Solution Brief

Open security with IBM Cognos 8 BI

Sharing information securely Open security with IBM Cognos 8 BI Highlights Business intelligence (BI) is about Sending and storing unsecured sharing information, but good BI pays data exposes it to various risks. IBM equal attention to its converse: securing Cognos 8 Business Intelligence, the  Open security solutions keep information tightly protected but information. Corporations need to strike first single, all-in-one, entirely Web- still accessible to authorized a balance between making information based BI software, addresses the users. both accessible to those who should security concerns of large and small  IBM Cognos® 8 BI leverages have it, and protecting it from those organizations alike. It lets you leverage existing security infrastructure who shouldn’t. Of course, effective your existing security infrastructure and adds its own application security should not be at the expense of where it makes sense, and provides layer. efficient operations, nor should it cost simple, straightforward application  Users can log into multiple a fortune to deploy and manage. How security and encryption. IBM Cognos 8 authentication namespaces but do you roll out an effectively-secured BI provides anonymous access rights, see only the data they’re allowed business intelligence infrastructure row and column data security, 168-bit to view. that leverages your existing security data transmission encryption, and  Data access permissions can be investments? many other features that make it easy assigned by user, by group or by to balance ready access with ironclad role – all with a single click. Your security strategy concentrates on security.  Advanced encryption protocols three main areas: protect data sent to/from the IBM Cognos 8 BI Web interface Transparent authentication • Authentication – who are your The first principle of security – users? Your information should be authentication – involves identifying readily accessible but only to the the user. Your organization’s existing right people. security model already ensures users • Authorization – once they are have the right to enter the system by authenticated, what do your users employing “namespaces” of user IDs have permission to access? Each and passwords. person or group of people may need to know different things, even as Security-agnostic authentication detailed as the column or row of data. IBM Cognos 8 BI leverages your • Encryption – how do you protect existing security model’s namespaces both data transmissions and storage? for user authentication and single sign-on. Whether you have NTLM, Open security with IBM Cognos 8 BI

LDAP, Active Directory, Netegrity, SAP, authenticate in one provider initially, data model are propagated through existing IBM Cognos security, or a they can log on to other namespaces each of the available and relevant combination of these, IBM Cognos 8 BI later in the same session without having packages. draws on these models when defining to log out of the first namespace. This and maintaining user, group, and gives specific users greater access In addition, you can secure all objects role names, IDs, passwords, regional to corporate information as needed. in IBM Cognos 8 BI, setting permission settings, and personal preferences. Organizations may also enable rights for use by the appropriate users No rework or duplicated security is anonymous user access. For example, or groups. Objects include folders, sub- required. IBM Cognos 8 BI, like IBM with an Internet reporting application, folders, individual reports, analyses, Cognos ReportNet before it, leverages users may access IBM Cognos 8 BI metrics, scorecards and dashboards, multiple security authentication services anonymously with limited, read-only events and alerts, shared group-based simultaneously where necessary. access. portal pages, data connections, and IBM Cognos 8 BI capabilities (such as IBM Cognos 8 BI is security agnostic Security flexibility authoring). – it works with virtually every available One typical security issue involves security model. Where required, an supporting distinct audiences or Application authorization API lets you accommodate custom capabilities with a single instance of a Authorization is the process of granting authentication models and solutions. BI solution. For example, let’s say your or denying data access to users, IBM Cognos 8 BI does not replicate company has an intranet community as groups, and roles, and specifying what existing enterprise models to enable well as a partner channel extranet. they are allowed to do with that data. application security. This means a Once granted access to a resource reduction in overall IT complexity Internal users generally have greater (such as a data source, report, or and cost of ownership because you information access then those outside folder), users will be shown only what don’t need to administer and maintain the organization. Previously, this they are authorized to see. multiple security systems. It lets your required metadata models for each organization leverage its “best of breed” user group – an inefficient practice With a single click, assign permissions selection in authentication providers. that results in a less effective BI for selected users, groups, and roles, environment. and grant or deny permission to view, Log on to multiple namespaces change, or perform other activities. Your organization might have several With IBM Cognos 8 BI, you can use a security sources in-house. It might have single model to support multiple user Organizations can leverage the users Active Directory for email security and communities. Viewpoints or packages and groups defined in their existing Netegrity SiteMinder for application of the single model are published to the authentication provider(s) to set users security. IBM Cognos 8 BI can users. Only the allowable data for each and roles for application authorization, leverage these types of heterogeneous user group is contained in the published that is, to set access permissions to environments. While users may package. Changes to the underlying content in IBM Cognos 8 BI. These

2 Open security with IBM Cognos 8 BI

users can also become members intelligence requests. This allows Summary of groups and roles specific to IBM optimization of incoming requests IBM Cognos 8 Business Intelligence Cognos 8 BI. Groups can be defined facilitates administration across makes it easy for you to distribute in either the security provider or the large installations, and, in tandem critical information to key decision IBM Cognos namespace. Once with auditing, enables simplified makers while ensuring that same permissions are set for one or more charge-back mechanisms for shared information does not fall into the users or groups, other users or groups resources. wrong hands. Leveraging your have no access unless that access is existing security eliminates the need explicitly granted. If a report or folder Basic and enhanced encryption for reworked or duplicated security. has no permissions set, they will be Stored or transmitted data can be Authorization is quick and easy to acquired from the parent object. vulnerable unless properly secured set, and users and groups from your through encryption. You can existing security model can be used. Server affinity encrypt IBM Cognos 8 BI data and Data content and transmission integrity IBM Cognos 8 BI can use defined communications by using the 56-bit is ensured through encryption. The groups and roles to control the encryption mechanism provided with result is minimal administrative burden, routing of incoming requests to the software. If you require enhanced cost containment, and high scalability. specific application servers. For security, you can obtain enhanced example, a group of users in a specific encryption modules separately from geographical location or department IBM. These modules will let you can be assured that a local server configure IBM Cognos 8 BI to use will handle all of their business encryption algorithms with a key size up to 168-bit.

With a single click, assign permissions for selected users, groups, and roles, and grant or deny permission to view, change, or perform other activities.

3 About IBM Cognos BI and Performance Management IBM Cognos business intelligence (BI) and performance management

solutions deliver world-leading © Copyright IBM Corporation 2009

enterprise planning, consolidation IBM Canada and BI software, support and services 3755 Riverside Drive Ottawa, ON, Canada K1G 4K9 to help companies plan, understand Produced in Canada and manage financial and operational April 2009 performance. IBM Cognos solutions All Rights Reserved. bring together technology, analytical IBM, the IBM logo and ibm.com are trademarks or registered trademarks of applications, best practices, and a International Business Machines Corporation broad network of partners to give in the United States, other countries, or both. If these and other IBM trademarked terms customers an open, adaptive and are marked on their first occurrence in this complete performance solution. Over information with a trademark symbol (® or ™), these symbols indicate U.S. registered or 23,000 customers in more than 135 common law trademarks owned by IBM at countries around the world choose IBM the time this information was published. Such trademarks may also be registered or common Cognos solutions. law trademarks in other countries. A current list of IBM trademarks is available on the Web at “Copyright and trademark infor-mation” at For further information or to reach a www.ibm.com/legal/copytrade.shtml.

representative: www.ibm.com/cognos References in this publication to IBM products or services do not imply that IBM intends to Request a call make them available in all countries in which IBM operates. To request a call or to ask a question, go Any reference in this information to non-IBM to www.ibm.com/cognos/contactus. Web sites are provided for convenience An IBM Cognos representative will only and do not in any manner serve as an endorsement of those Web sites. The materials respond to your enquiry within two at those Web sites are not part of the materials business days. for this IBM product and use of those Web sites is at your own risk.

IML14122CAEN