Security for Embedded Applications: Auditing
This video explains the importance of auditing to the security environment for embedded applications.
Especially in highly regulated industries like healthcare and financial services, it’s not enough to correctly configure authentication and authorization. You have to be able to prove it that you’ve done it. External regulators and internal auditors will want to review a record -- an audit trail -- of user activities within the application. To provide that, the parent application logs user activities. The embedded application should support centralized logging so it can use the parent application’s logging environment.
My name is Olivier Meyer. I'm a Director of Product Management at Zoomdata, and my focus area is on embedding and integration with other applications.
So, the third A--we've covered authentication, we've covered authorization--the third A is auditing.
Embedded Applications: Proving Correctly Configured Authentication and Authorization
So, we assume that we've configured authentication correctly and authorization correctly, but sometimes, you have to be able to prove that you need these things. You might have an auditor. You might have a security officer that requires to be able to look at that information. That's auditing. Can we capture and log all of these requests and scenarios where you embedded content in another app and be able to trace it from end to end?
An Embedded Platform Should Support Centralized Logging
So, we call that auditing, and it's important for your BI platform to support auditing, but not only support auditing, but support a mechanism to extend where that information is logged, because in an embedding scenario, the parent application's already logging its information, and much like they don't want to duplicate the authorization rules and authentication rules, they also don't want to duplicate a whole logging environment. So, look for a BI platform that supports centralized logging or can leverage an existing logging infrastructure so that you can do that auditing. And then you'll have covered the three A's of a secure embedded BI platform. So, those are the three things I would look for when you think about security for embedding.