Visual KPI security is as secure as your organization’s security. We don’t require you to implement our security system, but rather, we inherit your security system.
Security in Visual KPI is multi-level. To understand the security measures we implement with Visual KPI, it’s helpful to understand these IT security mechanisms:
- Encryption determines how secure things are while they are in route over the Internet. In Visual KPI, we delegate security at the encryption level to Microsoft Internet Information Services (or IIS for Windows). This ensures only encrypted traffic will pass between a website and a client (in this case, the client being Visual KPI sites or Visual KPI Designer). Setting up encryption in Visual KPI (using IIS) is a multi-step process.
- Authentication means a user must prove that he is who he says he is using valid credentials. In Visual KPI, authentication is handled by Active Directory (AD).
- Authorization refers to a collection of users (assigned to AD Groups) who have predefined access. A user must belong to an AD Group to gain access to a particular site in Visual KPI. There may not be any data available to the user group on that site, unless the group also has the appropriate rights assignment.
- Rights assignment determines what information a user should have access to and what is blocked, once the user has proven, with valid credentials, that he is a legit user with authorized access. Visual KPI Server and Active Directory are used to manage rights assignment.
To understand how the entire security path works in Visual KPI, think of these fundamental steps (each of which may require a multi-step process to set up):
- The data that passes between the Web server and any Visual KPI client is encrypted. Learn how
- Each user with authorized access to any Visual KPI client must have a valid user ID and password. Learn how
- Each user with authorized access must be added to an Active Directory Group. Learn how
- Each Active Directory Group must be given appropriate rights assignment. Learn how
Who Sees What?
Rights assignment can be managed at a globally or locally. In other words, a security group can have access to everything, or have access to only certain portions of the Visual KPI site.
During installation and setup, Visual KPI inherits your Active Directory structure or the security used by your organization; security can be applied to users and groups within Visual KPI just like your other applications. Your organization’s IT department and/or the Visual KPI admin at your company set up security in Visual KPI and determine who gets access and how much. You’ll probably want users to authenticate with a username and password to access Visual KPI.
At a high level, you could grant access at the profile or dashboard level. In Visual KPI we have the concept of Object-level Security for rights assignment, which is more granular and provides more flexibility. It simply means that any KPI or object in the system can be restricted to only the users that have the rights to see it. In other words, two people could be looking at the exact same page in Visual KPI and see a different set of information.
As Simple as Closing a Browser
Visual KPI runs in a Web browser with no app to install on computers or mobile devices and no data stored locally. The data all comes from your organization’s external data sources. Visual KPI simply reads it in real time. There are no files transferred to your computer or mobile device.
How secure is your data sent over the Web? Without authentication, no one can access that data that Visual KPI shows you. You can freely share links to data and KPIs that you want others to see. Without access to your Visual KPI system, your data remains as secure as you want it to be.
And if you, or someone in your organization, loses their mobile device? No worries. With nothing stored locally and secure authentication required, your data is safe in Visual KPI. When the browser is closed, the data is gone.
The Real Security Threat
Unfortunately, one of the greatest threats to your sensitive data could come from the users themselves. Educate users on the risks, benefits, and policies concerning security in your organization. And if you’re that user, take note of your organization’s policies and protect your Visual KPI data. Guard your username and password, and close your browsers before you set your mobile device down or put it away.
Get Started with Visual KPI Security and Encryption
Setting up security and encryption in Visual KPI is made straight-forward when you use Visual KPI Server Manager integrated with IIS Manager.
If you just need the basic steps, we’ve given you a Security Quickstart with links to more detailed steps. If you’re not comfortable following the Quickstart and really need a deep dive into Visual KPI security, follow the articles below (preferably in order) to learn how security works in Visual KPI and how to set it up for your system.
The complete guide to Visual KPI security:
Understand SQL Server Security
Visual KPI Encryption
Enable Encryption
Security Inheritance in Visual KPI
Quickstart: Enable Security for Visual KPI Quickstart
Decouple Directory Inheritance
Enable Security in IIS Manager
Create Local Groups with Visual KPI Server Manager
Object-level Security for Visual KPI Sites
Enable and Assign Access for Object-level Security
Use Multiple Sites for Security