Lately, I’ve been involved with a lot of discussions about data security, access and personalization of data and reports and the first question I ask is, why? If you are talking about governmental data on prototype weapons or military plans I will accept a stringent need for security, but if you are talking about financial data for a publicly traded company (which is readily available to the public thanks to SEC filings) then why stress about security, your data is already out there! Of course there are exceptions to every rule, but in general I think we all need to take a collective breath! Please understand, I am no advocating full, public access to you data, but merely within your own walls, the information should be free-flowing if that is acceptable.
I see two main problems with overly complex and unnecessary security provisioning. The first problem being that someone has to set-up, maintain and validate that security structure and be sure that every piece of “BI Collateral” falls under that security umbrella. This process takes time, and that time could be better spent enhancing the overall BI solution, deploying new reports and visualizations, cubes, or new subject areas… and once all that is secure you have to worry about employees having the simple ability to export data into a spreadsheet and share it with someone who doesn’t “have access” to the data. Security is a daunting task. Period.
The second problem, which I think may be the greater problem, is that when the view of data becomes “myopic” to certain parties, managers or executives, they may be missing out on important correlations between seemingly unrelated entities. For example, say that you are a property manager, so you can see all the data about your property. Things like lease terms, number of bedrooms, number of residents, number of pets, and related demographics. From this you can see move-in and move-out patterns, rental income and property churn. Another manager, who oversees tenant services gets information around service requests, property damage, costs associated with apartment turnover and length of each service call.
Theoretically one might argue that neither has a need to see the other manager’s data, but what if you could draw a correlation between apartments with pets and the cost of turning over that apartment? If the carpets need to be professionally cleaned, air filters have to be replaces and other “special” services have to be done, and those tasks add up to an extra 3 days worth of work and a churn cost of more than 50% a standard churn there might be a way to mitigate those costs, or maybe you need to charge more for a “pet deposit” to cover those costs?
If that data was “wide open” maybe one, or both of those managers may have done some analysis around those costs and saved the company a few thousand dollars? Who’s to say, but the opportunity is lost if the data is unnecessarily restricted due to “data MINE-ing”,
If there are legitimate reasons for areas of business to restrict their data to only people they deem to have the proper level of clearance, then that is your reality. There are certain cases where safeguards do need to be put in place around data access. Sensitive data around costing perhaps, or trade sensitive information… basically anything that isn’t available to the public should have at least some security established.If, however, users are being “selfish” with their data for no reason other than that it is “their data” the someone needs to step in remove this roadblock.
So, the next time someone asks you “How are we going to handle security?” ask them “Do we really need to handle security?”
