SlideShare a Scribd company logo

Business Objects Security

B
brunomase

Business Objects is connected to sensitive data and is used to publish such data. As a result, it needs to be secured. Focus will be made on the W's: Who, What, When, Why & Where/ Backup and Disaster recovery/ Data quality

Data & Analytics
1 of 9
Download to read offline
​​ ​​ ​​ ​​ ​​ ​​ ​​ ​​ ​   Business​ ​Objects​ ​Security        In the past few years as VP of GB&Smith 360Suite, I have been working with hundreds of                                  customers using 360Suite tools for Business Objects. A common issue with most deployments is                            how Business Objects Security, with a capital “S”, is perceived whether it is by IT, QA, CISO or                                    any person in an organization. Typically models are extremely complex, they lack common                          sense and implementers have a poor understanding of regulations. Security needs to have                          answers​ ​to​ ​the​ ​“W”​ ​questions:​ ​​Who,​ ​When,​ ​What,​ ​Why​ ​&​ ​Where.    Security in an organization is more than ‘Who has access to what’. Security in SAP Business                                Objects​ ​can​ ​be​ ​related​ ​to:  Who​ ​has​ ​access​ ​to​ ​What  Who​ ​had​ ​access​ ​to​ ​What  ….      Who​ ​has​ ​access​ ​to​ ​what?​ ​Or​ ​account​ ​certification    Who​ ​has​ ​access​ ​to​ ​What?​ ​Easy​ ​to​ ​ask,​ ​tough​ ​to​ ​answer!  I had the chance to work with banks, federal entities and fortune 500 companies. An honest                                answer​ ​to​ ​this​ ​simple​ ​question​ ​is,​ ​“I​ ​do​ ​not​ ​know”.  Security models need to be as simple as possible working from a Role or Group and avoid                                  individual user security. Most of the time, security rights are poorly implemented without                          understanding the needs or of the security’s life cycle management. Over time, organizations                          forget​ ​what​ ​was​ ​exactly​ ​granted​ ​to​ ​specific​ ​users​ ​and​ ​the​ ​impacts​ ​on​ ​the​ ​environments.  The ​best way to secure a deployment is at the ​database level​, using row-level security.                              Additional​ ​security​ ​can​ ​be​ ​applied​ ​at​ ​the​ ​reporting​ ​level.  For legacy environments, where it is difficult to accurately map out security, 360Suite can export                              security​ ​via​ ​excel​ ​and​ ​import​ ​it​ ​back​ ​with​ ​modifications.    Current State in Business Objects​: It is only easy to find explicit rights. The issue is, when you assign                                      security, it impacts the entire environment like a domino effect. Each time you make a change,                                it​ ​can​ ​have​ ​downstream​ ​effects.​ ​At​ ​the​ ​end​ ​of​ ​it​ ​all,​ ​it​ ​has​ ​turned​ ​into​ ​a​ ​maze.   The most common way to keep track of such changes for the best deployments is to make                                  changes on an excel file, with the X axis being resources to be secured and the Y axis being                                        1 
  users and ​groups to be secured. This is pretty easy to do in a company of 10 users but when you                                          start to reach deployments of 100 or more users it is very tricky to keep track of since there are                                        so many changes, people who change security come and go throughout the life of any                              organization.  Ask​ ​an​ ​admin​ ​What​ ​User​ ​Bob​ ​has​ ​access​ ​to​ ​in​ ​detail,​ ​the​ ​honest​ ​answer​ ​is​ ​“I​ ​don’t​ ​know”.  Ask the CIO who has access to “Finance folders” with all detailed security, the honest answer is                                  “I​ ​don’t​ ​know”​ ​or​ ​“let​ ​me​ ​refer​ ​to​ ​an​ ​old​ ​Excel​ ​file”.    360Suite Solutions​: 360Suite provides a ​real-time view of security​, and offers the possibility to                            document it via an Excel export. Not possible in Business Objects. You also have the possibility to                                  make changes to security and see all the impacted rights (inheritance and double                          inheritance).  Our​ ​tools​ ​offer​ ​the​ ​possibility​ ​to​ ​use​ ​a​ ​​user​ ​centric​​ ​and​ ​​resource​ ​centric​​ ​view​ ​to​ ​audit​ ​security.           Use case​: Edward Snowden Case. Gaining a clear view of security with 360View. It would have                                been very simple to recognize that Snowden had admin rights on most resources, such as                              viewing​ ​inheritance​ ​and​ ​rights​ ​to​ ​modify​ ​security.       Account​ ​Recertification    Are accounts still needed and accurate? Large organizations and federal organizations need                        to perform such recertification on a regular basis depending on their regulatory requirements.                          Some organizations do an annual account recertification and then perform quarterly                      recertification​ ​based​ ​on​ ​a​ ​predefined​ ​%​ ​of​ ​accounts.      2  
​​ ​​ ​​ ​​ ​​ ​​ ​​ ​​ ​   Current​ ​State​ ​in​ ​Business​ ​Objects​:​ ​At​ ​present,​ ​this​ ​not​ ​something​ ​that​ ​is​ ​being​ ​handled.    360Suite​ ​Solutions​:​ ​This​ ​is​ ​a​ ​multiple​ ​step​ ​process​ ​involving​ ​Users/Resources/Security.  First, you need to determine whether user access is still needed, this is based on an                                organization’s policy. Next, you need to have access and document security at the deepest                            level. Then compare it to the policy in place. 360 allows to modify directly in XLS and push back                                      security. In certain cases, you might want to use a work flow with comments associated to each                                  change.  Other steps based on activity or non-activity level, 360Suite is able to capture, report and fine                                tune​ ​recertification​ ​and​ ​trigger​ ​whether​ ​a​ ​specific​ ​user​ ​needs​ ​to​ ​be​ ​recertified​ ​or​ ​not.  Unlinked​ ​users​​ ​and​ ​unlinked​ ​groups.​ ​360​ ​is​ ​able​ ​to​ ​find​ ​and​ ​cleanup​ ​such​ ​unlinked​ ​actors.    Use case​: I had the chance to work with multiple organizations including federal ones. I can say                                  that ​in 90% of the cases their account recertification was either false or inaccurate​. Typically,                              the main reasons are a mix of a poor understanding of account recertification rules, poor                              training of people implementing recertification, poor understanding of IT architecture from                      policy​ ​makers​ ​and​ ​an​ ​overall​ ​inability​ ​to​ ​have​ ​access​ ​to​ ​detailed​ ​information.       Who​ ​had​ ​access​ ​to​ ​what?     Who had access to What? A common answer to that is “I don’t know” and “do not know what                                      the​ ​security​ ​changes​ ​were”.  Last year while working with a large East Coast Hospital, they had an urgent need to show who                                    had access to a specific folder six months earlier regulated by HIPAA. The answer is they could                                  only​ ​guess​ ​and​ ​furthermore​ ​had​ ​no​ ​idea​ ​of​ ​any​ ​security​ ​changes.    Current State in Business Objects​: Currently, the only answer to this question is to rollback to a                                  previous backup. Once this is done, determine the explicit rights. No information is available re                              the life cycle management of the security changes for that specific resource.                        https://360suite.io/2017/03/10/rollback-security-business-objects/     360Suite Solutions​: 360Suite is able to take daily snapshots of security and compare changes                            over time like a time machine. Workflows to cover the security life cycle management can be                                handled,​ ​auditing​ ​any​ ​changes​ ​in​ ​the​ ​security.       Segregation​ ​Of​ ​Duties    SOD​​ ​rules​ ​are​ ​typically​ ​easy​ ​to​ ​determine,​ ​a​ ​little​ ​tougher​ ​to​ ​implement​ ​and​ ​tough​ ​to​ ​control.    Current State in Business Objects​: It is possible to implement SOD rules in Business Objects but                              virtually​ ​impossible​ ​to​ ​track​ ​and​ ​check​ ​them.    360Suite Solutions​: SOD is managed very easily due to a 360Suite Patent allowing admins to                              display and manage security. For a specific segregation, a Matrix appears with users selected                            on X axis and resources on Y axis. As a result, you can check all the security for the zone and if                                            there​ ​are​ ​any​ ​issues,​ ​you​ ​can​ ​modify​ ​it​ ​and​ ​see​ ​all​ ​the​ ​impacted​ ​rights.      3 
      Use case​: 2 years ago we were doing a POC for a prospect specializing in manufacturing. The                                  Customer initially was interested in our ​BI on BI solutions​. While exchanging conversations with                            the customer he mentioned the complexity of his security model and was curious to check his                                SOD in the Accounting Dept. Funny enough, he found out that the person handling payments                              could also handle PO’s, never a good idea and a typical SOD breach. The customer                              investigated and discovered the reason for the breach, it was because the person changed                            roles within the organization and was removed from the previous role at an explicit level but not                                  the​ ​inheritance​ ​level.​ ​As​ ​a​ ​result,​ ​the​ ​POC​ ​lasted​ ​10​ ​days​ ​and​ ​we​ ​received​ ​a​ ​PO​ ​shortly​ ​after.       Life​ ​Cycle​ ​Management​ ​of​ ​users​ ​leaving​ ​and​ ​changing​ ​roles    How do you know if a user who left the organization still has rights? Or a user who moved to a                                          new​ ​department​ ​does​ ​not​ ​have​ ​access​ ​to​ ​his​ ​old​ ​resources?     Current State in Business Objects​: Explicit permissions can be found and administrators need to                            go fishing (and be lucky enough) to determine what the inherited and double inherited                            permissions are. By default, if a user is deleted and they own documents or instances, they are                                  reassigned​ ​to​ ​the​ ​Administrator.    360Suite solutions​: When a user leaves an organization, or changes roles, 360Suite offers the                            “Swap” feature. You enter the name of the old user and the new user and the object                                  ownership​ ​is​ ​transferred​ ​from​ ​one​ ​to​ ​the​ ​other​ ​within​ ​3​ ​clicks!​ ​   When a user leaves an organization, he/she is typically disconnected from the organization                          directory and the link between the organization directory and Business Objects is lost. However,                            the user (if an Enterprise alias has been created which is a best practice) is still in Business                                    Objects, typically without access granted. 360Suite finds all these unlinked users and provides                          the​ ​ability​ ​to​ ​remove​ ​them.    4  
​​ ​​ ​​ ​​ ​​ ​​ ​​ ​​ ​   360Suite also offers the opportunity to provide a report verifying that the user who left the                                company no longer has access to anything and is not unlinked. For users who moved in the                                  organization,​ ​a​ ​security​ ​report​ ​can​ ​be​ ​issued​ ​comparing​ ​old​ ​and​ ​new​ ​security.    Use case​: The most famous and expensive banking scandal was caused by a trader who                              changed roles within the financial organization. Since the user changed roles within the                          organization, he kept access to a few older resources. Moral of the story, the user used old                                  credentials​ ​and​ ​caused​ ​the​ ​bank​ ​to​ ​lose​ ​billions.       Backup​ ​Disaster​ ​and​ ​Recovery    In the past few years, when asking clients if they have fully stressed their Business Objects                                Backup / Disaster / Recovery… answer is > 80% of cases “we have not”. By experience, I know                                    this​ ​is​ ​true​ ​in​ ​>​ ​95%​ ​of​ ​cases.    Current state in Business Objects​: It is possible to do full backup, prepare for disaster and                                recovery with BOBJ out of the box. This task is very challenging and most people fail while                                  tackling it and take laborious hours and days to finish the job. Reason is you need to have a full                                        backup of the filestore (FRSinput/FRSoutput) and backup of repository database schema. All of                          these need to be in sync. Once you have that, you need to have a server ready with BOE                                      installed, and a proper DB Schema. For more details read:                    https://360suite.io/2017/07/11/business-objects-disaster-recovery-strategy/  VMs are the most common way to prepare for DR, the issue you have is if you have a corrupted                                        object, universe, version, etc. it is of no help. Last year I had an aerospace organization who                                  learned​ ​that​ ​the​ ​hard​ ​way.    360Suite Solution​: In Business Objects when you generate a backup, it takes a very large                              amount of objects and treats it as 1 mega BIAR, making it hard to promote and impossible to                                    disassociate. 360Plus is able to manage 1 backup per object, universe, report, user, etc., as a                                result​ ​it​ ​is​ ​very​ ​flexible​ ​to​ ​promote​ ​and​ ​each​ ​individual​ ​object​ ​can​ ​be​ ​selectively​ ​restored.  If you have a corrupted VM you just roll back to the uncorrupted object(s) and restore. In case                                    of a DR, you just ask the tool to restore Full content or content from date X to date Y and you                                            are​ ​up​ ​and​ ​running.​ ​This​ ​is​ ​as​ ​simple​ ​to​ ​use​ ​as​ ​the​ ​time​ ​machine​ ​I​ ​use​ ​with​ ​my​ ​MacBook​ ​Pro.    Use Case​: Recently, over a weekend, a hospital did an upgrade to the latest version of SAP                                  BusinessObjects. On the following Monday morning, I received a phone call from the                          customer… “Bruno we upgraded to latest BOBJ version but have serious issues. We need to                              rollback​ ​ASAP.”​ ​Within​ ​1-2​ ​hours,​ ​the​ ​customer​ ​was​ ​running​ ​on​ ​the​ ​previous​ ​version.   I have witnessed a more challenging cases with federal customers who upgraded to the latest                              BOBJ version after 2 months of preparation (at the time of this issue they were considering                                buying our tools but had not yet, still a POC). In the process of this migration, the customer                                    installed the new version of Business Objects, on top of the previous version (I never recommend                                that). After a few days, the customer realized that certain applications, despite initial                          preparations and testing, had major issues. The problem in this scenario, they could not rollback                              to​ ​the​ ​previous​ ​version.  I have seen so many stories like the ones above; a fire in a server room, person physically                                    removing​ ​and​ ​damaging​ ​a​ ​SAN,​ ​administrator​ ​doing​ ​false​ ​manipulation,​ ​etc.      5 
    Version​ ​management    In most organizations, you have multiple report developers working on the same report. Cases                            like when you work on a Microsoft Word document, exchange it with co-workers who does the                                modifications, and at the end you have so many versions you have no idea what the proper                                  version​ ​is,​ ​the​ ​visibility​ ​of​ ​who​ ​changed​ ​what,​ ​and​ ​what​ ​was​ ​changed.     Current state in Business Objects​: Limited version management is possible out of the box but                              does not comply with most regulations such as FISMA, SOX, HIPAA, etc. Read the article on                                version​ ​control​ ​​https://360suite.io/2017/06/15/360suite-business-objects-version-control/    360Suite Solution​: 360Suite offers the possibility to Check in & Check out. While a report is                                checked out, only developer who checked it out. (The Administrator can unlock if necessary).                            When reports are checked in, version # is assigned and comments can be added. As a result,                                  you have full report traceability of changes and the ability to compare, promote and restore                              versions​ ​as​ ​well.     Use case​: All regulated industries for GRC need to be able to answer: Who changed What?                                When? In which report? With the ability to see changes. Certain organizations can be more                              demanding than others. Last year, the US Treasury asked us to deliver a feature in version                                control that includes workflows. Before reports or universes are promoted between                    environments, they need to be approved by specific users. The Use Case for Version                            management​ ​is​ ​complete​ ​report​ ​traceability.      Wrong​ ​report​ ​bursted​ ​into​ ​inboxes!    This is a common problem despite internal procedures, what can you do when the wrong                              report has been bursted into BOBJ inboxes. Send a message to the recipients “do not open!” (I                                  have seen that) you can bet recipients will open! Or you can wish you could delete that action,                                    what​ ​if​ ​I​ ​told​ ​you…Yes​ ​you​ ​can!    Current state in Business Objects​: There is nothing you can do about this issue without manually                                going​ ​into​ ​each​ ​users’​ ​BOBJ​ ​inbox.     360Suite Solution​: 360Suite offers the ability to selectively choose to burst a specific report, on a                                specific date. For Bursting, 360Suite offers the ability to manage bursting dynamically or                          semi-dynamically. As a result, you get all your bursting via excel and you can simply modify the                                  destination, filter values, prompt values, format, etc., with the possibility to manage password for                            recipients.     Use case​: One of the customers who requested that feature, blasted sensitive HR information to                              wrong recipients. This created a huge problem. With the bursting feature, the problem could                            have​ ​been​ ​solved​ ​or​ ​limited​ ​depending​ ​on​ ​how​ ​fast​ ​actions​ ​could​ ​have​ ​been​ ​taken.       Secure​ ​your​ ​bursted​ ​reports      6  
​​ ​​ ​​ ​​ ​​ ​​ ​​ ​​ ​   It​ ​is​ ​always​ ​better​ ​to​ ​follow​ ​bursted​ ​reports​ ​with​ ​passwords!​ ​(If​ ​you​ ​remember​ ​your​ ​password)    Current state in Business Objects​: You cannot secure your scheduled/bursted report with a                          password.    360Suite Solutions​: Don’t fret, 360Suite offers the ability to secure your bursted reports with                            passwords!    Use case​: We specifically developed that feature for a customer who bursted sales information                            to​ ​the​ ​wrong​ ​customers​ ​(incidentally,​ ​it​ ​was​ ​the​ ​customer’s​ ​competitor).      Regression​ ​testing    Showing inaccurate data can be a serious security and compliance problem. Whether you do                            an upgrade, a migration, implement a service pack or make a change on DB side regressions…                                it​ ​does​ ​happen.​ ​The​ ​only​ ​question​ ​is​ ​where​ ​it​ ​is?    Current​ ​state​ ​in​ ​Business​ ​Objects​:​ ​Regression​ ​testing​ ​is​ ​not​ ​available​ ​out​ ​of​ ​the​ ​box.     360Suite Solutions​: 360suite offers the ability to automate all your regression testing with the                            possibility to check data and pixels inside the reports. Processes can be automated and results                              can be e-mailed to reports’ recipients. 360Suite also manages security so that only the recipient                              can​ ​see​ ​the​ ​data,​ ​and​ ​regression​ ​testing​ ​results​ ​are​ ​not​ ​shared​ ​to​ ​inappropriate​ ​people.   Once regressions are found, 360Suite can perform impact analysis across the entire                        environment and check if such regression is affecting other reports. If the issue is with report                                variable,​ ​360Suite​ ​is​ ​then​ ​able​ ​to​ ​update​ ​all​ ​affected​ ​reports​ ​in​ ​bulk.    Use case​: We have seen so many cases dealing with regressions, typically not good stories for                                customers. We have stories about customers publishing false financial data, central banks                        freezing​ ​service​ ​packs,​ ​utility​ ​organization​ ​sending​ ​false​ ​bills,​ ​etc.   Let’s take a pure ROI use case. One of our customers is a Motorcycle Manufacturer, and in the                                    past they had 14 consultants searching for their regressions due to their regulatory needs, now                              with​ ​360​ ​they​ ​only​ ​need​ ​2​ ​consultants.      7 
        360Suite​ ​application​ ​security    By default, 360Suite has the same security as Business Objects by default, it is also possible to                                  apply​ ​more​ ​restrictive​ ​security.    Use case​: A healthcare organization needed to provide admin access to multiple users in order                              to kill sessions (very bad practice) as their security model was not allowing them to do granular                                  rights. With 360Suite, they were able to limit access rights of non IT Admins so that they could use                                      admin​ ​credentials​ ​only​ ​to​ ​kill​ ​sessions.      Improper​ ​Universe​ ​Object​ ​Description    Over time, deployments grow and grow and go through different developers, eventually                        organizations​ ​perform​ ​acquisitions​ ​and​ ​object​ ​descriptions​ ​become​ ​less​ ​and​ ​less​ ​streamlined.  How does that affect security? Without proper nomenclature of Universe content, it is very                          difficult​ ​to​ ​keep​ ​track​ ​of​ ​why​ ​such​ ​Objects​ ​exists​ ​and​ ​what​ ​sensitive​ ​information​ ​it​ ​relates​ ​to.    Current state in Business Objects​: You can manually update 1 by 1 and it is extremely                                time-consuming​ ​and​ ​error​ ​prone.    360Suite Solutions​: You have the possibility to export and document all Universe content Classes,                            objects names, objects descriptions, field types, object select, etc. Make any necessary                        updates,​ ​deletes,​ ​inserts​ ​in​ ​excel,​ ​and​ ​import​ ​the​ ​excel​ ​file​ ​to​ ​update​ ​in​ ​bulk.      8  
​​ ​​ ​​ ​​ ​​ ​​ ​​ ​​ ​   Use case​: I remember back in 1999, there was the concern of the Y2K bug (for the most part it                                        was a big scam, and a good way for consulting companies to sell services). For certain                                organizations it was a big security issue. Problem was people who coded software rarely left                              notes around fields relating to dates. Back in those days, I use to go to Japan frequently and I                                      saw it was not a serious problem. One of the reasons (outside of low employee turnover) was                                  that they kept excellent Object descriptions. More recently I have seen organizations with a                            need​ ​to​ ​have​ ​unified​ ​nomenclatures​ ​around​ ​objects​ ​relating​ ​to​ ​SSN​ ​or​ ​country​ ​of​ ​residence.      Regulatory​ ​needs    Most regulations have similar needs whether it is HIPAA, SOX, FISMA, GDPR                        (​https://360suite.io/2017/09/06/gdpr-360suite-tools-sap-businessobjects/ and    https://360suite.io/2017/10/19/business-objects-regulations/​)  All​ ​these​ ​regulations​ ​need​ ​to​ ​answer​ ​the​ ​W​ ​questions:​ ​Who,​ ​What,​ ​When,​ ​Where​ ​&​ ​Why.  You may think it is pretty common sense… Well it is! However, I worked with 5 big consulting firms                                      and​ ​most​ ​of​ ​the​ ​time​ ​they​ ​could​ ​not​ ​simply​ ​explain​ ​the​ ​W’s​ ​and​ ​how​ ​to​ ​retrieve​ ​that​ ​info.  A great example is organizations that need to be SOX compliant often have their data SOX but                                  never think that Business Objects publishes such info. Mind you, Business Objects needs to be                              SOX​ ​compliant​ ​as​ ​well.    Current state in Business Objects​: There are inherent limitations, therefore answering all W’s as all                              sourced​ ​can’t​ ​be​ ​queried​ ​out​ ​of​ ​the​ ​box.  Answering all the W’s in Business Objects is impossible due to the lack of access of all metadata,                                    capture​ ​of​ ​all​ ​historical​ ​changes/updates,​ ​etc.    360Suite Solutions​: 360Suite allows to capture all the Metadata, historical changes, updates,                        etc.    Use Case​: With our customers, the organizations that are the most careful about Regulatory                            needs are Banks. Well yes, like all banks in the US and Europe, but I am speaking of banks                                      particularly​ ​in​ ​Switzerland!      Security is very complex in Business Objects as typically, BOBJ is used as a reporting tool                                capturing data from multiple sources and users within organizations. With common sense, basic                          knowledge and proper tools, it is very easy to a have secured deployment and answer to the                                  W’s: Who, When, What, Where & Why.  As a last note, I have seen many organizations going                                  from OBIEE, Cognos to SAP Business Objects. The reason being is, it is far safer to use and less                                      flexible​ ​which​ ​is​ ​a​ ​good​ ​thing​ ​for​ ​security.    Request​ ​a​ ​Trial​ ​today​ ​from​ ​​https://360suite.io/     How​ ​our​ ​customers used​ ​and​ ​conquered​ ​with​ ​360Suite  https://360suite.io/sap-business-objects/use-cases/      9 

Recommended

Strong Authentication: Securing Identities and Enabling Business
Strong Authentication: Securing Identities and Enabling BusinessStrong Authentication: Securing Identities and Enabling Business
Strong Authentication: Securing Identities and Enabling Business
SafeNet
 
PCI and Remote Vendors
PCI and Remote VendorsPCI and Remote Vendors
PCI and Remote Vendors
ObserveIT
 
Fy17 sec shadow_it-e_book_final_032417
Fy17 sec shadow_it-e_book_final_032417Fy17 sec shadow_it-e_book_final_032417
Fy17 sec shadow_it-e_book_final_032417
Основна школа "Миливоје Боровић" Мачкат
 
User access profiling model
User access profiling modelUser access profiling model
User access profiling model
Jose Guerrero
 
Digital signatures whitepaper_thinkdox
Digital signatures whitepaper_thinkdoxDigital signatures whitepaper_thinkdox
Digital signatures whitepaper_thinkdox
Christopher Wynder
 
3 Reasons Why IT puts Us at Risk by Phil Godwin
3 Reasons Why IT puts Us at Risk by Phil Godwin3 Reasons Why IT puts Us at Risk by Phil Godwin
3 Reasons Why IT puts Us at Risk by Phil GodwinClear Technologies
 
ThinkDox implementation whitepaper for ECM
ThinkDox implementation whitepaper for ECMThinkDox implementation whitepaper for ECM
ThinkDox implementation whitepaper for ECM
Christopher Wynder
 
Cyber speed – the unknown velocity component
Cyber speed – the unknown velocity componentCyber speed – the unknown velocity component
Cyber speed – the unknown velocity component
Jonathan Sinclair
 

Recommended

Strong Authentication: Securing Identities and Enabling Business
Strong Authentication: Securing Identities and Enabling BusinessStrong Authentication: Securing Identities and Enabling Business
Strong Authentication: Securing Identities and Enabling Business
SafeNet
 
PCI and Remote Vendors
PCI and Remote VendorsPCI and Remote Vendors
PCI and Remote Vendors
ObserveIT
 
Fy17 sec shadow_it-e_book_final_032417
Fy17 sec shadow_it-e_book_final_032417Fy17 sec shadow_it-e_book_final_032417
Fy17 sec shadow_it-e_book_final_032417
Основна школа "Миливоје Боровић" Мачкат
 
User access profiling model
User access profiling modelUser access profiling model
User access profiling model
Jose Guerrero
 
Digital signatures whitepaper_thinkdox
Digital signatures whitepaper_thinkdoxDigital signatures whitepaper_thinkdox
Digital signatures whitepaper_thinkdox
Christopher Wynder
 
3 Reasons Why IT puts Us at Risk by Phil Godwin
3 Reasons Why IT puts Us at Risk by Phil Godwin3 Reasons Why IT puts Us at Risk by Phil Godwin
3 Reasons Why IT puts Us at Risk by Phil GodwinClear Technologies
 
ThinkDox implementation whitepaper for ECM
ThinkDox implementation whitepaper for ECMThinkDox implementation whitepaper for ECM
ThinkDox implementation whitepaper for ECM
Christopher Wynder
 
Cyber speed – the unknown velocity component
Cyber speed – the unknown velocity componentCyber speed – the unknown velocity component
Cyber speed – the unknown velocity component
Jonathan Sinclair
 
Laserfiche empowercon302 2016
Laserfiche empowercon302 2016Laserfiche empowercon302 2016
Laserfiche empowercon302 2016
Christopher Wynder
 
Protect Your Firm: Knowledge, Process, Policy and Action
Protect Your Firm: Knowledge, Process, Policy and ActionProtect Your Firm: Knowledge, Process, Policy and Action
Protect Your Firm: Knowledge, Process, Policy and Action
Wolters Kluwer Tax & Accounting US
 
Cybersecurity the new metrics
Cybersecurity the new metricsCybersecurity the new metrics
Cybersecurity the new metrics
Abhishek Sood
 
Asset 1 security-in-the-cloud
Asset 1 security-in-the-cloudAsset 1 security-in-the-cloud
Asset 1 security-in-the-clouddrewz lin
 
Allow is the New Block
Allow is the New BlockAllow is the New Block
Allow is the New BlockSean Dickson
 
AMCTO presentation on moving from records managment to information management
AMCTO presentation on moving from records managment to information managementAMCTO presentation on moving from records managment to information management
AMCTO presentation on moving from records managment to information management
Christopher Wynder
 
With-All-Due-Diligence20150330
With-All-Due-Diligence20150330With-All-Due-Diligence20150330
With-All-Due-Diligence20150330Jim Kramer
 
Trusting External Identity Providers for Global Research Collaborations
Trusting External Identity Providers for Global Research CollaborationsTrusting External Identity Providers for Global Research Collaborations
Trusting External Identity Providers for Global Research Collaborations
jbasney
 
Healthcare trends and information management strategy
Healthcare trends and information management strategyHealthcare trends and information management strategy
Healthcare trends and information management strategy
Christopher Wynder
 
Identity Management In Cloud Computing
Identity Management In Cloud ComputingIdentity Management In Cloud Computing
Identity Management In Cloud Computing
International Journal of Modern Research in Engineering and Technology
 
7 Experts on Transforming Customer Experience with Data Insights (1)
7 Experts on Transforming Customer Experience with Data Insights (1)7 Experts on Transforming Customer Experience with Data Insights (1)
7 Experts on Transforming Customer Experience with Data Insights (1)
Mighty Guides, Inc.
 
Workflow enhances ECM adoption_LaserFicheEpower14
Workflow enhances ECM adoption_LaserFicheEpower14Workflow enhances ECM adoption_LaserFicheEpower14
Workflow enhances ECM adoption_LaserFicheEpower14
Christopher Wynder
 
Ecm implementation planning_workshop_hospital_sample
Ecm implementation planning_workshop_hospital_sampleEcm implementation planning_workshop_hospital_sample
Ecm implementation planning_workshop_hospital_sample
Christopher Wynder
 
Your Data Center Boundaries Don’t Exist Anymore!
Your Data Center Boundaries Don’t Exist Anymore! Your Data Center Boundaries Don’t Exist Anymore!
Your Data Center Boundaries Don’t Exist Anymore!
EMC
 
CIS 2015- User-centric Privacy of Identity- Jenn Behrens
CIS 2015- User-centric Privacy of Identity- Jenn BehrensCIS 2015- User-centric Privacy of Identity- Jenn Behrens
CIS 2015- User-centric Privacy of Identity- Jenn Behrens
CloudIDSummit
 
The cost of downtime
The cost of downtimeThe cost of downtime
The cost of downtime
BillyHosking
 
Big data security
Big data securityBig data security
Big data security
Anne ndolo
 
EDF2012 Wolfgang Nimfuehr - Bringing Big Data to the Enterprise
EDF2012 Wolfgang Nimfuehr - Bringing Big Data to the EnterpriseEDF2012 Wolfgang Nimfuehr - Bringing Big Data to the Enterprise
EDF2012 Wolfgang Nimfuehr - Bringing Big Data to the EnterpriseEuropean Data Forum
 
Support your business objects GDPR project with 360suite
Support your business objects GDPR project with 360suiteSupport your business objects GDPR project with 360suite
Support your business objects GDPR project with 360suite
Sebastien Goiffon
 
BBA 3551, Information Systems Management 1 Course Lea.docx
BBA 3551, Information Systems Management 1 Course Lea.docx BBA 3551, Information Systems Management 1 Course Lea.docx
BBA 3551, Information Systems Management 1 Course Lea.docx
aryan532920
 
Identity & Access Governance versus Process Agility
Identity & Access Governance versus Process AgilityIdentity & Access Governance versus Process Agility
Identity & Access Governance versus Process Agility
Horst Walther
 
ICISS Newsletter Sept 14
ICISS Newsletter Sept 14ICISS Newsletter Sept 14
ICISS Newsletter Sept 14
Capt SB Tyagi, COAC'CC*,FISM,CSC,
 

More Related Content

What's hot

Laserfiche empowercon302 2016
Laserfiche empowercon302 2016Laserfiche empowercon302 2016
Laserfiche empowercon302 2016
Christopher Wynder
 
Protect Your Firm: Knowledge, Process, Policy and Action
Protect Your Firm: Knowledge, Process, Policy and ActionProtect Your Firm: Knowledge, Process, Policy and Action
Protect Your Firm: Knowledge, Process, Policy and Action
Wolters Kluwer Tax & Accounting US
 
Cybersecurity the new metrics
Cybersecurity the new metricsCybersecurity the new metrics
Cybersecurity the new metrics
Abhishek Sood
 
Asset 1 security-in-the-cloud
Asset 1 security-in-the-cloudAsset 1 security-in-the-cloud
Asset 1 security-in-the-clouddrewz lin
 
Allow is the New Block
Allow is the New BlockAllow is the New Block
Allow is the New BlockSean Dickson
 
AMCTO presentation on moving from records managment to information management
AMCTO presentation on moving from records managment to information managementAMCTO presentation on moving from records managment to information management
AMCTO presentation on moving from records managment to information management
Christopher Wynder
 
With-All-Due-Diligence20150330
With-All-Due-Diligence20150330With-All-Due-Diligence20150330
With-All-Due-Diligence20150330Jim Kramer
 
Trusting External Identity Providers for Global Research Collaborations
Trusting External Identity Providers for Global Research CollaborationsTrusting External Identity Providers for Global Research Collaborations
Trusting External Identity Providers for Global Research Collaborations
jbasney
 
Healthcare trends and information management strategy
Healthcare trends and information management strategyHealthcare trends and information management strategy
Healthcare trends and information management strategy
Christopher Wynder
 
Identity Management In Cloud Computing
Identity Management In Cloud ComputingIdentity Management In Cloud Computing
Identity Management In Cloud Computing
International Journal of Modern Research in Engineering and Technology
 
7 Experts on Transforming Customer Experience with Data Insights (1)
7 Experts on Transforming Customer Experience with Data Insights (1)7 Experts on Transforming Customer Experience with Data Insights (1)
7 Experts on Transforming Customer Experience with Data Insights (1)
Mighty Guides, Inc.
 
Workflow enhances ECM adoption_LaserFicheEpower14
Workflow enhances ECM adoption_LaserFicheEpower14Workflow enhances ECM adoption_LaserFicheEpower14
Workflow enhances ECM adoption_LaserFicheEpower14
Christopher Wynder
 
Ecm implementation planning_workshop_hospital_sample
Ecm implementation planning_workshop_hospital_sampleEcm implementation planning_workshop_hospital_sample
Ecm implementation planning_workshop_hospital_sample
Christopher Wynder
 
Your Data Center Boundaries Don’t Exist Anymore!
Your Data Center Boundaries Don’t Exist Anymore! Your Data Center Boundaries Don’t Exist Anymore!
Your Data Center Boundaries Don’t Exist Anymore!
EMC
 
CIS 2015- User-centric Privacy of Identity- Jenn Behrens
CIS 2015- User-centric Privacy of Identity- Jenn BehrensCIS 2015- User-centric Privacy of Identity- Jenn Behrens
CIS 2015- User-centric Privacy of Identity- Jenn Behrens
CloudIDSummit
 
The cost of downtime
The cost of downtimeThe cost of downtime
The cost of downtime
BillyHosking
 
Big data security
Big data securityBig data security
Big data security
Anne ndolo
 
EDF2012 Wolfgang Nimfuehr - Bringing Big Data to the Enterprise
EDF2012 Wolfgang Nimfuehr - Bringing Big Data to the EnterpriseEDF2012 Wolfgang Nimfuehr - Bringing Big Data to the Enterprise
EDF2012 Wolfgang Nimfuehr - Bringing Big Data to the EnterpriseEuropean Data Forum
 

What's hot (18)

Laserfiche empowercon302 2016
Laserfiche empowercon302 2016Laserfiche empowercon302 2016
Laserfiche empowercon302 2016
 
Protect Your Firm: Knowledge, Process, Policy and Action
Protect Your Firm: Knowledge, Process, Policy and ActionProtect Your Firm: Knowledge, Process, Policy and Action
Protect Your Firm: Knowledge, Process, Policy and Action
 
Cybersecurity the new metrics
Cybersecurity the new metricsCybersecurity the new metrics
Cybersecurity the new metrics
 
Asset 1 security-in-the-cloud
Asset 1 security-in-the-cloudAsset 1 security-in-the-cloud
Asset 1 security-in-the-cloud
 
Allow is the New Block
Allow is the New BlockAllow is the New Block
Allow is the New Block
 
AMCTO presentation on moving from records managment to information management
AMCTO presentation on moving from records managment to information managementAMCTO presentation on moving from records managment to information management
AMCTO presentation on moving from records managment to information management
 
With-All-Due-Diligence20150330
With-All-Due-Diligence20150330With-All-Due-Diligence20150330
With-All-Due-Diligence20150330
 
Trusting External Identity Providers for Global Research Collaborations
Trusting External Identity Providers for Global Research CollaborationsTrusting External Identity Providers for Global Research Collaborations
Trusting External Identity Providers for Global Research Collaborations
 
Healthcare trends and information management strategy
Healthcare trends and information management strategyHealthcare trends and information management strategy
Healthcare trends and information management strategy
 
Identity Management In Cloud Computing
Identity Management In Cloud ComputingIdentity Management In Cloud Computing
Identity Management In Cloud Computing
 
7 Experts on Transforming Customer Experience with Data Insights (1)
7 Experts on Transforming Customer Experience with Data Insights (1)7 Experts on Transforming Customer Experience with Data Insights (1)
7 Experts on Transforming Customer Experience with Data Insights (1)
 
Workflow enhances ECM adoption_LaserFicheEpower14
Workflow enhances ECM adoption_LaserFicheEpower14Workflow enhances ECM adoption_LaserFicheEpower14
Workflow enhances ECM adoption_LaserFicheEpower14
 
Ecm implementation planning_workshop_hospital_sample
Ecm implementation planning_workshop_hospital_sampleEcm implementation planning_workshop_hospital_sample
Ecm implementation planning_workshop_hospital_sample
 
Your Data Center Boundaries Don’t Exist Anymore!
Your Data Center Boundaries Don’t Exist Anymore! Your Data Center Boundaries Don’t Exist Anymore!
Your Data Center Boundaries Don’t Exist Anymore!
 
CIS 2015- User-centric Privacy of Identity- Jenn Behrens
CIS 2015- User-centric Privacy of Identity- Jenn BehrensCIS 2015- User-centric Privacy of Identity- Jenn Behrens
CIS 2015- User-centric Privacy of Identity- Jenn Behrens
 
The cost of downtime
The cost of downtimeThe cost of downtime
The cost of downtime
 
Big data security
Big data securityBig data security
Big data security
 
EDF2012 Wolfgang Nimfuehr - Bringing Big Data to the Enterprise
EDF2012 Wolfgang Nimfuehr - Bringing Big Data to the EnterpriseEDF2012 Wolfgang Nimfuehr - Bringing Big Data to the Enterprise
EDF2012 Wolfgang Nimfuehr - Bringing Big Data to the Enterprise
 

Similar to Business Objects Security

Support your business objects GDPR project with 360suite
Support your business objects GDPR project with 360suiteSupport your business objects GDPR project with 360suite
Support your business objects GDPR project with 360suite
Sebastien Goiffon
 
BBA 3551, Information Systems Management 1 Course Lea.docx
BBA 3551, Information Systems Management 1 Course Lea.docx BBA 3551, Information Systems Management 1 Course Lea.docx
BBA 3551, Information Systems Management 1 Course Lea.docx
aryan532920
 
Identity & Access Governance versus Process Agility
Identity & Access Governance versus Process AgilityIdentity & Access Governance versus Process Agility
Identity & Access Governance versus Process Agility
Horst Walther
 
ICISS Newsletter Sept 14
ICISS Newsletter Sept 14ICISS Newsletter Sept 14
ICISS Newsletter Sept 14
Capt SB Tyagi, COAC'CC*,FISM,CSC,
 
Intro To Secure Identity Management
Intro To Secure Identity ManagementIntro To Secure Identity Management
Intro To Secure Identity Management
Product Marketing Services
 
Active Directory Change Auditing in the Enterprise
Active Directory Change Auditing in the EnterpriseActive Directory Change Auditing in the Enterprise
Active Directory Change Auditing in the Enterprise
Netwrix Corporation
 
20111012 Sap Datasheet Site
20111012 Sap Datasheet Site20111012 Sap Datasheet Site
20111012 Sap Datasheet SiteNicola_Milone
 
Securing Citizen Facing Applications Presentation Notes
Securing Citizen Facing Applications Presentation NotesSecuring Citizen Facing Applications Presentation Notes
Securing Citizen Facing Applications Presentation Notes
edwinlorenzana
 
Data-Centric Security for the Extended Enterprise
Data-Centric Security for the Extended EnterpriseData-Centric Security for the Extended Enterprise
Data-Centric Security for the Extended Enterprise
NextLabs, Inc.
 
Vendors, and Risk, and Tigers, and Bears, Oh My: How to Create a Vendor Revie...
Vendors, and Risk, and Tigers, and Bears, Oh My: How to Create a Vendor Revie...Vendors, and Risk, and Tigers, and Bears, Oh My: How to Create a Vendor Revie...
Vendors, and Risk, and Tigers, and Bears, Oh My: How to Create a Vendor Revie...
Wendy Knox Everette
 
Healthcare IT Security Who's Responsible, Really?
Healthcare IT Security Who's Responsible, Really?Healthcare IT Security Who's Responsible, Really?
Healthcare IT Security Who's Responsible, Really?
Redspin, Inc.
 
Five Mistakes of Vulnerability Management
Five Mistakes of Vulnerability ManagementFive Mistakes of Vulnerability Management
Five Mistakes of Vulnerability Management
Anton Chuvakin
 
Running head KUDLER FINE FOODS APPLICATION OF ROLES 1KUDL.docx
Running head KUDLER FINE FOODS APPLICATION OF ROLES 1KUDL.docxRunning head KUDLER FINE FOODS APPLICATION OF ROLES 1KUDL.docx
Running head KUDLER FINE FOODS APPLICATION OF ROLES 1KUDL.docx
charisellington63520
 
Enterprise Architecture in the Boardroom with Dragon1
Enterprise Architecture in the Boardroom with Dragon1Enterprise Architecture in the Boardroom with Dragon1
Enterprise Architecture in the Boardroom with Dragon1
Dragon1 Inc.
 
Why IAM is the Need of the Hour
Why IAM is the Need of the HourWhy IAM is the Need of the Hour
Why IAM is the Need of the Hour
Techdemocracy
 
Securing the Office of Finance in the Cloud -- Separating Fact from Fiction
Securing the Office of Finance in the Cloud -- Separating Fact from FictionSecuring the Office of Finance in the Cloud -- Separating Fact from Fiction
Securing the Office of Finance in the Cloud -- Separating Fact from Fiction
Workday
 
A data-centric program
A data-centric program A data-centric program
A data-centric program
at MicroFocus Italy ❖✔
 
Implementing business intelligence
Implementing business intelligenceImplementing business intelligence
Implementing business intelligence
Alistair Sergeant
 
SailPoint VS CyberArk.pdf
SailPoint VS CyberArk.pdfSailPoint VS CyberArk.pdf
SailPoint VS CyberArk.pdf
VishnuGone
 

Similar to Business Objects Security (20)

Support your business objects GDPR project with 360suite
Support your business objects GDPR project with 360suiteSupport your business objects GDPR project with 360suite
Support your business objects GDPR project with 360suite
 
BBA 3551, Information Systems Management 1 Course Lea.docx
BBA 3551, Information Systems Management 1 Course Lea.docx BBA 3551, Information Systems Management 1 Course Lea.docx
BBA 3551, Information Systems Management 1 Course Lea.docx
 
Identity & Access Governance versus Process Agility
Identity & Access Governance versus Process AgilityIdentity & Access Governance versus Process Agility
Identity & Access Governance versus Process Agility
 
ICISS Newsletter Sept 14
ICISS Newsletter Sept 14ICISS Newsletter Sept 14
ICISS Newsletter Sept 14
 
Intro To Secure Identity Management
Intro To Secure Identity ManagementIntro To Secure Identity Management
Intro To Secure Identity Management
 
Active Directory Change Auditing in the Enterprise
Active Directory Change Auditing in the EnterpriseActive Directory Change Auditing in the Enterprise
Active Directory Change Auditing in the Enterprise
 
20111012 Sap Datasheet Site
20111012 Sap Datasheet Site20111012 Sap Datasheet Site
20111012 Sap Datasheet Site
 
Securing Citizen Facing Applications Presentation Notes
Securing Citizen Facing Applications Presentation NotesSecuring Citizen Facing Applications Presentation Notes
Securing Citizen Facing Applications Presentation Notes
 
Data-Centric Security for the Extended Enterprise
Data-Centric Security for the Extended EnterpriseData-Centric Security for the Extended Enterprise
Data-Centric Security for the Extended Enterprise
 
Vendors, and Risk, and Tigers, and Bears, Oh My: How to Create a Vendor Revie...
Vendors, and Risk, and Tigers, and Bears, Oh My: How to Create a Vendor Revie...Vendors, and Risk, and Tigers, and Bears, Oh My: How to Create a Vendor Revie...
Vendors, and Risk, and Tigers, and Bears, Oh My: How to Create a Vendor Revie...
 
Healthcare IT Security Who's Responsible, Really?
Healthcare IT Security Who's Responsible, Really?Healthcare IT Security Who's Responsible, Really?
Healthcare IT Security Who's Responsible, Really?
 
Five Mistakes of Vulnerability Management
Five Mistakes of Vulnerability ManagementFive Mistakes of Vulnerability Management
Five Mistakes of Vulnerability Management
 
Running head KUDLER FINE FOODS APPLICATION OF ROLES 1KUDL.docx
Running head KUDLER FINE FOODS APPLICATION OF ROLES 1KUDL.docxRunning head KUDLER FINE FOODS APPLICATION OF ROLES 1KUDL.docx
Running head KUDLER FINE FOODS APPLICATION OF ROLES 1KUDL.docx
 
Enterprise Architecture in the Boardroom with Dragon1
Enterprise Architecture in the Boardroom with Dragon1Enterprise Architecture in the Boardroom with Dragon1
Enterprise Architecture in the Boardroom with Dragon1
 
Why IAM is the Need of the Hour
Why IAM is the Need of the HourWhy IAM is the Need of the Hour
Why IAM is the Need of the Hour
 
So you want to be a CISO - 5 steps to Success
So you want to be a CISO - 5 steps to SuccessSo you want to be a CISO - 5 steps to Success
So you want to be a CISO - 5 steps to Success
 
Securing the Office of Finance in the Cloud -- Separating Fact from Fiction
Securing the Office of Finance in the Cloud -- Separating Fact from FictionSecuring the Office of Finance in the Cloud -- Separating Fact from Fiction
Securing the Office of Finance in the Cloud -- Separating Fact from Fiction
 
A data-centric program
A data-centric program A data-centric program
A data-centric program
 
Implementing business intelligence
Implementing business intelligenceImplementing business intelligence
Implementing business intelligence
 
SailPoint VS CyberArk.pdf
SailPoint VS CyberArk.pdfSailPoint VS CyberArk.pdf
SailPoint VS CyberArk.pdf
 

Recently uploaded

一比一原版(UniSA毕业证书)南澳大学毕业证如何办理
一比一原版(UniSA毕业证书)南澳大学毕业证如何办理一比一原版(UniSA毕业证书)南澳大学毕业证如何办理
一比一原版(UniSA毕业证书)南澳大学毕业证如何办理
slg6lamcq
 
一比一原版(TWU毕业证)西三一大学毕业证成绩单
一比一原版(TWU毕业证)西三一大学毕业证成绩单一比一原版(TWU毕业证)西三一大学毕业证成绩单
一比一原版(TWU毕业证)西三一大学毕业证成绩单
ocavb
 
一比一原版(UIUC毕业证)伊利诺伊大学|厄巴纳-香槟分校毕业证如何办理
一比一原版(UIUC毕业证)伊利诺伊大学|厄巴纳-香槟分校毕业证如何办理一比一原版(UIUC毕业证)伊利诺伊大学|厄巴纳-香槟分校毕业证如何办理
一比一原版(UIUC毕业证)伊利诺伊大学|厄巴纳-香槟分校毕业证如何办理
ahzuo
 
FP Growth Algorithm and its Applications
FP Growth Algorithm and its ApplicationsFP Growth Algorithm and its Applications
FP Growth Algorithm and its Applications
MaleehaSheikh2
 
Data Centers - Striving Within A Narrow Range - Research Report - MCG - May 2...
Data Centers - Striving Within A Narrow Range - Research Report - MCG - May 2...Data Centers - Striving Within A Narrow Range - Research Report - MCG - May 2...
Data Centers - Striving Within A Narrow Range - Research Report - MCG - May 2...
pchutichetpong
 
Best best suvichar in gujarati english meaning of this sentence as Silk road ...
Best best suvichar in gujarati english meaning of this sentence as Silk road ...Best best suvichar in gujarati english meaning of this sentence as Silk road ...
Best best suvichar in gujarati english meaning of this sentence as Silk road ...
AbhimanyuSinha9
 
一比一原版(RUG毕业证)格罗宁根大学毕业证成绩单
一比一原版(RUG毕业证)格罗宁根大学毕业证成绩单一比一原版(RUG毕业证)格罗宁根大学毕业证成绩单
一比一原版(RUG毕业证)格罗宁根大学毕业证成绩单
vcaxypu
 
Adjusting primitives for graph : SHORT REPORT / NOTES
Adjusting primitives for graph : SHORT REPORT / NOTESAdjusting primitives for graph : SHORT REPORT / NOTES
Adjusting primitives for graph : SHORT REPORT / NOTES
Subhajit Sahu
 
Predicting Product Ad Campaign Performance: A Data Analysis Project Presentation
Predicting Product Ad Campaign Performance: A Data Analysis Project PresentationPredicting Product Ad Campaign Performance: A Data Analysis Project Presentation
Predicting Product Ad Campaign Performance: A Data Analysis Project Presentation
Boston Institute of Analytics
 
一比一原版(Adelaide毕业证书)阿德莱德大学毕业证如何办理
一比一原版(Adelaide毕业证书)阿德莱德大学毕业证如何办理一比一原版(Adelaide毕业证书)阿德莱德大学毕业证如何办理
一比一原版(Adelaide毕业证书)阿德莱德大学毕业证如何办理
slg6lamcq
 
一比一原版(UVic毕业证)维多利亚大学毕业证成绩单
一比一原版(UVic毕业证)维多利亚大学毕业证成绩单一比一原版(UVic毕业证)维多利亚大学毕业证成绩单
一比一原版(UVic毕业证)维多利亚大学毕业证成绩单
ukgaet
 
Machine learning and optimization techniques for electrical drives.pptx
Machine learning and optimization techniques for electrical drives.pptxMachine learning and optimization techniques for electrical drives.pptx
Machine learning and optimization techniques for electrical drives.pptx
balafet
 
一比一原版(CU毕业证)卡尔顿大学毕业证成绩单
一比一原版(CU毕业证)卡尔顿大学毕业证成绩单一比一原版(CU毕业证)卡尔顿大学毕业证成绩单
一比一原版(CU毕业证)卡尔顿大学毕业证成绩单
yhkoc
 
Ch03-Managing the Object-Oriented Information Systems Project a.pdf
Ch03-Managing the Object-Oriented Information Systems Project a.pdfCh03-Managing the Object-Oriented Information Systems Project a.pdf
Ch03-Managing the Object-Oriented Information Systems Project a.pdf
haila53
 
【社内勉強会資料_Octo: An Open-Source Generalist Robot Policy】
【社内勉強会資料_Octo: An Open-Source Generalist Robot Policy】【社内勉強会資料_Octo: An Open-Source Generalist Robot Policy】
【社内勉強会資料_Octo: An Open-Source Generalist Robot Policy】
NABLAS株式会社
 
一比一原版(IIT毕业证)伊利诺伊理工大学毕业证成绩单
一比一原版(IIT毕业证)伊利诺伊理工大学毕业证成绩单一比一原版(IIT毕业证)伊利诺伊理工大学毕业证成绩单
一比一原版(IIT毕业证)伊利诺伊理工大学毕业证成绩单
ewymefz
 
1.Seydhcuxhxyxhccuuxuxyxyxmisolids 2019.pptx
1.Seydhcuxhxyxhccuuxuxyxyxmisolids 2019.pptx1.Seydhcuxhxyxhccuuxuxyxyxmisolids 2019.pptx
1.Seydhcuxhxyxhccuuxuxyxyxmisolids 2019.pptx
Tiktokethiodaily
 
一比一原版(UPenn毕业证)宾夕法尼亚大学毕业证成绩单
一比一原版(UPenn毕业证)宾夕法尼亚大学毕业证成绩单一比一原版(UPenn毕业证)宾夕法尼亚大学毕业证成绩单
一比一原版(UPenn毕业证)宾夕法尼亚大学毕业证成绩单
ewymefz
 
Chatty Kathy - UNC Bootcamp Final Project Presentation - Final Version - 5.23...
Chatty Kathy - UNC Bootcamp Final Project Presentation - Final Version - 5.23...Chatty Kathy - UNC Bootcamp Final Project Presentation - Final Version - 5.23...
Chatty Kathy - UNC Bootcamp Final Project Presentation - Final Version - 5.23...
John Andrews
 
Opendatabay - Open Data Marketplace.pptx
Opendatabay - Open Data Marketplace.pptxOpendatabay - Open Data Marketplace.pptx
Opendatabay - Open Data Marketplace.pptx
Opendatabay
 

Recently uploaded (20)

一比一原版(UniSA毕业证书)南澳大学毕业证如何办理
一比一原版(UniSA毕业证书)南澳大学毕业证如何办理一比一原版(UniSA毕业证书)南澳大学毕业证如何办理
一比一原版(UniSA毕业证书)南澳大学毕业证如何办理
 
一比一原版(TWU毕业证)西三一大学毕业证成绩单
一比一原版(TWU毕业证)西三一大学毕业证成绩单一比一原版(TWU毕业证)西三一大学毕业证成绩单
一比一原版(TWU毕业证)西三一大学毕业证成绩单
 
一比一原版(UIUC毕业证)伊利诺伊大学|厄巴纳-香槟分校毕业证如何办理
一比一原版(UIUC毕业证)伊利诺伊大学|厄巴纳-香槟分校毕业证如何办理一比一原版(UIUC毕业证)伊利诺伊大学|厄巴纳-香槟分校毕业证如何办理
一比一原版(UIUC毕业证)伊利诺伊大学|厄巴纳-香槟分校毕业证如何办理
 
FP Growth Algorithm and its Applications
FP Growth Algorithm and its ApplicationsFP Growth Algorithm and its Applications
FP Growth Algorithm and its Applications
 
Data Centers - Striving Within A Narrow Range - Research Report - MCG - May 2...
Data Centers - Striving Within A Narrow Range - Research Report - MCG - May 2...Data Centers - Striving Within A Narrow Range - Research Report - MCG - May 2...
Data Centers - Striving Within A Narrow Range - Research Report - MCG - May 2...
 
Best best suvichar in gujarati english meaning of this sentence as Silk road ...
Best best suvichar in gujarati english meaning of this sentence as Silk road ...Best best suvichar in gujarati english meaning of this sentence as Silk road ...
Best best suvichar in gujarati english meaning of this sentence as Silk road ...
 
一比一原版(RUG毕业证)格罗宁根大学毕业证成绩单
一比一原版(RUG毕业证)格罗宁根大学毕业证成绩单一比一原版(RUG毕业证)格罗宁根大学毕业证成绩单
一比一原版(RUG毕业证)格罗宁根大学毕业证成绩单
 
Adjusting primitives for graph : SHORT REPORT / NOTES
Adjusting primitives for graph : SHORT REPORT / NOTESAdjusting primitives for graph : SHORT REPORT / NOTES
Adjusting primitives for graph : SHORT REPORT / NOTES
 
Predicting Product Ad Campaign Performance: A Data Analysis Project Presentation
Predicting Product Ad Campaign Performance: A Data Analysis Project PresentationPredicting Product Ad Campaign Performance: A Data Analysis Project Presentation
Predicting Product Ad Campaign Performance: A Data Analysis Project Presentation
 
一比一原版(Adelaide毕业证书)阿德莱德大学毕业证如何办理
一比一原版(Adelaide毕业证书)阿德莱德大学毕业证如何办理一比一原版(Adelaide毕业证书)阿德莱德大学毕业证如何办理
一比一原版(Adelaide毕业证书)阿德莱德大学毕业证如何办理
 
一比一原版(UVic毕业证)维多利亚大学毕业证成绩单
一比一原版(UVic毕业证)维多利亚大学毕业证成绩单一比一原版(UVic毕业证)维多利亚大学毕业证成绩单
一比一原版(UVic毕业证)维多利亚大学毕业证成绩单
 
Machine learning and optimization techniques for electrical drives.pptx
Machine learning and optimization techniques for electrical drives.pptxMachine learning and optimization techniques for electrical drives.pptx
Machine learning and optimization techniques for electrical drives.pptx
 
一比一原版(CU毕业证)卡尔顿大学毕业证成绩单
一比一原版(CU毕业证)卡尔顿大学毕业证成绩单一比一原版(CU毕业证)卡尔顿大学毕业证成绩单
一比一原版(CU毕业证)卡尔顿大学毕业证成绩单
 
Ch03-Managing the Object-Oriented Information Systems Project a.pdf
Ch03-Managing the Object-Oriented Information Systems Project a.pdfCh03-Managing the Object-Oriented Information Systems Project a.pdf
Ch03-Managing the Object-Oriented Information Systems Project a.pdf
 
【社内勉強会資料_Octo: An Open-Source Generalist Robot Policy】
【社内勉強会資料_Octo: An Open-Source Generalist Robot Policy】【社内勉強会資料_Octo: An Open-Source Generalist Robot Policy】
【社内勉強会資料_Octo: An Open-Source Generalist Robot Policy】
 
一比一原版(IIT毕业证)伊利诺伊理工大学毕业证成绩单
一比一原版(IIT毕业证)伊利诺伊理工大学毕业证成绩单一比一原版(IIT毕业证)伊利诺伊理工大学毕业证成绩单
一比一原版(IIT毕业证)伊利诺伊理工大学毕业证成绩单
 
1.Seydhcuxhxyxhccuuxuxyxyxmisolids 2019.pptx
1.Seydhcuxhxyxhccuuxuxyxyxmisolids 2019.pptx1.Seydhcuxhxyxhccuuxuxyxyxmisolids 2019.pptx
1.Seydhcuxhxyxhccuuxuxyxyxmisolids 2019.pptx
 
一比一原版(UPenn毕业证)宾夕法尼亚大学毕业证成绩单
一比一原版(UPenn毕业证)宾夕法尼亚大学毕业证成绩单一比一原版(UPenn毕业证)宾夕法尼亚大学毕业证成绩单
一比一原版(UPenn毕业证)宾夕法尼亚大学毕业证成绩单
 
Chatty Kathy - UNC Bootcamp Final Project Presentation - Final Version - 5.23...
Chatty Kathy - UNC Bootcamp Final Project Presentation - Final Version - 5.23...Chatty Kathy - UNC Bootcamp Final Project Presentation - Final Version - 5.23...
Chatty Kathy - UNC Bootcamp Final Project Presentation - Final Version - 5.23...
 
Opendatabay - Open Data Marketplace.pptx
Opendatabay - Open Data Marketplace.pptxOpendatabay - Open Data Marketplace.pptx
Opendatabay - Open Data Marketplace.pptx
 

Business Objects Security

  • 1. ​​ ​​ ​​ ​​ ​​ ​​ ​​ ​​ ​   Business​ ​Objects​ ​Security        In the past few years as VP of GB&Smith 360Suite, I have been working with hundreds of                                  customers using 360Suite tools for Business Objects. A common issue with most deployments is                            how Business Objects Security, with a capital “S”, is perceived whether it is by IT, QA, CISO or                                    any person in an organization. Typically models are extremely complex, they lack common                          sense and implementers have a poor understanding of regulations. Security needs to have                          answers​ ​to​ ​the​ ​“W”​ ​questions:​ ​​Who,​ ​When,​ ​What,​ ​Why​ ​&​ ​Where.    Security in an organization is more than ‘Who has access to what’. Security in SAP Business                                Objects​ ​can​ ​be​ ​related​ ​to:  Who​ ​has​ ​access​ ​to​ ​What  Who​ ​had​ ​access​ ​to​ ​What  ….      Who​ ​has​ ​access​ ​to​ ​what?​ ​Or​ ​account​ ​certification    Who​ ​has​ ​access​ ​to​ ​What?​ ​Easy​ ​to​ ​ask,​ ​tough​ ​to​ ​answer!  I had the chance to work with banks, federal entities and fortune 500 companies. An honest                                answer​ ​to​ ​this​ ​simple​ ​question​ ​is,​ ​“I​ ​do​ ​not​ ​know”.  Security models need to be as simple as possible working from a Role or Group and avoid                                  individual user security. Most of the time, security rights are poorly implemented without                          understanding the needs or of the security’s life cycle management. Over time, organizations                          forget​ ​what​ ​was​ ​exactly​ ​granted​ ​to​ ​specific​ ​users​ ​and​ ​the​ ​impacts​ ​on​ ​the​ ​environments.  The ​best way to secure a deployment is at the ​database level​, using row-level security.                              Additional​ ​security​ ​can​ ​be​ ​applied​ ​at​ ​the​ ​reporting​ ​level.  For legacy environments, where it is difficult to accurately map out security, 360Suite can export                              security​ ​via​ ​excel​ ​and​ ​import​ ​it​ ​back​ ​with​ ​modifications.    Current State in Business Objects​: It is only easy to find explicit rights. The issue is, when you assign                                      security, it impacts the entire environment like a domino effect. Each time you make a change,                                it​ ​can​ ​have​ ​downstream​ ​effects.​ ​At​ ​the​ ​end​ ​of​ ​it​ ​all,​ ​it​ ​has​ ​turned​ ​into​ ​a​ ​maze.   The most common way to keep track of such changes for the best deployments is to make                                  changes on an excel file, with the X axis being resources to be secured and the Y axis being                                        1 
  • 2.   users and ​groups to be secured. This is pretty easy to do in a company of 10 users but when you                                          start to reach deployments of 100 or more users it is very tricky to keep track of since there are                                        so many changes, people who change security come and go throughout the life of any                              organization.  Ask​ ​an​ ​admin​ ​What​ ​User​ ​Bob​ ​has​ ​access​ ​to​ ​in​ ​detail,​ ​the​ ​honest​ ​answer​ ​is​ ​“I​ ​don’t​ ​know”.  Ask the CIO who has access to “Finance folders” with all detailed security, the honest answer is                                  “I​ ​don’t​ ​know”​ ​or​ ​“let​ ​me​ ​refer​ ​to​ ​an​ ​old​ ​Excel​ ​file”.    360Suite Solutions​: 360Suite provides a ​real-time view of security​, and offers the possibility to                            document it via an Excel export. Not possible in Business Objects. You also have the possibility to                                  make changes to security and see all the impacted rights (inheritance and double                          inheritance).  Our​ ​tools​ ​offer​ ​the​ ​possibility​ ​to​ ​use​ ​a​ ​​user​ ​centric​​ ​and​ ​​resource​ ​centric​​ ​view​ ​to​ ​audit​ ​security.           Use case​: Edward Snowden Case. Gaining a clear view of security with 360View. It would have                                been very simple to recognize that Snowden had admin rights on most resources, such as                              viewing​ ​inheritance​ ​and​ ​rights​ ​to​ ​modify​ ​security.       Account​ ​Recertification    Are accounts still needed and accurate? Large organizations and federal organizations need                        to perform such recertification on a regular basis depending on their regulatory requirements.                          Some organizations do an annual account recertification and then perform quarterly                      recertification​ ​based​ ​on​ ​a​ ​predefined​ ​%​ ​of​ ​accounts.      2  
  • 3. ​​ ​​ ​​ ​​ ​​ ​​ ​​ ​​ ​   Current​ ​State​ ​in​ ​Business​ ​Objects​:​ ​At​ ​present,​ ​this​ ​not​ ​something​ ​that​ ​is​ ​being​ ​handled.    360Suite​ ​Solutions​:​ ​This​ ​is​ ​a​ ​multiple​ ​step​ ​process​ ​involving​ ​Users/Resources/Security.  First, you need to determine whether user access is still needed, this is based on an                                organization’s policy. Next, you need to have access and document security at the deepest                            level. Then compare it to the policy in place. 360 allows to modify directly in XLS and push back                                      security. In certain cases, you might want to use a work flow with comments associated to each                                  change.  Other steps based on activity or non-activity level, 360Suite is able to capture, report and fine                                tune​ ​recertification​ ​and​ ​trigger​ ​whether​ ​a​ ​specific​ ​user​ ​needs​ ​to​ ​be​ ​recertified​ ​or​ ​not.  Unlinked​ ​users​​ ​and​ ​unlinked​ ​groups.​ ​360​ ​is​ ​able​ ​to​ ​find​ ​and​ ​cleanup​ ​such​ ​unlinked​ ​actors.    Use case​: I had the chance to work with multiple organizations including federal ones. I can say                                  that ​in 90% of the cases their account recertification was either false or inaccurate​. Typically,                              the main reasons are a mix of a poor understanding of account recertification rules, poor                              training of people implementing recertification, poor understanding of IT architecture from                      policy​ ​makers​ ​and​ ​an​ ​overall​ ​inability​ ​to​ ​have​ ​access​ ​to​ ​detailed​ ​information.       Who​ ​had​ ​access​ ​to​ ​what?     Who had access to What? A common answer to that is “I don’t know” and “do not know what                                      the​ ​security​ ​changes​ ​were”.  Last year while working with a large East Coast Hospital, they had an urgent need to show who                                    had access to a specific folder six months earlier regulated by HIPAA. The answer is they could                                  only​ ​guess​ ​and​ ​furthermore​ ​had​ ​no​ ​idea​ ​of​ ​any​ ​security​ ​changes.    Current State in Business Objects​: Currently, the only answer to this question is to rollback to a                                  previous backup. Once this is done, determine the explicit rights. No information is available re                              the life cycle management of the security changes for that specific resource.                        https://360suite.io/2017/03/10/rollback-security-business-objects/     360Suite Solutions​: 360Suite is able to take daily snapshots of security and compare changes                            over time like a time machine. Workflows to cover the security life cycle management can be                                handled,​ ​auditing​ ​any​ ​changes​ ​in​ ​the​ ​security.       Segregation​ ​Of​ ​Duties    SOD​​ ​rules​ ​are​ ​typically​ ​easy​ ​to​ ​determine,​ ​a​ ​little​ ​tougher​ ​to​ ​implement​ ​and​ ​tough​ ​to​ ​control.    Current State in Business Objects​: It is possible to implement SOD rules in Business Objects but                              virtually​ ​impossible​ ​to​ ​track​ ​and​ ​check​ ​them.    360Suite Solutions​: SOD is managed very easily due to a 360Suite Patent allowing admins to                              display and manage security. For a specific segregation, a Matrix appears with users selected                            on X axis and resources on Y axis. As a result, you can check all the security for the zone and if                                            there​ ​are​ ​any​ ​issues,​ ​you​ ​can​ ​modify​ ​it​ ​and​ ​see​ ​all​ ​the​ ​impacted​ ​rights.      3 
  • 4.       Use case​: 2 years ago we were doing a POC for a prospect specializing in manufacturing. The                                  Customer initially was interested in our ​BI on BI solutions​. While exchanging conversations with                            the customer he mentioned the complexity of his security model and was curious to check his                                SOD in the Accounting Dept. Funny enough, he found out that the person handling payments                              could also handle PO’s, never a good idea and a typical SOD breach. The customer                              investigated and discovered the reason for the breach, it was because the person changed                            roles within the organization and was removed from the previous role at an explicit level but not                                  the​ ​inheritance​ ​level.​ ​As​ ​a​ ​result,​ ​the​ ​POC​ ​lasted​ ​10​ ​days​ ​and​ ​we​ ​received​ ​a​ ​PO​ ​shortly​ ​after.       Life​ ​Cycle​ ​Management​ ​of​ ​users​ ​leaving​ ​and​ ​changing​ ​roles    How do you know if a user who left the organization still has rights? Or a user who moved to a                                          new​ ​department​ ​does​ ​not​ ​have​ ​access​ ​to​ ​his​ ​old​ ​resources?     Current State in Business Objects​: Explicit permissions can be found and administrators need to                            go fishing (and be lucky enough) to determine what the inherited and double inherited                            permissions are. By default, if a user is deleted and they own documents or instances, they are                                  reassigned​ ​to​ ​the​ ​Administrator.    360Suite solutions​: When a user leaves an organization, or changes roles, 360Suite offers the                            “Swap” feature. You enter the name of the old user and the new user and the object                                  ownership​ ​is​ ​transferred​ ​from​ ​one​ ​to​ ​the​ ​other​ ​within​ ​3​ ​clicks!​ ​   When a user leaves an organization, he/she is typically disconnected from the organization                          directory and the link between the organization directory and Business Objects is lost. However,                            the user (if an Enterprise alias has been created which is a best practice) is still in Business                                    Objects, typically without access granted. 360Suite finds all these unlinked users and provides                          the​ ​ability​ ​to​ ​remove​ ​them.    4  
  • 5. ​​ ​​ ​​ ​​ ​​ ​​ ​​ ​​ ​   360Suite also offers the opportunity to provide a report verifying that the user who left the                                company no longer has access to anything and is not unlinked. For users who moved in the                                  organization,​ ​a​ ​security​ ​report​ ​can​ ​be​ ​issued​ ​comparing​ ​old​ ​and​ ​new​ ​security.    Use case​: The most famous and expensive banking scandal was caused by a trader who                              changed roles within the financial organization. Since the user changed roles within the                          organization, he kept access to a few older resources. Moral of the story, the user used old                                  credentials​ ​and​ ​caused​ ​the​ ​bank​ ​to​ ​lose​ ​billions.       Backup​ ​Disaster​ ​and​ ​Recovery    In the past few years, when asking clients if they have fully stressed their Business Objects                                Backup / Disaster / Recovery… answer is > 80% of cases “we have not”. By experience, I know                                    this​ ​is​ ​true​ ​in​ ​>​ ​95%​ ​of​ ​cases.    Current state in Business Objects​: It is possible to do full backup, prepare for disaster and                                recovery with BOBJ out of the box. This task is very challenging and most people fail while                                  tackling it and take laborious hours and days to finish the job. Reason is you need to have a full                                        backup of the filestore (FRSinput/FRSoutput) and backup of repository database schema. All of                          these need to be in sync. Once you have that, you need to have a server ready with BOE                                      installed, and a proper DB Schema. For more details read:                    https://360suite.io/2017/07/11/business-objects-disaster-recovery-strategy/  VMs are the most common way to prepare for DR, the issue you have is if you have a corrupted                                        object, universe, version, etc. it is of no help. Last year I had an aerospace organization who                                  learned​ ​that​ ​the​ ​hard​ ​way.    360Suite Solution​: In Business Objects when you generate a backup, it takes a very large                              amount of objects and treats it as 1 mega BIAR, making it hard to promote and impossible to                                    disassociate. 360Plus is able to manage 1 backup per object, universe, report, user, etc., as a                                result​ ​it​ ​is​ ​very​ ​flexible​ ​to​ ​promote​ ​and​ ​each​ ​individual​ ​object​ ​can​ ​be​ ​selectively​ ​restored.  If you have a corrupted VM you just roll back to the uncorrupted object(s) and restore. In case                                    of a DR, you just ask the tool to restore Full content or content from date X to date Y and you                                            are​ ​up​ ​and​ ​running.​ ​This​ ​is​ ​as​ ​simple​ ​to​ ​use​ ​as​ ​the​ ​time​ ​machine​ ​I​ ​use​ ​with​ ​my​ ​MacBook​ ​Pro.    Use Case​: Recently, over a weekend, a hospital did an upgrade to the latest version of SAP                                  BusinessObjects. On the following Monday morning, I received a phone call from the                          customer… “Bruno we upgraded to latest BOBJ version but have serious issues. We need to                              rollback​ ​ASAP.”​ ​Within​ ​1-2​ ​hours,​ ​the​ ​customer​ ​was​ ​running​ ​on​ ​the​ ​previous​ ​version.   I have witnessed a more challenging cases with federal customers who upgraded to the latest                              BOBJ version after 2 months of preparation (at the time of this issue they were considering                                buying our tools but had not yet, still a POC). In the process of this migration, the customer                                    installed the new version of Business Objects, on top of the previous version (I never recommend                                that). After a few days, the customer realized that certain applications, despite initial                          preparations and testing, had major issues. The problem in this scenario, they could not rollback                              to​ ​the​ ​previous​ ​version.  I have seen so many stories like the ones above; a fire in a server room, person physically                                    removing​ ​and​ ​damaging​ ​a​ ​SAN,​ ​administrator​ ​doing​ ​false​ ​manipulation,​ ​etc.      5 
  • 6.     Version​ ​management    In most organizations, you have multiple report developers working on the same report. Cases                            like when you work on a Microsoft Word document, exchange it with co-workers who does the                                modifications, and at the end you have so many versions you have no idea what the proper                                  version​ ​is,​ ​the​ ​visibility​ ​of​ ​who​ ​changed​ ​what,​ ​and​ ​what​ ​was​ ​changed.     Current state in Business Objects​: Limited version management is possible out of the box but                              does not comply with most regulations such as FISMA, SOX, HIPAA, etc. Read the article on                                version​ ​control​ ​​https://360suite.io/2017/06/15/360suite-business-objects-version-control/    360Suite Solution​: 360Suite offers the possibility to Check in & Check out. While a report is                                checked out, only developer who checked it out. (The Administrator can unlock if necessary).                            When reports are checked in, version # is assigned and comments can be added. As a result,                                  you have full report traceability of changes and the ability to compare, promote and restore                              versions​ ​as​ ​well.     Use case​: All regulated industries for GRC need to be able to answer: Who changed What?                                When? In which report? With the ability to see changes. Certain organizations can be more                              demanding than others. Last year, the US Treasury asked us to deliver a feature in version                                control that includes workflows. Before reports or universes are promoted between                    environments, they need to be approved by specific users. The Use Case for Version                            management​ ​is​ ​complete​ ​report​ ​traceability.      Wrong​ ​report​ ​bursted​ ​into​ ​inboxes!    This is a common problem despite internal procedures, what can you do when the wrong                              report has been bursted into BOBJ inboxes. Send a message to the recipients “do not open!” (I                                  have seen that) you can bet recipients will open! Or you can wish you could delete that action,                                    what​ ​if​ ​I​ ​told​ ​you…Yes​ ​you​ ​can!    Current state in Business Objects​: There is nothing you can do about this issue without manually                                going​ ​into​ ​each​ ​users’​ ​BOBJ​ ​inbox.     360Suite Solution​: 360Suite offers the ability to selectively choose to burst a specific report, on a                                specific date. For Bursting, 360Suite offers the ability to manage bursting dynamically or                          semi-dynamically. As a result, you get all your bursting via excel and you can simply modify the                                  destination, filter values, prompt values, format, etc., with the possibility to manage password for                            recipients.     Use case​: One of the customers who requested that feature, blasted sensitive HR information to                              wrong recipients. This created a huge problem. With the bursting feature, the problem could                            have​ ​been​ ​solved​ ​or​ ​limited​ ​depending​ ​on​ ​how​ ​fast​ ​actions​ ​could​ ​have​ ​been​ ​taken.       Secure​ ​your​ ​bursted​ ​reports      6  
  • 7. ​​ ​​ ​​ ​​ ​​ ​​ ​​ ​​ ​   It​ ​is​ ​always​ ​better​ ​to​ ​follow​ ​bursted​ ​reports​ ​with​ ​passwords!​ ​(If​ ​you​ ​remember​ ​your​ ​password)    Current state in Business Objects​: You cannot secure your scheduled/bursted report with a                          password.    360Suite Solutions​: Don’t fret, 360Suite offers the ability to secure your bursted reports with                            passwords!    Use case​: We specifically developed that feature for a customer who bursted sales information                            to​ ​the​ ​wrong​ ​customers​ ​(incidentally,​ ​it​ ​was​ ​the​ ​customer’s​ ​competitor).      Regression​ ​testing    Showing inaccurate data can be a serious security and compliance problem. Whether you do                            an upgrade, a migration, implement a service pack or make a change on DB side regressions…                                it​ ​does​ ​happen.​ ​The​ ​only​ ​question​ ​is​ ​where​ ​it​ ​is?    Current​ ​state​ ​in​ ​Business​ ​Objects​:​ ​Regression​ ​testing​ ​is​ ​not​ ​available​ ​out​ ​of​ ​the​ ​box.     360Suite Solutions​: 360suite offers the ability to automate all your regression testing with the                            possibility to check data and pixels inside the reports. Processes can be automated and results                              can be e-mailed to reports’ recipients. 360Suite also manages security so that only the recipient                              can​ ​see​ ​the​ ​data,​ ​and​ ​regression​ ​testing​ ​results​ ​are​ ​not​ ​shared​ ​to​ ​inappropriate​ ​people.   Once regressions are found, 360Suite can perform impact analysis across the entire                        environment and check if such regression is affecting other reports. If the issue is with report                                variable,​ ​360Suite​ ​is​ ​then​ ​able​ ​to​ ​update​ ​all​ ​affected​ ​reports​ ​in​ ​bulk.    Use case​: We have seen so many cases dealing with regressions, typically not good stories for                                customers. We have stories about customers publishing false financial data, central banks                        freezing​ ​service​ ​packs,​ ​utility​ ​organization​ ​sending​ ​false​ ​bills,​ ​etc.   Let’s take a pure ROI use case. One of our customers is a Motorcycle Manufacturer, and in the                                    past they had 14 consultants searching for their regressions due to their regulatory needs, now                              with​ ​360​ ​they​ ​only​ ​need​ ​2​ ​consultants.      7 
  • 8.         360Suite​ ​application​ ​security    By default, 360Suite has the same security as Business Objects by default, it is also possible to                                  apply​ ​more​ ​restrictive​ ​security.    Use case​: A healthcare organization needed to provide admin access to multiple users in order                              to kill sessions (very bad practice) as their security model was not allowing them to do granular                                  rights. With 360Suite, they were able to limit access rights of non IT Admins so that they could use                                      admin​ ​credentials​ ​only​ ​to​ ​kill​ ​sessions.      Improper​ ​Universe​ ​Object​ ​Description    Over time, deployments grow and grow and go through different developers, eventually                        organizations​ ​perform​ ​acquisitions​ ​and​ ​object​ ​descriptions​ ​become​ ​less​ ​and​ ​less​ ​streamlined.  How does that affect security? Without proper nomenclature of Universe content, it is very                          difficult​ ​to​ ​keep​ ​track​ ​of​ ​why​ ​such​ ​Objects​ ​exists​ ​and​ ​what​ ​sensitive​ ​information​ ​it​ ​relates​ ​to.    Current state in Business Objects​: You can manually update 1 by 1 and it is extremely                                time-consuming​ ​and​ ​error​ ​prone.    360Suite Solutions​: You have the possibility to export and document all Universe content Classes,                            objects names, objects descriptions, field types, object select, etc. Make any necessary                        updates,​ ​deletes,​ ​inserts​ ​in​ ​excel,​ ​and​ ​import​ ​the​ ​excel​ ​file​ ​to​ ​update​ ​in​ ​bulk.      8  
  • 9. ​​ ​​ ​​ ​​ ​​ ​​ ​​ ​​ ​   Use case​: I remember back in 1999, there was the concern of the Y2K bug (for the most part it                                        was a big scam, and a good way for consulting companies to sell services). For certain                                organizations it was a big security issue. Problem was people who coded software rarely left                              notes around fields relating to dates. Back in those days, I use to go to Japan frequently and I                                      saw it was not a serious problem. One of the reasons (outside of low employee turnover) was                                  that they kept excellent Object descriptions. More recently I have seen organizations with a                            need​ ​to​ ​have​ ​unified​ ​nomenclatures​ ​around​ ​objects​ ​relating​ ​to​ ​SSN​ ​or​ ​country​ ​of​ ​residence.      Regulatory​ ​needs    Most regulations have similar needs whether it is HIPAA, SOX, FISMA, GDPR                        (​https://360suite.io/2017/09/06/gdpr-360suite-tools-sap-businessobjects/ and    https://360suite.io/2017/10/19/business-objects-regulations/​)  All​ ​these​ ​regulations​ ​need​ ​to​ ​answer​ ​the​ ​W​ ​questions:​ ​Who,​ ​What,​ ​When,​ ​Where​ ​&​ ​Why.  You may think it is pretty common sense… Well it is! However, I worked with 5 big consulting firms                                      and​ ​most​ ​of​ ​the​ ​time​ ​they​ ​could​ ​not​ ​simply​ ​explain​ ​the​ ​W’s​ ​and​ ​how​ ​to​ ​retrieve​ ​that​ ​info.  A great example is organizations that need to be SOX compliant often have their data SOX but                                  never think that Business Objects publishes such info. Mind you, Business Objects needs to be                              SOX​ ​compliant​ ​as​ ​well.    Current state in Business Objects​: There are inherent limitations, therefore answering all W’s as all                              sourced​ ​can’t​ ​be​ ​queried​ ​out​ ​of​ ​the​ ​box.  Answering all the W’s in Business Objects is impossible due to the lack of access of all metadata,                                    capture​ ​of​ ​all​ ​historical​ ​changes/updates,​ ​etc.    360Suite Solutions​: 360Suite allows to capture all the Metadata, historical changes, updates,                        etc.    Use Case​: With our customers, the organizations that are the most careful about Regulatory                            needs are Banks. Well yes, like all banks in the US and Europe, but I am speaking of banks                                      particularly​ ​in​ ​Switzerland!      Security is very complex in Business Objects as typically, BOBJ is used as a reporting tool                                capturing data from multiple sources and users within organizations. With common sense, basic                          knowledge and proper tools, it is very easy to a have secured deployment and answer to the                                  W’s: Who, When, What, Where & Why.  As a last note, I have seen many organizations going                                  from OBIEE, Cognos to SAP Business Objects. The reason being is, it is far safer to use and less                                      flexible​ ​which​ ​is​ ​a​ ​good​ ​thing​ ​for​ ​security.    Request​ ​a​ ​Trial​ ​today​ ​from​ ​​https://360suite.io/     How​ ​our​ ​customers used​ ​and​ ​conquered​ ​with​ ​360Suite  https://360suite.io/sap-business-objects/use-cases/      9