In 2016, 4.2 billion accounts were exposed in data breaches. This number represents a four-fold increase over the previous record high established in 2013. Most data breaches result from inadequate data security. Have you considered how well your BI development practices protect your data? That job is not limited to the DBA. Everyone who works with data needs to understand the risks and take the appropriate steps to ensure your organization’s data is adequately protected at all times.
The Microsoft BI stack contains multiple tools which each have different security configuration options and inter-dependencies. In this 2-day Level 300 training class, you see specifically how data can be compromised in this stack, learn where the potential risks of a data breach are lurking in your BI solutions, and leave with specific steps you can take to mitigate those risks.
This class starts with an overview of security principles. As the class progresses, we explore the anatomy of an attack on your data component by component. We review the security architecture of each component in the BI stack and highlight vulnerabilities in the architecture that must be addressed to properly secure your BI environment. Furthermore, we explore security by using a multi-tier, multi-layered approach, leaving no stone unturned.
By the end of this class, you’ll understand the relationship across the security settings not only in the BI tools, but also the back-end databases and the Windows operating system. As we examine potential security issues, we show you how to build a security action plan for Integration Services, Analysis Services, and Reporting Services. Is Azure in your environment? We also cover important aspects of cloud security for a BI solution. Come learn how to preserve and protect your data effectively from the inside out.
Instructor: Stacia Varga
Module 1: Introducing Security Principles
We start this class with an introduction to data security principles and threat modeling. Topics covered include:
Module 2: Reviewing Integration Services Security
Integration Services (SSIS) allows you to read, write, and transform data. Not only does access to packages potentially provide access to data. Even if data permissions prevent a malicious user from accessing data directly, the ability to view package design can provide very useful information about your technical infrastructure that can be used in an attack. In this module, we examine Integration Services from all angles to discover all the different ways that packages can be compromised and steps you can take to protect your packages. Topics covered include:
Module 3: Reviewing Analysis Services Security
Although Analysis Services (SSAS) is primarily a read-only platform for end users, there are some potential risks to understand. In this module, we explore the specific vulnerabilities that should be addressed by your security plan. Topics covered include:
Module 4: Reviewing Reporting Services Security
Reporting Services (SSRS) is another platform that is predominantly read-only, yet there are vulnerabilities that can be exploited unless you take action. In this module, we review these vulnerabilities and discuss how to address them. Topics covered include:
Module 5: Azure BI Security
Azure services are highly secure, but you still need to limit your exposure to security problems by understanding where the risks lie. In this module, we review the key points about Azure services commonly used in BI and the security steps to take. Topics covered include:
Module 6: Building a Security Action Plan
Now that we have reviewed the key components and vulnerabilities in your BI architecture, we’ll take a multi-tiered approach to building out an action plan that you can personalize and use to safeguard your environment. We’ll review components affected, the top threats to those components, and specific steps to protect these components from attack. Topics covered include:
If you have any questions not answered by our F.A.Q., please contact us.