SlideShare a Scribd company logo

Component Level Security

S
sdevillers

A closer look at SwiftKnowledge Component Level Security

1 of 8
TECHNICAL NOTE SwiftKnowledge Component-Level Security™ A Unique Approach to True Security Granularity
TECHNICAL NOTE SwiftKnowledge Component-Level Security Executive Summary In today’s business climate where data proliferation is the norm, companies readily acknowledge the need to unlock their data’s hidden intelligence in order to outperform their competition. And successfully leveraging this data requires a comprehensive data management plan that features, among other things, data mining and business intelligence. Yet many IT organizations resist such initiatives because they harbor security concerns about exposing sensitive company data to these types of mining and analysis applications; this issue escalates when external as well as internal audiences require access to the data. They raise valid questions, such as: “Who should have access?” “Can I host all of my customer data in one database yet maintain differential security “Which data are users allowed to access?” access?” To address these concerns, SwiftKnowledge advocates securing data down to the individual cell—rather than just to the folder structure or report level. This tech note explains SwiftKnowledge’s cell-based granular security approach—an approach powered by our patented, Component-Level Security™ (CLS)—and the benefits it provides organizations with regards to flexibility and performance. This tech note also discusses how SwiftKnowledge addresses typical security issues surrounding the concept of multi-tenancy (multiple customer data stored within the same database and/or within the same application entry point), and sup- ports an organization’s overall needs relating to data security, object security and functionality security. 2
TECHNICAL NOTE SwiftKnowledge Component-Level Security SwiftKnowledge Component-Level Security— A Unique Approach to Data Security SwiftKnowledge’s patented CLS delivers targeted content, features and functionality according to centrally- defined user profiles and roles, and secures data granularly down to the individual cell, for maximum control that’s easy to maintain. The technology also maintains content access audit trails for regulatory compliance and supports multi-tenancy deployments for commercial BI SaaS applications. SwiftKnowledge CLS supports the needs of many large organizations that have complex, constantly changing, hierarchical reporting structures. For instance, a subordinate individual today may be promoted and then managing several individuals tomorrow. A sales manager wants detailed visibility on the performance of his team but also needs summarized performance information about the performance of his peers (while not seeing the details of that peer performance). SwiftKnowledge supports complex and evolving business organizations such as the one described above, allowing individuals who may not be security experts to set up secure access to their information assets. SwiftKnowledge security also is additive, meaning a user’s effective list of menu, data and functionality rights is determined by the rights of every group to which they belong. This feature is important because administrators can manage all access at a group level, rather than individually by user (this feature is illustrated later in this document, in the second to last image). The following sections describe the three main areas controlled by SwiftKnowledge CLS: menu (object) security, rights (functionality) security and data security. Menu Security The SwiftKnowledge menu is a primary means of navigating to content. Within the menu are folders and subfolders, and links to BI content, documents, and internal or external web site content. Generically speaking, these components all are viewed as “objects” from a security perspective and are managed by the SwiftKnowledge security in the same way. The following image shows the permissions dialog for a folder named “Site Management,” within which are several site management console options used by a SwiftKnowledge administrator to assign very granular access permissions. Currently, the security is set such that only members of the groups “Group Admin” and “Site Admin” can view any content existing in the “Site Management” folder. 3
TECHNICAL NOTE SwiftKnowledge Component-Level Security From here, one can add additional groups or users, and choose to assign access only at the current folder or to all sub-folders as well. An administrator also can assign access privileges to individual items within folders, so two users in the same group may experience varying degrees of overlap in the content they see and access in the same folder. While these components are visible and accessible to users of these groups, users cannot necessarily access all the possible features and functionality rights with a given object. This topic is discussed in more detail in the next section. 4
TECHNICAL NOTE SwiftKnowledge Component-Level Security Rights Security SwiftKnowledge’s web interface provides an extensive list of user rights equating to which functionality users are permitted to utilize when interacting with SwiftKnowledge reports. Rights can be assigned at a user or group level; the image to the left shows a list of available rights assignable to a group. Administrative rights (shown below) only can be assigned at a user level. As with menu security, a user’s effective rights are a sum of rights from the groups to which a user belongs, in addition to those assigned at the user level. At this point, combining only menu security and rights security goes a long way toward securing content in SwiftKnowledge, but true granular security at the data level—security that scales across the organization and beyond to customers or partners—results when menu and rights security is combined with data security. While securing data down to the cell level may not be required by all organizations, using SwiftKnowledge’s trio of menu-, rights- and data-level security provides a complete and robust security model unmatched by any other BI vendor in the industry. 5
TECHNICAL NOTE SwiftKnowledge Component-Level Security Data Security The final and most important piece of SwiftKnowledge CLS is security at the data level. Organizations can confidently secure data access down to the cell level when publishing reports, giving them unmatched security and greater efficiencies as well. A single report can be deployed to a group of users, with each individual user seeing only the data to which they have permissions to access (see below). Similarly, a single report showing product sales by territory may display different data based upon the report consumer. View for User A View for User B Note: Additionally, lower-level drilling is available for User A (depicted by the “+” icon next to the product categories) because that user right has been extended to User A, but not for User B. In the preceding example, two different product managers from a manufacturing company each are analyzing product sales by territory. Each user is viewing the same report, but the data populating the report and charts is tied to each user’s respective geography (User A – United Sates; and User B – France). This aspect of CLS eliminates the need to create different reports from different users and provides a consistent view of relevant data to users. In a multi-tenant approach, organizations striving to maximize their hardware investments and host all customer data in a single database can confidently do so with SwiftKnowledge, knowing CLS provides each customer with access only to their own data, while preventing access to any other data. The next series of diagrams illustrate CLS’ administrative interfaces, which are used to easily and effectively set data cell security. 6
TECHNICAL NOTE SwiftKnowledge Component-Level Security Group 1 Group 2 Group 1 can access Clothing (but not its subproducts) & United States; group 2 can access Bikes (and its subproducts) & France This report view is for a user who belongs to both group 1 and group 2— note the additive effect of the group security in overlaying data access 7
TECHNICAL NOTE SwiftKnowledge Component-Level Security Conclusion Information managers, DBAs, data stewards and even CIOs all are being driven toward better leverag- ing their sensitive data to maximize efficiencies, increase profit, contain costs, etc. – the list goes on. By definition, the diversity of these and other data applications require participation from virtually all areas of any organization, and perhaps even beyond it. Consequently, data security usually tops the list of the many concerns surrounding extending data access to broad and diverse groups. SwiftKnowledge CLS was created to be extensible and easy to configure. While CLS management is easily accomplished through a user-friendly interface, it also can be automated for bulk user/group loading of large numbers of users. Additionally, native authentication is provided by SwiftKnowledge yet can be eas- ily configured to use Active Directory, LDAP or any third-party authentication service. SwiftKnowledge CLS provides unrivaled granularity of security and minimizes concerns that surround deploying web-based BI content to intranet and extranet audiences. In addition, multi-tenancy at the database is becoming increasingly popular, especially in SaaS environments, and presents a compelling use case for which CLS is particularly well-suited. Regardless of the deployment specifications, SwiftKnowledge CLS can be easily configured to meet any organization’s security requirements. 11010 Prairie Lakes Drive, Suite 155 SwiftKnowledge, LLC is a global software provider of powerful, patented business intelligence (BI) technology delivering a breakthrough experience for business users which Eden Prairie MN 55344 drives strategic metrics and enables better decision-making throughout an organization. The SwiftKnowledge BI platform enables a new era of easy-to-use BI applications offering Tel: 952.832.0166 a revolutionary, ad-hoc analysis experience in web time and with a zero-footprint web deployment; with its patented Interactive Data Streaming™ (IDS) and Component-Level Security™ (CLS), SwiftKnowledge provides unmatched performance, scalability and security. The company’s unique approach and support for cloud computing-based deployments Fax: 952.832.0269 and applications provides a robust yet sustainable solution for organizations integrating BI into operational applications; seeking an easy-to-use tool for heavy, ad-hoc BI workloads; Toll free: 866.283.3405 and operating within the limitations of constrained IT resources. For more information, visit www.swiftknowledge.com. Email: info@swiftknowledge.com © 2010 SwiftKnowledge. SwiftKnowledge and the SwiftKnowledge logo are registered trademarks or trademarks of www.swiftknowledge.com SwiftKnowledge, LLC in the USA and other countries. All other trade names are the property of their respective owner.

Recommended

Secure Computing With Java
Secure Computing With JavaSecure Computing With Java
Secure Computing With Javawhite paper
 
Mediating Applications on the Android System
Mediating Applications on the Android SystemMediating Applications on the Android System
Mediating Applications on the Android SystemNizar Maan
 
17702 HP-UX IIi SC Mag
17702 HP-UX IIi SC Mag17702 HP-UX IIi SC Mag
17702 HP-UX IIi SC MagAlex Glushchenko
 
PIV Card based Identity Assurance in Sun Ray and IDM environment
PIV Card based Identity Assurance in Sun Ray and IDM environmentPIV Card based Identity Assurance in Sun Ray and IDM environment
PIV Card based Identity Assurance in Sun Ray and IDM environmentRamesh Nagappan
 
SOSCOE Overview
SOSCOE OverviewSOSCOE Overview
SOSCOE OverviewJoshua L. Davis
 
Enhancing your mobile enterprise security with ibm worklight tips
Enhancing your mobile enterprise security with ibm worklight tipsEnhancing your mobile enterprise security with ibm worklight tips
Enhancing your mobile enterprise security with ibm worklight tipsbupbechanhgmail
 
SAFECode’s latest “Software Security Guidance for Agile Practitioners” White...
SAFECode’s latest “Software Security Guidance for Agile Practitioners” White...SAFECode’s latest “Software Security Guidance for Agile Practitioners” White...
SAFECode’s latest “Software Security Guidance for Agile Practitioners” White...EMC
 
Net framework session03
Net framework session03Net framework session03
Net framework session03Niit Care
 

Recommended

Secure Computing With Java
Secure Computing With JavaSecure Computing With Java
Secure Computing With Javawhite paper
 
Mediating Applications on the Android System
Mediating Applications on the Android SystemMediating Applications on the Android System
Mediating Applications on the Android SystemNizar Maan
 
17702 HP-UX IIi SC Mag
17702 HP-UX IIi SC Mag17702 HP-UX IIi SC Mag
17702 HP-UX IIi SC MagAlex Glushchenko
 
PIV Card based Identity Assurance in Sun Ray and IDM environment
PIV Card based Identity Assurance in Sun Ray and IDM environmentPIV Card based Identity Assurance in Sun Ray and IDM environment
PIV Card based Identity Assurance in Sun Ray and IDM environmentRamesh Nagappan
 
SOSCOE Overview
SOSCOE OverviewSOSCOE Overview
SOSCOE OverviewJoshua L. Davis
 
Enhancing your mobile enterprise security with ibm worklight tips
Enhancing your mobile enterprise security with ibm worklight tipsEnhancing your mobile enterprise security with ibm worklight tips
Enhancing your mobile enterprise security with ibm worklight tipsbupbechanhgmail
 
SAFECode’s latest “Software Security Guidance for Agile Practitioners” White...
SAFECode’s latest “Software Security Guidance for Agile Practitioners” White...SAFECode’s latest “Software Security Guidance for Agile Practitioners” White...
SAFECode’s latest “Software Security Guidance for Agile Practitioners” White...EMC
 
Net framework session03
Net framework session03Net framework session03
Net framework session03Niit Care
 
Maemo Platform Security Fosdem
Maemo Platform Security FosdemMaemo Platform Security Fosdem
Maemo Platform Security FosdemElena Reshetova
 
Intel vmcs-shadowing-paper
Intel vmcs-shadowing-paperIntel vmcs-shadowing-paper
Intel vmcs-shadowing-paperAhmed Sallam
 
Chained Enforceable Re-authentication Barrier Ensures Really Unbreakable Secu...
Chained Enforceable Re-authentication Barrier Ensures Really Unbreakable Secu...Chained Enforceable Re-authentication Barrier Ensures Really Unbreakable Secu...
Chained Enforceable Re-authentication Barrier Ensures Really Unbreakable Secu...Toshiharu Harada, Ph.D
 
IJET-V3I1P9
IJET-V3I1P9IJET-V3I1P9
IJET-V3I1P9IJET - International Journal of Engineering and Techniques
 
ESSENTIAL ACTIVITIES FOR SECURE SOFTWARE DEVELOPMENT
ESSENTIAL ACTIVITIES FOR SECURE SOFTWARE DEVELOPMENTESSENTIAL ACTIVITIES FOR SECURE SOFTWARE DEVELOPMENT
ESSENTIAL ACTIVITIES FOR SECURE SOFTWARE DEVELOPMENTijesajournal
 
Rfc3415
Rfc3415Rfc3415
Rfc3415Saurabh Maggo
 
IRJET- Privacy Preserving and Proficient Identity Search Techniques for C...
IRJET- Privacy Preserving and Proficient Identity Search Techniques for C...IRJET- Privacy Preserving and Proficient Identity Search Techniques for C...
IRJET- Privacy Preserving and Proficient Identity Search Techniques for C...IRJET Journal
 
Bluedog white paper - Our WebObjects Web Security Model
Bluedog white paper - Our WebObjects Web Security ModelBluedog white paper - Our WebObjects Web Security Model
Bluedog white paper - Our WebObjects Web Security Modeltom termini
 
oracle
oracleoracle
oracletarunamoria
 
Data base Access Control a look at Fine grain Access method
Data base Access Control a look at Fine grain Access methodData base Access Control a look at Fine grain Access method
Data base Access Control a look at Fine grain Access methodInternational Journal of Engineering Inventions www.ijeijournal.com
 
publishable paper
publishable paperpublishable paper
publishable paperchaitanya451336
 
Securing multi-tenancy systems through multi DB instances and multiple databa...
Securing multi-tenancy systems through multi DB instances and multiple databa...Securing multi-tenancy systems through multi DB instances and multiple databa...
Securing multi-tenancy systems through multi DB instances and multiple databa...IJECEIAES
 
Secure Desktop Computing In the Cloud
Secure Desktop Computing In the CloudSecure Desktop Computing In the Cloud
Secure Desktop Computing In the CloudIRJET Journal
 
Wireless Information Security System via Role based Access Control Pattern Us...
Wireless Information Security System via Role based Access Control Pattern Us...Wireless Information Security System via Role based Access Control Pattern Us...
Wireless Information Security System via Role based Access Control Pattern Us...ijcnes
 
Security on z/OS
Security on z/OSSecurity on z/OS
Security on z/OSIBM India Smarter Computing
 
Defensive coding practices is one of the most critical proactive s
Defensive coding practices is one of the most critical proactive sDefensive coding practices is one of the most critical proactive s
Defensive coding practices is one of the most critical proactive sLinaCovington707
 
Vulnerability Management in IT Infrastructure
Vulnerability Management in IT InfrastructureVulnerability Management in IT Infrastructure
Vulnerability Management in IT InfrastructureIRJET Journal
 
Secure Data Sharing in Cloud Computing Using Revocable-Storage Identity-Based...
Secure Data Sharing in Cloud Computing Using Revocable-Storage Identity-Based...Secure Data Sharing in Cloud Computing Using Revocable-Storage Identity-Based...
Secure Data Sharing in Cloud Computing Using Revocable-Storage Identity-Based...Yashwanth Reddy
 
CSEC630 individaul assign
CSEC630 individaul assignCSEC630 individaul assign
CSEC630 individaul assignRonald Jackson, Jr
 
Sa 006 modifiability
Sa 006 modifiabilitySa 006 modifiability
Sa 006 modifiabilityFrank Gielen
 
IRJET- Secure Scheme For Cloud-Based Multimedia Content Storage
IRJET- Secure Scheme For Cloud-Based Multimedia Content StorageIRJET- Secure Scheme For Cloud-Based Multimedia Content Storage
IRJET- Secure Scheme For Cloud-Based Multimedia Content StorageIRJET Journal
 
GreenSQL Security
GreenSQL Security GreenSQL Security
GreenSQL Securityijsrd.com
 

More Related Content

What's hot

Maemo Platform Security Fosdem
Maemo Platform Security FosdemMaemo Platform Security Fosdem
Maemo Platform Security FosdemElena Reshetova
 
Intel vmcs-shadowing-paper
Intel vmcs-shadowing-paperIntel vmcs-shadowing-paper
Intel vmcs-shadowing-paperAhmed Sallam
 
Chained Enforceable Re-authentication Barrier Ensures Really Unbreakable Secu...
Chained Enforceable Re-authentication Barrier Ensures Really Unbreakable Secu...Chained Enforceable Re-authentication Barrier Ensures Really Unbreakable Secu...
Chained Enforceable Re-authentication Barrier Ensures Really Unbreakable Secu...Toshiharu Harada, Ph.D
 
ESSENTIAL ACTIVITIES FOR SECURE SOFTWARE DEVELOPMENT
ESSENTIAL ACTIVITIES FOR SECURE SOFTWARE DEVELOPMENTESSENTIAL ACTIVITIES FOR SECURE SOFTWARE DEVELOPMENT
ESSENTIAL ACTIVITIES FOR SECURE SOFTWARE DEVELOPMENTijesajournal
 

What's hot (6)

Maemo Platform Security Fosdem
Maemo Platform Security FosdemMaemo Platform Security Fosdem
Maemo Platform Security Fosdem
 
Intel vmcs-shadowing-paper
Intel vmcs-shadowing-paperIntel vmcs-shadowing-paper
Intel vmcs-shadowing-paper
 
Chained Enforceable Re-authentication Barrier Ensures Really Unbreakable Secu...
Chained Enforceable Re-authentication Barrier Ensures Really Unbreakable Secu...Chained Enforceable Re-authentication Barrier Ensures Really Unbreakable Secu...
Chained Enforceable Re-authentication Barrier Ensures Really Unbreakable Secu...
 
IJET-V3I1P9
IJET-V3I1P9IJET-V3I1P9
IJET-V3I1P9
 
ESSENTIAL ACTIVITIES FOR SECURE SOFTWARE DEVELOPMENT
ESSENTIAL ACTIVITIES FOR SECURE SOFTWARE DEVELOPMENTESSENTIAL ACTIVITIES FOR SECURE SOFTWARE DEVELOPMENT
ESSENTIAL ACTIVITIES FOR SECURE SOFTWARE DEVELOPMENT
 
Rfc3415
Rfc3415Rfc3415
Rfc3415
 

Similar to Component Level Security

IRJET- Privacy Preserving and Proficient Identity Search Techniques for C...
IRJET- Privacy Preserving and Proficient Identity Search Techniques for C...IRJET- Privacy Preserving and Proficient Identity Search Techniques for C...
IRJET- Privacy Preserving and Proficient Identity Search Techniques for C...IRJET Journal
 
Bluedog white paper - Our WebObjects Web Security Model
Bluedog white paper - Our WebObjects Web Security ModelBluedog white paper - Our WebObjects Web Security Model
Bluedog white paper - Our WebObjects Web Security Modeltom termini
 
Securing multi-tenancy systems through multi DB instances and multiple databa...
Securing multi-tenancy systems through multi DB instances and multiple databa...Securing multi-tenancy systems through multi DB instances and multiple databa...
Securing multi-tenancy systems through multi DB instances and multiple databa...IJECEIAES
 
Secure Desktop Computing In the Cloud
Secure Desktop Computing In the CloudSecure Desktop Computing In the Cloud
Secure Desktop Computing In the CloudIRJET Journal
 
Wireless Information Security System via Role based Access Control Pattern Us...
Wireless Information Security System via Role based Access Control Pattern Us...Wireless Information Security System via Role based Access Control Pattern Us...
Wireless Information Security System via Role based Access Control Pattern Us...ijcnes
 
Defensive coding practices is one of the most critical proactive s
Defensive coding practices is one of the most critical proactive sDefensive coding practices is one of the most critical proactive s
Defensive coding practices is one of the most critical proactive sLinaCovington707
 
Vulnerability Management in IT Infrastructure
Vulnerability Management in IT InfrastructureVulnerability Management in IT Infrastructure
Vulnerability Management in IT InfrastructureIRJET Journal
 
Secure Data Sharing in Cloud Computing Using Revocable-Storage Identity-Based...
Secure Data Sharing in Cloud Computing Using Revocable-Storage Identity-Based...Secure Data Sharing in Cloud Computing Using Revocable-Storage Identity-Based...
Secure Data Sharing in Cloud Computing Using Revocable-Storage Identity-Based...Yashwanth Reddy
 
Sa 006 modifiability
Sa 006 modifiabilitySa 006 modifiability
Sa 006 modifiabilityFrank Gielen
 
IRJET- Secure Scheme For Cloud-Based Multimedia Content Storage
IRJET- Secure Scheme For Cloud-Based Multimedia Content StorageIRJET- Secure Scheme For Cloud-Based Multimedia Content Storage
IRJET- Secure Scheme For Cloud-Based Multimedia Content StorageIRJET Journal
 
GreenSQL Security
GreenSQL Security GreenSQL Security
GreenSQL Securityijsrd.com
 
Two Aspect Endorsement Access Control for web Based Cloud Computing
Two Aspect Endorsement Access Control for web Based Cloud Computing Two Aspect Endorsement Access Control for web Based Cloud Computing
Two Aspect Endorsement Access Control for web Based Cloud Computing IRJET Journal
 
Pillars of great Azure Architecture
Pillars of great Azure ArchitecturePillars of great Azure Architecture
Pillars of great Azure ArchitectureKarthikeyan VK
 
Cybercom Enhanced Security Platform
Cybercom Enhanced Security PlatformCybercom Enhanced Security Platform
Cybercom Enhanced Security Platformabelsonp
 
I NEED HELP DCOM 224 IAM is used to identify and authen.pdf
I NEED HELP DCOM 224 IAM is used to identify and authen.pdfI NEED HELP DCOM 224 IAM is used to identify and authen.pdf
I NEED HELP DCOM 224 IAM is used to identify and authen.pdfabhitravel01
 

Similar to Component Level Security (20)

IRJET- Privacy Preserving and Proficient Identity Search Techniques for C...
IRJET- Privacy Preserving and Proficient Identity Search Techniques for C...IRJET- Privacy Preserving and Proficient Identity Search Techniques for C...
IRJET- Privacy Preserving and Proficient Identity Search Techniques for C...
 
Bluedog white paper - Our WebObjects Web Security Model
Bluedog white paper - Our WebObjects Web Security ModelBluedog white paper - Our WebObjects Web Security Model
Bluedog white paper - Our WebObjects Web Security Model
 
oracle
oracleoracle
oracle
 
Data base Access Control a look at Fine grain Access method
Data base Access Control a look at Fine grain Access methodData base Access Control a look at Fine grain Access method
Data base Access Control a look at Fine grain Access method
 
publishable paper
publishable paperpublishable paper
publishable paper
 
Securing multi-tenancy systems through multi DB instances and multiple databa...
Securing multi-tenancy systems through multi DB instances and multiple databa...Securing multi-tenancy systems through multi DB instances and multiple databa...
Securing multi-tenancy systems through multi DB instances and multiple databa...
 
Secure Desktop Computing In the Cloud
Secure Desktop Computing In the CloudSecure Desktop Computing In the Cloud
Secure Desktop Computing In the Cloud
 
Wireless Information Security System via Role based Access Control Pattern Us...
Wireless Information Security System via Role based Access Control Pattern Us...Wireless Information Security System via Role based Access Control Pattern Us...
Wireless Information Security System via Role based Access Control Pattern Us...
 
Security on z/OS
Security on z/OSSecurity on z/OS
Security on z/OS
 
Defensive coding practices is one of the most critical proactive s
Defensive coding practices is one of the most critical proactive sDefensive coding practices is one of the most critical proactive s
Defensive coding practices is one of the most critical proactive s
 
Vulnerability Management in IT Infrastructure
Vulnerability Management in IT InfrastructureVulnerability Management in IT Infrastructure
Vulnerability Management in IT Infrastructure
 
Secure Data Sharing in Cloud Computing Using Revocable-Storage Identity-Based...
Secure Data Sharing in Cloud Computing Using Revocable-Storage Identity-Based...Secure Data Sharing in Cloud Computing Using Revocable-Storage Identity-Based...
Secure Data Sharing in Cloud Computing Using Revocable-Storage Identity-Based...
 
CSEC630 individaul assign
CSEC630 individaul assignCSEC630 individaul assign
CSEC630 individaul assign
 
Sa 006 modifiability
Sa 006 modifiabilitySa 006 modifiability
Sa 006 modifiability
 
IRJET- Secure Scheme For Cloud-Based Multimedia Content Storage
IRJET- Secure Scheme For Cloud-Based Multimedia Content StorageIRJET- Secure Scheme For Cloud-Based Multimedia Content Storage
IRJET- Secure Scheme For Cloud-Based Multimedia Content Storage
 
GreenSQL Security
GreenSQL Security GreenSQL Security
GreenSQL Security
 
Two Aspect Endorsement Access Control for web Based Cloud Computing
Two Aspect Endorsement Access Control for web Based Cloud Computing Two Aspect Endorsement Access Control for web Based Cloud Computing
Two Aspect Endorsement Access Control for web Based Cloud Computing
 
Pillars of great Azure Architecture
Pillars of great Azure ArchitecturePillars of great Azure Architecture
Pillars of great Azure Architecture
 
Cybercom Enhanced Security Platform
Cybercom Enhanced Security PlatformCybercom Enhanced Security Platform
Cybercom Enhanced Security Platform
 
I NEED HELP DCOM 224 IAM is used to identify and authen.pdf
I NEED HELP DCOM 224 IAM is used to identify and authen.pdfI NEED HELP DCOM 224 IAM is used to identify and authen.pdf
I NEED HELP DCOM 224 IAM is used to identify and authen.pdf
 

Component Level Security

  • 1. TECHNICAL NOTE SwiftKnowledge Component-Level Security™ A Unique Approach to True Security Granularity
  • 2. TECHNICAL NOTE SwiftKnowledge Component-Level Security Executive Summary In today’s business climate where data proliferation is the norm, companies readily acknowledge the need to unlock their data’s hidden intelligence in order to outperform their competition. And successfully leveraging this data requires a comprehensive data management plan that features, among other things, data mining and business intelligence. Yet many IT organizations resist such initiatives because they harbor security concerns about exposing sensitive company data to these types of mining and analysis applications; this issue escalates when external as well as internal audiences require access to the data. They raise valid questions, such as: “Who should have access?” “Can I host all of my customer data in one database yet maintain differential security “Which data are users allowed to access?” access?” To address these concerns, SwiftKnowledge advocates securing data down to the individual cell—rather than just to the folder structure or report level. This tech note explains SwiftKnowledge’s cell-based granular security approach—an approach powered by our patented, Component-Level Security™ (CLS)—and the benefits it provides organizations with regards to flexibility and performance. This tech note also discusses how SwiftKnowledge addresses typical security issues surrounding the concept of multi-tenancy (multiple customer data stored within the same database and/or within the same application entry point), and sup- ports an organization’s overall needs relating to data security, object security and functionality security. 2
  • 3. TECHNICAL NOTE SwiftKnowledge Component-Level Security SwiftKnowledge Component-Level Security— A Unique Approach to Data Security SwiftKnowledge’s patented CLS delivers targeted content, features and functionality according to centrally- defined user profiles and roles, and secures data granularly down to the individual cell, for maximum control that’s easy to maintain. The technology also maintains content access audit trails for regulatory compliance and supports multi-tenancy deployments for commercial BI SaaS applications. SwiftKnowledge CLS supports the needs of many large organizations that have complex, constantly changing, hierarchical reporting structures. For instance, a subordinate individual today may be promoted and then managing several individuals tomorrow. A sales manager wants detailed visibility on the performance of his team but also needs summarized performance information about the performance of his peers (while not seeing the details of that peer performance). SwiftKnowledge supports complex and evolving business organizations such as the one described above, allowing individuals who may not be security experts to set up secure access to their information assets. SwiftKnowledge security also is additive, meaning a user’s effective list of menu, data and functionality rights is determined by the rights of every group to which they belong. This feature is important because administrators can manage all access at a group level, rather than individually by user (this feature is illustrated later in this document, in the second to last image). The following sections describe the three main areas controlled by SwiftKnowledge CLS: menu (object) security, rights (functionality) security and data security. Menu Security The SwiftKnowledge menu is a primary means of navigating to content. Within the menu are folders and subfolders, and links to BI content, documents, and internal or external web site content. Generically speaking, these components all are viewed as “objects” from a security perspective and are managed by the SwiftKnowledge security in the same way. The following image shows the permissions dialog for a folder named “Site Management,” within which are several site management console options used by a SwiftKnowledge administrator to assign very granular access permissions. Currently, the security is set such that only members of the groups “Group Admin” and “Site Admin” can view any content existing in the “Site Management” folder. 3
  • 4. TECHNICAL NOTE SwiftKnowledge Component-Level Security From here, one can add additional groups or users, and choose to assign access only at the current folder or to all sub-folders as well. An administrator also can assign access privileges to individual items within folders, so two users in the same group may experience varying degrees of overlap in the content they see and access in the same folder. While these components are visible and accessible to users of these groups, users cannot necessarily access all the possible features and functionality rights with a given object. This topic is discussed in more detail in the next section. 4
  • 5. TECHNICAL NOTE SwiftKnowledge Component-Level Security Rights Security SwiftKnowledge’s web interface provides an extensive list of user rights equating to which functionality users are permitted to utilize when interacting with SwiftKnowledge reports. Rights can be assigned at a user or group level; the image to the left shows a list of available rights assignable to a group. Administrative rights (shown below) only can be assigned at a user level. As with menu security, a user’s effective rights are a sum of rights from the groups to which a user belongs, in addition to those assigned at the user level. At this point, combining only menu security and rights security goes a long way toward securing content in SwiftKnowledge, but true granular security at the data level—security that scales across the organization and beyond to customers or partners—results when menu and rights security is combined with data security. While securing data down to the cell level may not be required by all organizations, using SwiftKnowledge’s trio of menu-, rights- and data-level security provides a complete and robust security model unmatched by any other BI vendor in the industry. 5
  • 6. TECHNICAL NOTE SwiftKnowledge Component-Level Security Data Security The final and most important piece of SwiftKnowledge CLS is security at the data level. Organizations can confidently secure data access down to the cell level when publishing reports, giving them unmatched security and greater efficiencies as well. A single report can be deployed to a group of users, with each individual user seeing only the data to which they have permissions to access (see below). Similarly, a single report showing product sales by territory may display different data based upon the report consumer. View for User A View for User B Note: Additionally, lower-level drilling is available for User A (depicted by the “+” icon next to the product categories) because that user right has been extended to User A, but not for User B. In the preceding example, two different product managers from a manufacturing company each are analyzing product sales by territory. Each user is viewing the same report, but the data populating the report and charts is tied to each user’s respective geography (User A – United Sates; and User B – France). This aspect of CLS eliminates the need to create different reports from different users and provides a consistent view of relevant data to users. In a multi-tenant approach, organizations striving to maximize their hardware investments and host all customer data in a single database can confidently do so with SwiftKnowledge, knowing CLS provides each customer with access only to their own data, while preventing access to any other data. The next series of diagrams illustrate CLS’ administrative interfaces, which are used to easily and effectively set data cell security. 6
  • 7. TECHNICAL NOTE SwiftKnowledge Component-Level Security Group 1 Group 2 Group 1 can access Clothing (but not its subproducts) & United States; group 2 can access Bikes (and its subproducts) & France This report view is for a user who belongs to both group 1 and group 2— note the additive effect of the group security in overlaying data access 7
  • 8. TECHNICAL NOTE SwiftKnowledge Component-Level Security Conclusion Information managers, DBAs, data stewards and even CIOs all are being driven toward better leverag- ing their sensitive data to maximize efficiencies, increase profit, contain costs, etc. – the list goes on. By definition, the diversity of these and other data applications require participation from virtually all areas of any organization, and perhaps even beyond it. Consequently, data security usually tops the list of the many concerns surrounding extending data access to broad and diverse groups. SwiftKnowledge CLS was created to be extensible and easy to configure. While CLS management is easily accomplished through a user-friendly interface, it also can be automated for bulk user/group loading of large numbers of users. Additionally, native authentication is provided by SwiftKnowledge yet can be eas- ily configured to use Active Directory, LDAP or any third-party authentication service. SwiftKnowledge CLS provides unrivaled granularity of security and minimizes concerns that surround deploying web-based BI content to intranet and extranet audiences. In addition, multi-tenancy at the database is becoming increasingly popular, especially in SaaS environments, and presents a compelling use case for which CLS is particularly well-suited. Regardless of the deployment specifications, SwiftKnowledge CLS can be easily configured to meet any organization’s security requirements. 11010 Prairie Lakes Drive, Suite 155 SwiftKnowledge, LLC is a global software provider of powerful, patented business intelligence (BI) technology delivering a breakthrough experience for business users which Eden Prairie MN 55344 drives strategic metrics and enables better decision-making throughout an organization. The SwiftKnowledge BI platform enables a new era of easy-to-use BI applications offering Tel: 952.832.0166 a revolutionary, ad-hoc analysis experience in web time and with a zero-footprint web deployment; with its patented Interactive Data Streaming™ (IDS) and Component-Level Security™ (CLS), SwiftKnowledge provides unmatched performance, scalability and security. The company’s unique approach and support for cloud computing-based deployments Fax: 952.832.0269 and applications provides a robust yet sustainable solution for organizations integrating BI into operational applications; seeking an easy-to-use tool for heavy, ad-hoc BI workloads; Toll free: 866.283.3405 and operating within the limitations of constrained IT resources. For more information, visit www.swiftknowledge.com. Email: info@swiftknowledge.com © 2010 SwiftKnowledge. SwiftKnowledge and the SwiftKnowledge logo are registered trademarks or trademarks of www.swiftknowledge.com SwiftKnowledge, LLC in the USA and other countries. All other trade names are the property of their respective owner.