fbpx Skip to content

Exposed: How Secure Are Your Embedded Analytics Really?

insightsoftware -

insightsoftware is a global provider of reporting, analytics, and performance management solutions, empowering organizations to unlock business data and transform the way finance and data teams operate.

24 04 Blog Logi Secureembeddedanalytics Website

The ever-growing threat landscape of hackers, cyberattacks, and data breaches makes data security a top priority, especially when integrating analytics capabilities directly into customer-facing applications. To make informed decisions, it’s crucial to understand how embedded analytics platforms function from a security standpoint.

While these platforms secure dashboards and reports, a hidden vulnerability lies within the data connector. This connector acts like a master key, granting the platform access to your entire database, even if users only see a limited portion of the data. The username and password stored within the connector become a prime target for attackers.

Fortunately, most platforms offer layered security. User-based security and general system safeguards act like filters on top of the data flowing from the data connector, restricting what users can access. However, a compromised data connector bypasses these filters, granting attackers unrestricted access.

Therefore, the way the embedded analytics application is hosted plays a vital role. Secure hosting ensures the data connector remains protected, minimizing the risk of unauthorized access to your sensitive information. By understanding these security considerations, you can make informed decisions when choosing an embedded analytics platform for your customer-facing applications.


Choosing where to host your analytics is a crucial decision that must align with your application’s requirements, your security expertise, and the ease of access to information you need. A one-size-fits-all approach does not apply here.

On-Premises Solution: On-premises hosting means your analytics are installed within your organization, behind your firewall, and are completely controlled, set up, and maintained by your staff. This option is ideal for security-savvy organizations with a robust IT infrastructure, allowing them to maximize security while ensuring that only specifically authorized individuals have access to the server for maintenance.

Private Cloud: This model involves a third party, such as Amazon or Azure, managing the hardware infrastructure while you retain control over the server and the practices implemented on it. It’s a hybrid approach that provides a balance of control and accessibility. This solution is perfect for those who want expert server management by trusted providers like Amazon or Microsoft while maintaining control over their data.

Managed Cloud: In this setup, the analytics vendor manages the server hosting on your behalf. Ideal for teams that may lack deep expertise in security best practices, this option reduces your direct involvement in hosting. It allows you to focus on your core business without the need for extensive internal IT resources, facilitating quicker time to market. Trust and a stringent evaluation of the vendor’s security protocols are crucial; engagement should only occur with vendors who have a strong reputation and a proven track record of secure operations—no history of data breaches.

These hosting options offer a range of security features tailored to different organizational needs and capabilities. It’s important to choose a model that aligns with your team’s expertise and the specific requirements of your application.

Elevate Your Application Offering with Advanced Cloud-Hosted Embedded Analytics

Download Now


Now that we’ve covered hosting and protecting critical data connection files, let’s move on to authentication. When it comes to authentication, the approach you take can vary based on user needs. Authentication might be as simple as using a username and password for each user, or it could involve a more complex system like single sign-on (SSO) with federated authentication. It’s generally a good practice to use federated authentication because it reduces the number of passwords users need to remember.

If you’re not familiar with single sign-on, consider how some applications allow you to log in using your Facebook or Google credentials. There’s no reason why an analytics platform shouldn’t offer federated authentication for your users. Additionally, it’s worth noting that sometimes data is public, and security isn’t a concern. In such cases, having a system that can support a guest mode alongside a more secure and hardened authentication model is beneficial.

User Roles

An important factor to consider with users in analytics is the proper setup of account roles aligned to their needs. Users who are required to create content and function as developers within the system need more access than those primarily engaged in data discovery activities. Similarly, those who are merely viewing content require even less access. Setting up these distinctions ensures that each user has the appropriate level of access for their specific tasks. Aligning account types with user needs is a straightforward method to empower users and bolster security. This grants them the access they need while preventing unauthorized access to sensitive areas, simply by virtue of their account type.

Feature Security

Delving deeper into user roles, we encounter the concept of feature security and customization. Consider whether your users need capabilities such as filtering, exporting, or drilling down into data. A good analytics system will allow you to tailor user roles to specific needs. This customization is crucial not just for addressing security concerns but also for ensuring that the system’s functionality is not misused or misunderstood. Large systems can be complex, and those responsible for implementation might not fully grasp the capabilities granted to each user type. By keeping the system simple and aligning access directly with specific needs, you can avoid the pitfalls of inadvertently exposing too much information.

Content Security

Content security revolves around selectively blocking or allowing access to specific reports and dashboards for different users and groups. Managing individual items can be cumbersome, which is why it’s beneficial to organize content within folders or projects. These can secure all related elements, perhaps specific to a department, area of interest, or any other logical grouping.

This approach is similar to Windows file security, where specific files and folders can be locked to certain users and groups, providing a familiar framework for understanding these permissions. As setups become more complex, especially with multi-tenant deployments, each tenant functions like a separate folder or project, isolating customers from one another. The last thing you want is for a customer to accidentally share a dashboard with others on the same system. In multi-tenant environments, strict barriers are maintained between customers on the same server to prevent human error from compromising security.

Data Security

Finally, data security is implemented within the dashboards and reports themselves, where users may all access the same dashboard but see content tailored to their job functions. For example, if someone opens a dashboard designed for their department and team, they should only see data relevant to their team, along with some anonymized global information used for contextual purposes.

This type of data security enables the reuse of content while ensuring that users access only the information within their jurisdiction. Setting up this kind of user-based data security should also be straightforward from an implementation perspective. Overly complex setups can lead to human error, so a well-designed business intelligence and analytics framework should inherently support user-based security as a fundamental feature, rather than as a cumbersome add-on.

Business Intelligence and Embedded Analytics Designed for Security

Ensuring robust security in embedded analytics is multifaceted, involving careful consideration of hosting options, authentication methods, user roles, feature access, and content security. Each layer builds upon the other to create a secure environment that guards against unauthorized access while providing flexibility and functionality to users.

Logi Symphony, as a first-rate embedded analytics platform, stands out by prioritizing data security across all these facets. Designed with security as a primary concern, Logi Symphony integrates advanced features like federated authentication, tailored user roles, and secure content management, ensuring that each aspect of the application contributes to a secure, efficient, and user-friendly analytics environment. By implementing these security measures, Logi Symphony not only protects sensitive data but also enhances user trust and compliance with data protection regulations. This makes Logi Symphony an ideal choice for organizations seeking to leverage powerful analytics without compromising on security.

About insightsoftware

insightsoftware is a global provider of comprehensive solutions for the Office of the CFO. We believe an actionable business strategy begins and ends with accessible financial data. With solutions across financial planning and analysis (FP&A), accounting, and operations, we transform how teams operate, empowering leaders to make timely and informed decisions. With data at the heart of everything we do, insightsoftware enables automated processes, delivers trusted insights, boosts predictability, and increases productivity. Learn more at insightsoftware.com.

24 02 Bro Hanoverembeddedanalyticsinsights Website

Key Embedded Analytics Insights for 2024

Download Now: