Tableau Online Security in the Cloud



Similar documents
Tableau Online. Understanding Data Updates

Table of Contents. FME Cloud Architecture Overview. Secure Operations. Application Security. Shared Responsibility.

Tableau Server Security. Version 8.0

Kenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data

ProjectManager.com Security White Paper

Security Information & Policies

MAXIMUM DATA SECURITY with ideals TM Virtual Data Room

SECURITY DOCUMENT. BetterTranslationTechnology

Paxata Security Overview

FileCloud Security FAQ

The data which you put into our systems is yours, and we believe it should stay that way. We think that means three key things.

Dropbox for Business. Secure file sharing, collaboration and cloud storage. G-Cloud Service Description

DiamondStream Data Security Policy Summary

Data Protection: From PKI to Virtualization & Cloud

HIPAA: MANAGING ACCESS TO SYSTEMS STORING ephi WITH SECRET SERVER

Enterprise Architecture Review Checklist

Dell World Software User Forum 2013

Projectplace: A Secure Project Collaboration Solution

PROTECTING YOUR VOICE SYSTEM IN THE CLOUD

Tableau for the Enterprise: An Overview for IT

Microsoft Power BI. Nov 21, 2015

Infor CloudSuite. Defense-in-depth. Table of Contents. Technical Paper Plain talk about Infor CloudSuite security

KeyLock Solutions Security and Privacy Protection Practices

Sisense. Product Highlights.

ITAR Compliant Data Exchange

Tableau for the Enterprise: An Overview for IT

Choosing a File Sync & Share Solution. PRESENTATION TITLE GOES HERE Darryl Pace Optimal Computer Solutions

Cloud Security. Peter Jopling IBM UK Ltd Software Group Hursley Labs. peterjopling IBM Corporation

Time to Value: Successful Cloud Software Implementation

The Panoptix Building Efficiency Solution: Ensuring a Secure Delivery of Building Efficiency

Security and Data Protection for Online Document Management Software

CBIO Security White Paper

PCI Compliance for Cloud Applications

APPENDIX G ASP/SaaS SECURITY ASSESSMENT CHECKLIST

SERENA SOFTWARE Serena Service Manager Security

MANAGED FILE TRANSFER: 10 STEPS TO PCI DSS COMPLIANCE

Securely. Mobilize Any Business Application. Rapidly. The Challenge KEY BENEFITS

CONTENTS. PCI DSS Compliance Guide

Media Shuttle s Defense-in- Depth Security Strategy

Security Overview Enterprise-Class Secure Mobile File Sharing

CHIS, Inc. Privacy General Guidelines

IBM Cognos TM1 on Cloud Solution scalability with rapid time to value

PRIVACY, SECURITY AND THE VOLLY SERVICE

Workday Mobile Security FAQ

Overview. Edvantage Security

nexus Hybrid Access Gateway

The increasing popularity of mobile devices is rapidly changing how and where we

The Sumo Logic Solution: Security and Compliance

NCSU SSO. Case Study

QuickBooks Online: Security & Infrastructure

MANAGED FILE TRANSFER: 10 STEPS TO HIPAA/HITECH COMPLIANCE

This paper introduces the security policies, practices, and procedures at Smartsheet.

Security Controls for the Autodesk 360 Managed Services

Secure, Scalable and Reliable Cloud Analytics from FusionOps

Security Practices, Architecture and Technologies

全 球 資 安 剖 析, 您 做 確 實 了 嗎? Albert Yung Barracuda Networks

ACCEPTING PAYMENT CARD ASSESSMENT Pre-Selection Questionnaire

Ensuring Enterprise Data Security with Secure Mobile File Sharing.

Security Considerations

Ensuring the Security of Your Company s Data & Identities. a best practices guide

SECURITY AND REGULATORY COMPLIANCE OVERVIEW

The Essential Security Checklist. for Enterprise Endpoint Backup

ClickTale Security Standards and Practices: Delivering Peace of Mind in Digital Optimization

Blue Jeans Network Security Features

Adobe Digital Publishing Security FAQ

Security and Azure SQL Database

Strengthen security with intelligent identity and access management

IBM/Softlayer Object Storage for Offsite Backup

Frequently Asked Questions

Security Guide. BlackBerry Enterprise Service 12. for ios, Android, and Windows Phone. Version 12.0

How To Use Egnyte

SAS Mobile BI Security and the Mobile Device

HIPAA Privacy & Security White Paper

Adding Stronger Authentication to your Portal and Cloud Apps

Apteligent White Paper. Security and Information Polices

IBM Connections Cloud Security

MANAGED FILE TRANSFER: 10 STEPS TO SOX COMPLIANCE

SECURITY AND REGULATORY COMPLIANCE OVERVIEW

Application Security Best Practices. Matt Tavis Principal Solutions Architect

A COMPLETE GUIDE HOW TO CHOOSE A CLOUD-TO-CLOUD BACKUP PROVIDER FOR THE ENTERPRISE

InsightCloud. Hosted Desktop Service. What is InsightCloud? What is SaaS? What are the benefits of SaaS?

Copyright Telerad Tech RADSpa. HIPAA Compliance

WALKME WHITEPAPER. WalkMe Architecture

BOLDCHAT ARCHITECTURE & APPLICATION CONTROL

How To Manage A Plethora Of Identities In A Cloud System (Saas)

CHEAT SHEET: PCI DSS 3.1 COMPLIANCE

Cloud Management. Overview. Cloud Managed Networks

Securing SaaS Applications: A Cloud Security Perspective for Application Providers

Mobile Device Management Version 8. Last updated:

Advanced Service Desk Security

Getting Started with Tableau Server 6.1

PII Compliance Guidelines

How To Achieve Pca Compliance With Redhat Enterprise Linux

White Paper: Librestream Security Overview

SaaS at Pfizer. Challenges, Solutions, Recommendations. Worldwide Business Technology

Transcription:

Tableau Online Security in the Cloud Author: Ellie Fields Senior Director, Product Marketing, Tableau Software June 2013

p2 Tableau Software understands that data is among the most strategic and important assets an organization has. Therefore we put the highest priority on maintaining the security and privacy of our customers data. Tableau s enterprise-level security features manage operational security, user security, data security, application security and transmission security. Underlying it all is an environment of continuous monitoring and improvement. Together, these capabilities provide a complete security solution. We use a multi-faceted approach to enforce security and we constantly monitor for new threats. If a breach were to occur, we commit that we will notify you immediately of the scope and seriousness of the breach. Of course, it is our hope that we never have to notify you of such a thing. The Tableau Online backup policy: Daily backups are kept for 14 days. Weekly backups are kept for 3 months. Monthly backups are kept for 12 months We delete any backup greater than 12 months These backups enable us to restore the entire Tableau Online system. Our backups currently do not allow for the restoration of only a single customers site, meaning we cannot restore individual customer workbooks or data that were lost to events other than a system failure. Data governance and privacy Your data is your own, even when stored in Tableau Online. Only your authorized users have access to data or workbooks stored in Tableau Online Tableau employees and other customers do not have access to your data. The only exception is a small and controlled number of Tableau system administrators who have access to the entire system. Our goal is to be among the best in the world at enforcing security in our systems so that you can be confident that your data is safe. Operational security Physical Security SAS-70 certified Data Center The Tableau SaaS infrastructure is hosted in a SAS-70 compliant data center which provides numerous controls and safeguards over customer data. We can share the SAS-70 documentation for the data center upon request. Tableau does have access to and may monitor metrics that have to do with system utilization, account status, and performance. Such metrics include: Total storage used by account and by user Total bandwidth used by account and by user Total number of workbooks and views by account and by user Access dates and times by user (logins) Number and type of data sources (i.e. SQL Server, Salesforce.com) by account and by user Dates and times of data refresh by account and by user Site performance metrics Destruction of data Upon termination of your account, Tableau will destroy all data associated with your account if you request that we do so. Data contained in backups will be purged over time as part of regular backup purges.

p3 Operational processes We also enforce through internal policies, including controls on how we manage the infrastructure and development of Tableau Online. Every Tableau employee undergoes a background check before joining the company. User Security Access & authentication The only users that have access to your site, content and workbooks are those that you have explicitly added to the site. User management is available to your Tableau Online administrator, so that adding and removing users is completely in your control. If a user is no longer authorized in your system, simply remove them and they will no longer have access to content stored in Tableau Online. Roles & permissions In Tableau, a role is a set of permissions that is applied to content to manage how users and groups can interact with objects such as projects and published content. Published content such as data sources, workbooks, and views, can be managed with permissions for the typical actions of view, create, modify, and delete. Projects control the default permissions for all workbooks and views published to the project. Administrators can create groups such as Finance Users to make permission management easier. Tableau Online enforces a session time-out after a certain period of inactivity, currently 2 hours. Single Sign-On Tableau Single Sign On (SSO) is the access control system that provides secure authentication to systems including Tableau Website, Tableau Customer/Partner Portal, Tableau Forums and Tableau Online. Some of the security features in the SSO System are: User Logins are secured by HTTPS. There is a password policy to employ strong passwords (PCI Compliant). The account gets locked after 10 tries for a certain amount of time, to defend against brute force approaches. The accounts are validated by user email to prove identity. Passwords are stored encrypted and no employee or contractor has access to plain text passwords. Roles provide a default permission structure to differentiate users. For example, a user may be assigned the role of Interactor for a particular view, but not for all content. And, a user with a Viewer role can see a particular view but does not have the ability to change the view. There are over 20 parameterized customizations available to help manage object security. These role-based permissions do not control what data will appear inside of a view. Data Security Data enters Tableau Online in one of four ways: 1. By publishing a workbook with the data embedded in it.

p4 2. By pushing data from an on-premise source to a Tableau data extract. This always results in a data extract, not a real-time connection, so there is no need to create VPN or secure tunnel into the corporate environment. Pushing data to Tableau Online can be done in an automated way on a schedule. 3. Connecting to a web service via an API. For most cloud data source, such as Salesforce.com and Google Analytics, the connection generates data extracts which can be scheduled to update regularly. 4. Connecting to Google BigQuery and Amazon Redshift. For these data sources, Tableau Online can create a connection that is either extract-based or real-time. User and data source filters You can define additional security in your workbooks and data sources by adding User Filters and Data Source Filters. User Filters enable row-level data security using the username, group, or full name of the current user. Basically, User Filters allow you to set a filter on your data based on the identity of the person viewing the data. So, for example, the Western Sales Director could see results for sales in the West but not nationwide. Data Source Filters allow you to set a filter on a published data source that applies globally. This means that you can centralize data security rules. They can be used together with User Filters to make sure that User Filters are applied to any workbooks that access a data source. Data source and workbook security Permissions can be added to workbooks and data sources to govern the capabilities available to specific users and groups. This includes providing access to the data as well as permissions including write, edit, delete, etc. Transmission (Network) Security Encryption All communication between you and Tableau Online is conducted using SSL for secure transmission of data, with the exception of subscription emails, which are clear text by Internet convention. There are also a variety of encryption techniques to ensure security from browser to server tier to repository and back. In addition, Tableau has many built-in security mechanisms to help prevent spoofing, hi-jacking, and SQL injection attacks, and actively tests and responds to new threats with updates on a regular basis. Application security Application security is a combination of secure design practices and regular audits. We have recently worked with isec Partners to conduct a complete security audit of Tableau Online, including penetration testing, security testing and source code review. We will continue to work with third-party security experts to discover, test, address and validate any security concerns. Multi-tenant architecture The Tableau Online environment is hosted in a multitenant configuration providing partitioning of users, data, and metadata across customers. This means that a customer cannot access another customer s data. This includes the data itself, data about the data (metadata) like workbook and data source names, as well as user names and groups. All of that is private to each customer. Conclusion Tableau Online has a robust security model as well as 24x7 monitoring. Security is of the highest priority for our customers, so it is for us as well.

p5 About Tableau Tableau Software helps people see and understand data. Tableau helps anyone quickly analyze, visualize and share information. More than 12,000 customer accounts get rapid results with Tableau in the office and on-the-go. And tens of thousands of people use Tableau Public to share data in their blogs and websites. See how Tableau can help you by downloading the free trial at www.tableausoftware.com/trial. Tableau and Tableau Software are trademarks of Tableau Software, Inc. All other company and product names may be trademarks of the respective companies with which they are associated. Tableau Software, Inc. 2013. All rights reserved. 837 North 34th Street, Suite 400, Seattle, WA 98103 U.S.A.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information