SISENSE SECURITY OVERVIEW

Similar documents
More information for FREE VS ENTERPRISE LICENCE :

Primavera Analytics and Primavera Data Warehouse Security Overview

The world s most widely deployed digital workforce platform

INTEGRATING PING IDENTITY SOLUTIONS WITH GOOGLE IDENTITY SERVICES

Tascent Enterprise Suite Multimodal Biometric Identity Platform

Utilizing Oracle Standard Functionality and other Oracle tools to comply with Sarbanes- Oxley By Olga Johnson City of Detroit

Get The Best Out Of Oracle Scheduler

HP TRIM and Microsoft SharePoint Optimizing Secure Information Flow and Compliance

Centricity 360 Suite Case Exchange Physician Access Patient Access

SIMPLE FUND 360: AN AUDITORS GUIDE. Australia s leading cloud SMSF admin solution AN AUDITORS GUIDE.

Microsoft SQL Server 2000 Reporting Services

Version 4.6. CMS Online Quarterly Release Notes. October Copyright 2017 International Human Resources Development Corporation

DocuLynx Mercury Web Seamless Access to Document Archives

Simplify the way you manage and track your projects. Enabling organisations to create positive impact

White Paper. Embedded Reporting, Dashboards and Analytics in. OEM/SaaS. Applications

Secure information access is critical & more complex than ever

Setup the demo application according to the instructions included in the SSO-JWT Starter Kit located in the readme.md file.

Ellucian CRM: platform overview

SIMPLIFYING BUSINESS ANALYTICS FOR COMPLEX DATA. Davidi Boyarski, Channel Manager

Delivering Governed Self-Service BI across the Enterprise

FINACLE SERVICES: API MANAGEMENT USING CA API GATEWAY

TOP 20 QUESTIONS TO ASK BEFORE SELECTING AN ENTERPRISE IAM VENDOR

The Leading Low-code Application Platform For Modern Work Management

Sisense. Product Highlights

Believe in a higher level of IT Security SECUDE Business White Paper. How to Improve Business Results through Secure Single Sign-on to SAP

Supercharge your Financials Planning Analysis and Close Reporting with Mobility

An Introduction to Oracle Identity Management. An Oracle White Paper June 2008

Enterprise Product Features

SaaS Under the hood. Craig Taylor (Director - Cloud Transition & Enablement) Daniel Sultana (Director - Cloud Services & Experience) 10 May 2018

Who is Databricks? Today, hundreds of organizations around the world use Databricks to build and power their production Spark applications.

IBM Content Manager OnDemand on Cloud

MANAGE THE LIFECYCLE OF EVERY DIGITAL USER

Basic. $5/user per mo.

BlackBerry Offerings for Desktop Windows 10 and macos

BS&A Software Application Design Approach

Customized Client Onboarding for Clearing Firms with OpenAdvantage From Doxim

The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into

Case Study. foodpanda

MicroStrategy CTO newsletter

IBM System Storage. IBM Information Archive: The next-generation information retention solution

Workspace ONE. Insert Presenter Name. Empowering a Digital Workspace. Insert Presenter Title

Prepare for GDPR today with Microsoft 365

Enterprise Mobility: Are You Ready?

STREAMLINING USER PROVISIONING WITHIN JIVE USING ACTIVE DIRECTORY

Ensim and the Ensim logo are registered trademarks of Ensim Corporation. All other trademarks are the property of their respective owners.

GDPR COMPLIANCE: HOW AUTOMATION CAN HELP

DAM Requirements Checklist

Oracle s Hyperion System 9 Strategic Finance

IBM Case Manager on Cloud

An Introduction to AHEAD s. Azure Governance Framework

Oracle Policy Automation The modern enterprise advice platform

Security solutions White paper. Effectively manage access to systems and information to help optimize integrity and facilitate compliance.

Wonderware InBatch 2012 R2

Know Your Customer Limited INFRASTRUCTURE & SECURITY OVERVIEW (IS) V1

Wonderware InBatch 2012 R2

IBM Datacap on Cloud

OIC LLC is our Oracle Partner name. It stands for Oracle Independent Consultants (OIC) LLC.

Xerox DocuShare 7.0 Content Management Platform. Enterprise content management for every organization.

Key Benefits of Novell ZENworks 10 Configuration Management. Enterprise Edition

The Guide to Securely Boosting In-App Engagement: Enabling powerful real-time communications between your users, machines, and IoT.

INTEGRATING HORIZON AND CITRIX APPS IN A DIGITAL WORKSPACE

INITIAL ENTERPRISE CHALLENGE:

Integrating Configuration Management Into Your Release Automation Strategy

Top. Reasons Enterprises Select kiteworks by Accellion

INCREASING YOUR LABORATORY PRODUCTIVITY

Thru. Secure File Sync And Share - For The Enterprise

WHY COMMERCIAL REAL ESTATE FIRMS ARE EMBRACING OFFICE 365. Find out how out-of-the-box Cloud services in Office 365 can help you grow your practice

BUSINESSOBJECTS EDGE STANDARD

SECURE MOBILE USERS PLANNING - MOBILE DEVICE MANAGEMENT (MDM) SCENARIOS COMPARISON

WebFOCUS 8: Technical Overview

This module introduces students to cloud services and the various Azure services. It describes how to

OSS TENDER PORTAL MANAGEMENT SYSTEM (ASP.NET)

Simpler Enterprise Interoperability with Acendre Cloud

Turn your conversations into memorable conversations by learning how to showcase Dynamics CRM Online value proposition to Technical Decision Makers.

Executive Summary WHO SHOULD READ THIS PAPER?

Atlant s atwatch CAPA TM. Corrective and Preventive Action System (CAPA) Product & Services Bundle for

Super Schlumberger Scheduler

Anywhere Access to ERP Applications with Parallels RAS. White Paper Parallels Remote Application Server 2018

2015 IBM Corporation. IBM BigFix Inventory. Advantages of migrating from Software Use Analysis 2.2 to BigFix Inventory 9.x

Title: Introducing Enterprise Discovery 2.1 Session #: 537 Speakers: Matt Schvimmer, Matthew Darwin Company: HP

Do More with Complete Mobile-Cloud Security from MobileIron Access

100 Hamilton Avenue Palo Alto, California PALANTIR GOTHAM. Upholding Data Protection Regulations in the European Union

HP Network Automation 7.2 Fundamentals and Administration

SSL ClearView Reporter Data Sheet

Results Software FAQ. July Mass Ingenuity LLC Pearl West 1455 NW Irving Street Suite 200 Portland, OR massingenuity.

Stuck with Power BI? Get Pyramid Starting at $0/month. Start Moving with the Analytics OS

Systems Management of the SAS 9.2 Enterprise Business Intelligence Environment Gary T. Ciampa, SAS Institute Inc., Cary, NC

Real BI in SharePoint 2007 using XI 3.0. Jose Hernandez Dunn Solutions Group

ALGORITHMIA ENTERPRISE SECURITY & COMPLIANCE OVERVIEW

Bluemix Overview. Last Updated: October 10th, 2017

Split Primer. split.io/primer. Who is Split?

DAT 100 Microsoft s s Data Platform Vision

Read on» Service Definition OnBase Cloud Document Management

IBM Case Manager on Cloud

Transcription:

SISENSE SECURITY OVERVIEW 2017

Introduction Security is a critical component of all information technology, but is especially important for Business Intelligence solutions. BI solutions are commonly used to view highly sensitive information like company finances, payroll, sales data, even personally identifiable information. When a BI application stores or accesses such sensitive data, it is critical that only the right users can see the right information. Sisense prioritizes data security in our product development and support processes to make sure that organizations can always safely deploy and manage the solution. Organizations often struggle with a tradeoff between security and the complexity of implementation and maintenance. Sisense addresses this challenge with a combination of robust security built into the product and customization options that make it easy to fit an organization s unique security needs. Sisense s out of the box security functionality helps organizations deploy quickly in accordance with their best practices. Built from the ground up with an API framework, Sisense also provides programmatic access to all security functions in order to reduce or eliminate the complexity of customization. This helps businesses easily scale their own security policies across users and data. Sisense s approach to security encompasses four main categories: Process level security: the procedures, tests and controls used to ensure the highest levels of data security. System level security: user management, authentication and permissioning for the entire Sisense application. Object level security: the features provided for controlling access to different solution components. Data level security: features relating to granular control over exactly what data within the data source(s) is viewable by certain users.

Process Level Security Sisense adheres to industry standard security practices to ensure that high levels of security discipline are followed throughout our development and support processes, so that organizations can easily implement and manage the solution safely. The main security standards we follow are: The Secure Development Life Cycle (SDLC) methodology with full security reviews. The DREAD methodology for classifying system vulnerabilities. Annual security audit and penetration test, performed by an external review company following the OWASP Testing Guide V4 for product security testing. The Sisense solution is tested regularly in accordance with the OWASP Testing Guide V4 industry standard including the following domains: Information Gathering Configuration and Deployment Management Testing Identity Management Testing Authentication Testing Authorization Testing Session Management Testing Input Validation Testing Error Handling Cryptography

Business Logic Testing Client Side Testing Sisense takes all security issues seriously and quickly responds to all verifiable problems. Following the audit process, Sisense addresses all high risk vulnerabilities in the next release and medium risk vulnerabilities within two quarters. System Level Security System-level security encompasses role-based access options. This includes user and server management, connection to an active directory, Single Sign-On (SSO), and the security REST API. User and Group Management Organizations can assign one of three primary roles to Sisense users or groups: Viewers: Can access and view dashboards Designers: Can create and edit dashboards Administrators: Can create users and user groups, set up Active Directory, and more. ElastiCube Server Access Rights Organizations can assign access rights to different ElastiCube servers for individual users, groups or to everyone. Active Directory An organization s Active Directory can be leveraged to reduce deployment time by applying existing security policies and sharing properties to the Sisense application. Single Sign-On (SSO) SSO facilitates seamless integration between Sisense and other systems while offering standardization of authentication policies. Sisense can integrate with either SAML 2.0 or JWT based SSO.

REST API The REST API provides the ability to automate and customize system security settings to fit a particular environment and security policies. The API can be used to integrate and automate restrictions and access control based on rules and standards, as well as to specify access rights and security to dashboards, ElastiCubes and data. The API can also be used in user management to create, edit and assign new users or groups. Encryption The Sisense web interface fully supports encryption using standard SSL to ensure privacy and security. Sisense encryption is compliant with the Federal Information Processing Standard (FIPS 140-2). Sisense encrypts sensitive information such as account credentials and authorization profiles for Sisense and for data source connections before writing to disk. Sisense uses the following encryption algorithms: SHA-256, Triple DES, AES-256. Operating System based disk encryption, Windows file system encryption - Transparent Data Encryption (TDE), can be used for encrypting data at rest. When using Windows transparent encryption, the key pair (private/public) is bound to the user identity. Data imported into and retrieved from Sisense can also be encrypted. For data import into Sisense, the import protocol depends on the protocols supported by the data source. Sisense also supports SSL for data movement from the Sisense Web Server into the user s the web browser. Object Level Security Object security defines access rights for different users and groups to various components within Sisense. The two main objects are Dashboards and ElastiCubes. Dashboards Dashboards can be shared on either a user or group level. Admins can configure access rights for all users and define which designers may edit a Dashboard.

ElastiCubes Access rights for different ElastiCubes can be defined on a user or group level. This provides flexibility to create ElastiCubes for specific user or group with strict access control. Data Level Security Sisense enables precise control of the data that users can see. With Data Level Security, a single dashboard can be shared with many users, with each viewer accessing only the data they have permission to see. This not only provides finegrained security, but reduces development time because replicated dashboards do not need to be built or adjusted independently. Row Level Security User and group permissions can be set to view specific rows in the source data. For each ElastiCube, multiple rules can be applied to enforce granular access control. Row Level Defaults Security Defaults can be used to automate rules that make certain data accessible to specific users or groups. For example, a default can be set so that new employees can only access a restricted data set until they are added to relevant groups. This feature provides organizations a custom, scalable method of applying security across their entire user base. Summary Strong security is critical for enterprise software, especially with applications that store or access highly sensitive data like Business Intelligence. Sisense adheres to stringent security practices to ensure that organizations can implement our solution safely and in accordance with their unique needs. Our security outlook combines rigorous processes and regular testing with industry standard technologies like encryption, authentication and access control methods. Sisense provides deep functionality that allows organizations to secure components of the solution and their data with fine-grained detail, without compromising ease of use, time-to-market, or adding unnecessary complexity.

For more information, please reference the Sisense Security Documentation page: https:///documentation/security/ To download Sisense for a free demo, please visit: https:///demo/

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback