Security
PowerBI Portal implements robust security measures to ensure the confidentiality, integrity, and availability of user data. Below is a detailed breakdown of the implemented protocols and compliance measures:
Access and Authentication
Multi-Factor Authentication (MFA): Can be enforced for all users to enhance login security.
Role-Based Access Control (RBAC): Permissions are granted based on user roles and limited to necessity.
Secure Authentication Methods: PowerBI Portal supports Microsoft and Google logins, ensuring compliance with secure authentication practices.
Maintenance
The application is fully cloud-based on Microsoft Azure, which ensures:
Security updates: Automatic security updates, including OS patches and antivirus definitions.
High Availability: Ensures the solution is always accessible to users.
Scalability: Dynamically adjusts resources to handle varying workloads.
Security Compliance: Aligns with industry standards, benefiting from Azure’s advanced security features, including DDoS protection and built-in encryption.
Data Protection and Backup
Sensitive Data Management:
Sensitive data is encrypted using Azure SQL Database.
Masking and encryption ensure secure storage and transit of data.
Data Backup and Restoration:
Regular backups, including point-in-time snapshots, are automatically performed.
Periodic restoration tests verify data integrity and recovery procedures.
Vulnerability and Threat Management
Regular Assessments:
Static code analysis (e.g., SonarQube) and periodic penetration testing are conducted.
Anti-DDoS and Web Application Firewall:
Microsoft Azure provides built-in DDoS protection and a Web Application Firewall (WAF).
Reduced Attack Surface:
Minimization of unnecessary services and regular patching ensure reduced vulnerabilities.
Encryption and Secure Communications
Data Encryption Standards:
AES-256 encryption for sensitive data.
TLS 1.2 or higher for secure communications.
Certificate Management:
Certificates issued by reputable CAs with secure configurations (e.g., >2048-bit RSA keys).
Compliance and Certification
Frameworks and Standards:
Compliance with GDPR, ISO 9001, and Microsoft Cloud Adoption Framework (CAF).
Data Ownership and Management:
Customers retain ownership of report data, and only minimal user information (e.g., email) is stored securely.
Audit
Logging and Monitoring:
All user activities and integration transactions are logged for audit purposes.
Logs are protected from tampering and regularly monitored for anomalies.
Policy Enforcement and Monitoring
Organizational Measures:
Staff undergo continuous training via resources like Microsoft Learn, Pluralsight, and Viva Learning.
Corporate devices are managed through Microsoft Intune and Defender.
Access Rights Validation:
Regular audits ensure alignment between technical permissions and documented access rights.
Incident Handling and Recovery
Response Process:
In case of breaches, incidents are documented, root causes identified, and mitigation steps implemented.
Data Deletion and Disposal:
Data is securely wiped or deleted upon user request or contract termination.
Third-Party Integrations
No sensitive user data (e.g., Power BI Reports data) is stored on PowerBI Portal servers.
Access tokens are stored locally on the client’s browser and follow Microsoft's OAuth guidelines for Power BI API access.
Continuous Improvement
PowerBI Portal adopts an agile development approach, incorporating user feedback and evolving to address new threats.
Regular updates and compliance audits ensure the platform stays aligned with the latest security and data protection standards.
This documentation highlights PowerBI Portal's commitment to delivering a secure, compliant, and user-focused environment for sharing business intelligence insights. For detailed technical specifications, refer to Microsoft Azure Security.
Last updated