Wednesday, June 12, 2019

Managing SAP BI Security – Sensitive Data Governance

Managing security within your SAP BI deployment is hard enough, but you also have to be concerned with your deployment's periphery, and its relation to external data sources.

The APOS Intelligent Data Access Controller (IDAC) extends the BI administrator's control of data processes beyond the BI system to the data sources themselves. IDAC gives you the ability to monitor and manage queries from your BI system to all of your enterprise data sources.

New and evolving regulatory requirements create additional complexity for BI platform managers and administrators. To meet these requirements and overcome complexity, you need to take a proactive approach to data access, audit and accountability within your SAP BusinessObjects deployment. You need to know who is doing what, where, and when.

IDAC is an intelligent, data source agnostic solution that can vastly improve the ability of BI platform managers, administrators and technicians to exert control over data and data access across multiple applications, operating systems, and data sources and types. This solution helps you manage and audit data access and activity across technologies, while improving system performance, information security, data privacy, and regulatory accountability.

Flagging Sensitive Data
When you are reviewing the security of your BI system, sensitive data deserves special consideration, especially in industries such as financial services and healthcare, where the security and privacy of data is highly regulated. BI platform managers and administrators need to be able to track user access and report on it to the appropriate regulatory and internal governance authorities when necessary. Unauthorized access constitutes a data breach, regardless of intention, and regardless of whether it is external or internal.

One of the key features of the IDAC solution is the ability to track specific fields. For example, in a healthcare environment, you can set up alerts to be triggered by a query against a Patient ID. This is particularly useful, because under HIPAA a patient has the right to know who has accessed their health records. A query to the IDAC database can give you this information immediately. You can also use the data from the IDAC database to analyze user behavior over time.

Friday, June 7, 2019

Managing SAP BI Security - Data Distribution Governance

BI publishing answers a very complex question that many organizations are currently facing. The question is this: how can an enterprise cope with an exponential growth in data, data types, and data sources, meet expanding regulatory requirements, cater to increased stakeholder communications needs, and manage security, privacy and other risks ‑ all while reducing costs and increasing shareholder value?

Part of the objective of implementing distribution technology is to maximize ROI, competitive advantage and stakeholder value, while minimizing risk.

The information-intensive nature of modern organizations, along with the complexity of the regulatory landscape, make the collection, generation and distribution of enterprise information critical. The right information has to get to the right recipients at the right time and in the right format.

APOS Publisher
The APOS Publisher solution helps enterprises using SAP BusinessObjects in complex publishing scenarios to execute tightly controlled document production, publishing and distribution workflows. Using Publisher's advanced bursting, automation, workflow monitoring, interactive process control, assured delivery, and enhanced distribution, encryption, and integration capabilities, enterprises can reduce risks, increase the ROI on their BI system, and build stakeholder value.

APOS Publisher for Cloud
APOS Publisher for Cloud takes lessons learned from BI publishing and applies them to SAP Analytics Cloud. It automates processes for bursting personalized SAP Analytics Cloud stories to end users. Dynamic, security driven processes with strict filters provide SAP Analytics broadcasting capabillities and help administrators ensure users receive only the data to which they are entitled.

Thursday, May 30, 2019

Salesforce Live Data Connectivity for SAP Analytics Cloud

APOS is happy to announce that the APOS Live Data Gateway now provides live data connectivity between SAP Analytics Cloud and Salesforce.

Salesforce is a widely used CRM system, with a reported 150K+ customers globally. Clearly there is an immense amount of critical data in Salesforce that needs to be incorporated into a comprehensive analytics strategy. SAP Analytics Cloud, combined with the APOS Live Data Gateway, can now take advantage of Salesforce data without the need for data replication or bulk data movement. Simply connect live from SAP Analytics Cloud to Salesforce, and leverage the data from where it currently resides.

Live data connectivity means:
  • Data never leaves the firewall
  • No data movement, data replication, or duplication in data modelling
  • No duplication in security modelling
  • Data is always current
  • No data limits

Contact APOS to learn more about how you can make a live connection to Salesforce from SAP Analytics Cloud.

Wednesday, May 29, 2019

Managing SAP BI Security – Safeguarding Content

The integrity of your BI content is paramount, not just for purposes of analysis, but also for purposes of governance and compliance. To secure your content and protect its integrity, you need to implement a robust system content storage strategy.

APOS Storage Center is your electronic vault for SAP BusinessObjects report objects and document instances. Its backup, archive and selective restore capabilities make it invaluable to organizations concerned with the integrity of their document instances. The proactive use of Storage Center is a preventive BI best practice for the prevention of problems and the timely resolution of issues.

Use APOS Storage Center to:
  • Back up objects with versioning
  • Preserve documents for long-term availability & information governance
  • Automate system content cleanup with business-rules driven, intelligent system purge
  • Promotion, system replication & simplified management workflows
  • Implement a Disaster Recovery Plan for disasters of all sizes

Managing SAP BI Security – Bulk Security Administration

APOS Administrator is a high-performance SAP BI administration solution, and provides bulk administrative capabilities for all SAP BI system objects, so it can play a key role in helping you to optimize your SAP BI security structure.

The security of the reports in your BI system is of prime importance, and bulk object management via APOS Administrator presents a streamlined approach to security administration.

Working on Security settings in the Central Management Console, one folder at a time, can be a daunting task, and it’s easy to miss a setting, or forget a folder, and it’s very easy to click the wrong radio button.

Use the Security Management component of APOS Administrator to select groups and folders. These groups and folder then appear in a matrix that allows you to view and assign the required security settings. In addition to assigning the basic built-in security roles, you can also assign any custom roles that you’ve created. Even individual security settings can be Granted or Denied if required.

After making modification to your folder security, you can easily test the security by using APOS Administrator's User Impersonation feature to log in as an affected user to ensure that they will see the folders that you have enabled for them in the security settings.

In summary, you can use APOS Administrator to:
  • Administer and document security
  • Administer and document content
  • Manage and compare multiple environments
  • Perform centralized bulk management of:
    • User preferences
    • Security
    • Users
    • User groups
    • Limits

Managing SAP BI Security – Audit & Analysis

Security starts with knowledge. You can't manage what you can't see. APOS Insight is designed to provide deep visibility into your SAP BI deployments, giving you the knowledge you need to overcome their growing volume and complexity.

Your BI team is tasked with seemingly conflicting objectives: to distribute information and to safeguard information. You need to get the right information (and only the right information) to the right people (and only the right people). The key to reconciling these objectives lies in developing a granular view of your security structure, and monitoring that structure for changes, whether planned or unplanned.

Our first focus is generally on the accessibility of data -- getting our data into data warehouses, moving our reports between environments, bursting reports to a wide variety of information consumers, etc. We spend so much time getting these things right that we may not fully consider what can go wrong. We may not know something can go wrong until it does. Worse still, we may not know that problems have occurred. Bringing resources to bear on the issue of security is part of the solution. The other, equally important, parts are the development of deep system knowledge and the application of that knowledge in a systematic manner.

APOS Insight Audit
Form an accurate picture of all security elements and compare periodic snapshots to determine when security modifications were made and (by combining Audit data) by whom; monitor regulatory compliance requirements. By using the metadata collected by the APOS Insight solution, you can quickly report on the security settings that exist in your system. This functionality can be useful when you need to provide proof of security when dealing with regulatory agencies.

APOS Insight History Mode
Good governance is a function of the good security provided by strict metadata audit and management. APOS Insight's History mode gives you the power to track all changes to report objects over time, supporting your change management workflows, and letting you demonstrate the provenance of reports and control objects for better governance and compliance with regulatory requirements (e.g.: for SOX). change management

Thursday, May 16, 2019

Managing SAP BI Security – Overview

Setting up SAP BI security for a new deployment is relatively straightforward. If you keep some important principles in mind, and understand fully the impact of each decision, your defined security model should be adequate to the task.

However, as your BI deployment grows in volume and complexity, the task of managing your security model is far from straightforward, and it gets more and more difficult to keep up with the job using just the SAP BI administrative toolkit:

  • Knowledge of your system is vital to its wellbeing, and you need to develop deep awareness before you can commit to appropriate courses of action
  • Change is rapid, and you need to respond rapidly by managing change in bulk operations, rather than one at a time. You need granular control to apply your newly found deep system knowledge.
  • Content is value, and you need to ensure you safeguard this value for compliance and governance.
  • Content distribution is the whole point of a BI system, and you need to ensure this process is securely governed.
  • Data can be sensitive, and you need to ensure it is used appropriately, and that you know by whom it has been accessed.
  • Your BI system exists to serve its users, and you need to be able to audit, analyze and understand the behavior of those users to ensure they are getting what they need, and that they are not abusing the BI system in any way.
This post begins a series exploring these aspects of managing SAP BI security, including: