Security Blogging with Rick Epstein

For information on using APOS solutions to help you bolster and manage security, visit our more recent series of security posts.

SAP BusinessObjects Security expert Rick Epstein of ResolvIT Inc. recently co-hosted a webinar with APOS concerning Security Architecture & Management in SAP BI 4. (View the recorded webinar.) The webinar touched on many areas of SAP BusinessObjects security., including security model design and migration, data governance, and regulatory compliance. Rick will be following up on that very well received webinar with a series of security-related guest posts on this blog.

Rick's professional focus is on SAP BusinessObjects security, report and universe design, process streamlining and data consolidation -- all with the objective of helping organizations establish their SAP BusinessObjects deployment as the single source of truth for operational excellence and efficient planning. He has implemented SAP BusinessObjects security models in numerous industries, including healthcare, aerospace and defense, and manufacturing.

Why You Need to Focus on Security

Those of you who attended the webinar, or watched the recorded webinar, will know that we started out with an overview of how growing BI volume and complexity have made the work of BI platform managers and administrators much more difficult. BI volume and complexity raise many issues for system analysis, administration, storage, query management and publishing, but none is more important than ensuring that the right people -- and only the right people -- have access to appropriate information within your system.

With the increasing emphasis on mobile and self-serve BI, the roles of BI platform managers and administrators will become even more demanding. If you are one of these people, the security of your BI platform has to be very high on your list of concerns.

Our first focus is generally on the accessibility of data -- getting our data into data warehouses, moving our reports between environments, bursting reports to a wide variety of information consumers, etc. We spend so much time getting these things right that we may not fully consider what can go wrong. Worse still, we may not know something can go wrong until it does. Bringing resources to bear on the issue of security is part of the solution. The other, equally important, parts are knowledge and experience.

Topics for Discussion

Rick will start his series of blog posts by taking a deeper look at the Security Knowledge Framework. What is the Security Knowledge Framework? It is the collection of concepts and definitions that you need to understand to implement and manage an efficient and effective security model in SAP BusinessObjects. It helps you establish your security requirements and develop your security model. The first order of business is to make sure we're speaking the same language.

Future entries will drill down into areas such as:

• Security model design and implementation
• Security model migration
• Security assessment
• Regulatory compliance
• Data governance

Do you have a specific security-related question? Contact Rick Epstein at repstein@resolvitinc.com. 

Webinar Reminder: SAP BusinessObjects Data Connectivity, Sensitive DataAudit

When: Wednesday, Feb. 20, 2013 at 10 am and 4 pm ET

Learn how to mitigate growing performance and compliance risks caused by increasing BI data connection complexity and expanding regulatory requirements.

Effective control of your SAP BusinessObjects deployment depends on query performance optimization and data access accountability. But many of the processes and activities that influence optimization and accountability are typically outside of the BI environment and outside of the direct control of SAP BusinessObjects administrators and platform managers.

View a 3 min. video preview of the webinar

The time to gain control of those processes and activities is now, because you face growing complexity in your SAP BusinessObjects data access and data accountability requirements. In addition to internal query performance challenges, there are audit and monitoring requirements mandated by regulatory compliance. There is no question that these issues represent substantial risk to your organization's success and security.

In this webinar, we will discuss data connectivity issues that present a risk to every data-driven organization, including:

• Data Visibility and Control -Monitoring and Managing Data Connectivity
• Sensitive Data Auditing -Data Access Monitoring and Regulatory Compliance

The webinar will also introduce you to the APOS Intelligent Data Access Controller (IDAC), a data access, audit, and accountability solution specifically designed to help SAP BusinessObjects administrators and technicians monitor and manage BI data connections and queries.

Healthcare Regulatory Compliance and APOS Storage Center

If you are a provider or payer in US Healthcare, your world has become radically more regulated over the past decade or so, thanks to several pieces of legislation, including:

• Privacy Act of 1974
• Health Insurance Portability and Accountability Act (HIPAA)
• Statements on Standards for Attestation Engagements (SSAE 16)
• Financial Modernization (Gramm-Leach Bliley) Act of 1999 (GLBA)
• USA PATRIOT Act of 2001 (Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism)
• SOX, the U.S. Public Company Accounting Reform and Investor Protection (Sarbanes-Oxley) Act of 2002

It's a complex landscape. In no other industry is data such an important asset, and yet such a potential liability. The regulatory burden and responsibility continues to grow for both providers and payers. As a BI platform manager in the healthcare industry, you need to be proactive about data governance.

APOS Storage Center can complement your SAP BusinessObjects system and help you with regulatory compliance through the following features:

• Rules-based backup, archive, versioning, and selective restore
• Offline and online archiving
• Extract and export
• Versioning, purging retrieving Web Intelligence reports
• System performance improvements

Being proactive about data governance means not waiting until you have a problem to have a solution in place. APOS Storage Center resolves SAP BusinessObjects document instance archive, backup and restore issues before they become security and regulatory compliance problems.