At Messina Group Consulting, our BI practice is continuously advising our clients to embrace self-service BI, releasing the shackles of IT controlled data and empowering the business with data discovery and visualization. This evolution has done wonders for the business community, giving our clients the ability to conduct their own analysis on-demand, without the involvement of IT.
However, as we’ve told many of our clients when helping them craft their BI roadmaps, these new benefits of on-demand data can complicate one of the most important considerations in today’s IT landscape: Data security.
In the traditional BI landscape, data is physically controlled by IT and accessed in a much more limited fashion by the business community. Now, with the advent of self-service BI, not only do companies have data at the fingertips of a wider audience, but their users are also accessing potentially sensitive data on multiple platforms - including personal devices such as phones and tablets.
As we’ve shown many of our clients on their journey to self-service BI, this creates an interesting conundrum: designing a platform for accessibility also opens up several more avenues for data to be compromised.
Here are three best practices we’ve used to guide our clients in their data security and self-service BI journey:
More Data Security = More Hurdles
Much of your security strategy is going to be based on your industry and regulations. For example, a Healthcare provider with HIPAA regulations is typically going to have to follow a much stricter set of procedures than a company in the retail or manufacturing industry.
As a best practice, it's important to have a security strategy in place that matches the sensitivity and risk of your data. Moreover, your strategy should ensure alignment between the business and IT on the tradeoff between data protection and user restrictions. Generally speaking, the more security measures in your environment, the more painful hurdles your own users are going to have in trying to access their data.
Embed with the Right Processes
Make sure your security strategy leans on processes and awareness as much as it does software. There are all kinds of software products out there that deal with loss prevention of data on laptops, mobile devices and e-mail platforms. However, much like the BI software you’ve implemented, these products are of no use if they aren’t embedded with the right processes and procedures. Furthermore, make sure your users are keenly aware of the security procedures you’ve put in place and why.
Database Hacks vs. Stolen Laptops
Don’t discount the dangers of data loss through simple physical recovery of a laptop or a device. When we talk about data being compromised, the first instinct someone has is to think of a database being hacked or some other malicious activity, like we saw with Sony.
However, many of the issues our clients have faced in this area have had to do with a stolen laptop or someone leaving their iPad on a train, etc., which is extremely problematic if your architecture allows data to physically reside on those devices. Make sure that your users understand the importance of protecting and caring for their devices as they will inevitably end up with sensitive data on them.
Messina Group is a leading consultancy passionate about delivering comprehensive Cloud services and BI solutions to our clients. With over thirty years of experience delivering value, we have been helping fast growing SMBs reach their goals, and would love to be your trusted advisor.