to be based on your industry and regulations. For example, a Healthcare provider with HIPAA regulations is typically going to have to follow a much stricter set of procedures.
As a best practice, it’s important to have a security strategy in place that matches and sensitivity and risk of your data. Moreover, your strategy should ensure alignment between the business and IT on the tradeoff between data protection and user restrictions. Generally speaking, the more security measures in your environment, the more painful hurdles your own users are going to have in trying to access their data.
Embed with the Right Processes
Make sure your security strategy leans on processes and awareness as much as it does software. There are all kinds of software products out there that deal with loss prevention of data on laptops, mobile devices, and e-mail platforms. However, much like the BI software you’ve implemented, these products are of no use if they aren’t embedded with the right processes and procedures. Moreover, make sure your users are keenly aware of the security procedures you’ve put in place and why.
Database Hacks vs. Stolen Laptops
Don’t discount the dangers of data loss through simple physical recovery of a laptop or a device. When we talk about data being compromised, the first instinct someone has is to think of a database being hacked or some other malicious activity like we saw with Sony.
Many of the issues our clients have faced in this area have had to do with a stolen laptop, someone leaving their iPad on a train, etc., problematic if your architecture allows data to physically reside on those devices. Make sure that your users understand the importance of protecting and caring for their devices as they will inevitably end up with sensitive data on them.