Case study

Maximizing compliance and data security in a regulated industry organization

Companies today are eager to adopt data analytics and business intelligence tools to improve their decision-making and enhance performance. But how to ensure their use of these technologies is in line with industry regulations and that sensitive data is secure from potential threats?
Company Size:
25,000+
Industry:
Finance
2022
Technologies used:
Power BI service

Protecting access to customer data

Our client provides financial services throughout northern Europe and is responsible for safeguarding large amounts of data. Since they deal with highly sensitive information daily, they must be careful to adhere to the strict regulations in their industry.

As compliance and data security are crucial for organizations in this field, the company is committed to implementing strong security measures to protect its reputation and avoid data leaks or other incidents which may compromise its customers’ information.

Establishing a reliable governance model

To that end, the organization looked to create a central IT unit responsible for managing and setting up Power BI reports and protecting against unauthorized access and potential data breaches.

The application also needed to meet all industry regulations and be convenient for end-users who would use the reports to analyze the company’s performance and manage customer finances.

The client previously used Power BI Report Server but felt its capabilities were insufficient for their needs and desire to operate fully in the cloud.

As a result, they decided to switch to the Power BI service, which offers a wider range of features, and develop a unified service architecture, strategy, and service delivery model for use across the company.

Setting up governance around the Power BI service would allow them to:

  • identify data sources for end-users
  • manage how users can access and utilize the reports
  • decide which type of authentication will be allowed
  • integrate on-premises data
  • monitor and manage solution performance
  • maintain consistent standards for data access across the organization

The central IT would then be capable of onboarding BI applications from other business units while staying confident that all prerequisites, best practices, the scope of the services, and limitations are respected within the platform.

Despite having experience with the technology, the client’s teams anticipated that the upcoming project would be challenging due to strict security compliance requirements and high business expectations.

They turned to Predica to help them with the project and to ensure that all regulations and security measures were accounted for.

Building a new approach to utilizing Power BI reports

Designing the new architecture and capabilities required a deep understanding of the challenges and the teams’ previous operations, leading to a model that included the 4 elements below:

Project steps

Project steps

Compliance

To avoid regulatory issues, we had to customize some features available in the Power BI service by default.

For example, we blocked the use of My Workspace for creating and sharing reports. My Workspace was problematic for the organization because of the potential risk of sharing data with an inappropriate audience which would be hard to govern centrally.

Also, sensitive data at rest that is stored in the cloud must be encrypted with a key managed by the bank. However, in Power BI, it is normally the cloud service provider who generates and manages the key.

To address this, we enabled the Bring Your Own Key (BYOK) security method to make the data unreadable to the service provider.

Security

With security being a priority in a regulated industry, we had to approach identity and access management with utmost care.

To reduce the risk of uncontrolled and ad-hoc access granting and sharing, we developed the Workspaces, Roles & Permissions reference model as a best practice configuration. This model helps to propagate security and maintenance standards to departments that onboard their solutions to the Power BI service.

Workspaces, Roles & Permissions reference model

Workspaces, Roles & Permissions reference model

Connectivity

By establishing a data gateway, we enabled connections to on-premises sources, providing access to data that is not stored in the cloud. We also included data gateway-related roles into the Workspaces, Roles & Permissions reference model.

Application onboarding

The final part was designing an onboarding process for business units and application owners who intend to host BI solutions in the Power BI online service.

Our model guides them through organizational requirements, gathers necessary documentation, and provides a reference structure for setting up the reports.

Requirements for application onboarding

Requirements for application onboarding

Working towards a unified approach across all business units

By introducing the Power BI service model, the company obtained a platform organized according to best practices and policies and developed a clear application onboarding process with one approved structure.

Whereas the previous solution did not ensure full compliance, the encryption methods used in the current cloud solution can successfully address concerns over meeting industry regulations.

The ultimate goal is to simplify the collaboration and sharing of information between different teams in a secure manner, so the company is determined to promote the adoption across all business units.

When properly evangelized, users will know what to expect when requesting a new report and what is expected of them, resulting in a more efficient and user-friendly experience.

Ideally, the process will then lead to building one source of truth, ensuring data trustworthiness for company analyses and promoting good data sources.

Having a unified platform will eventually lower costs for the company, as otherwise, each business unit would need to spend money on separate solutions.

Finally, the governance model will help the company with access and identity management, leading to a clear understanding of who can process sensitive information and who is allowed to use the reports, minimizing the risk of unauthorized changes.

Summary

The company has taken an important step towards protecting sensitive information and addressing compliance concerns by implementing a new model for governing Power BI reports.

As long as the company follows the established guidelines and procedures, all business units will be soon able to successfully utilize the new features and rely on a trustworthy and dependable source of knowledge.

Want to discuss your solution? Schedule a meeting with our expert
Book now
CloseBtnPopup

SHARE

Looks interesting? Book a free scoping call to see what we can do for you!

Stay up to date with the latest cloud insights from our CTO