A replay of our webinar is available here, with a writeup down below:
Why We Created KeepWatch for Tableau Cloud
It’s critical that companies take care of their cloud environment just as they would an on-premises server. It needs to be reliably up 24/7/365. It’s mission critical. A business could fail if it’s compromised for extended periods of time. That’s why it’s incredibly important that users have a seamless Tableau Cloud experience.
Specifically, we’ve identified four areas that need to be addressed:
- Best Practices
Also, during the replay, you’ll find that Tableau Bridge is a recurring theme throughout. If you have on-prem data and you’re using Tableau Cloud, Tableau Bridge is a must.
Breaking things down further, there are four key components to operations:
- License Administration
- Backend Component Administration
- SLA Responsiveness
- Tableau Bridge Installation and Management
License administration is built off ensuring appropriate license levels are available for your organizational needs without being over provisioned. You can think of it as the philosophy of “least privilege.” Users should only have access to the specific data, resources and provision level that’s required to complete their tasks. Your site admins should be aware of the levels and who has them.
Outside of license administration, there are a number of other questions to be asked by site admins, like, “Which data connections are associated with mission critical views and dashboards?” or, “What processes are in place to monitor those connections?” and, “Who is notified when there is an issue on the backend (data source) side?”
Finally, and especially critical with the usage of dashboards, is asking if stakeholders are clearly identified for each view or dashboard they need for their roles.
Backend Component Administration
Again, with backend component administration, there’s a slew of self-checkups that are needed to ensure effective operations:
- Who is responsible for administration of your IDP or SAML provider, if that is implemented for Tableau Cloud? Are support and escalation methods clearly identified?
- Which data connections are associated with mission critical views and dashboards? What processes are in place to monitor those connections?
- Documentation – who is responsible and for what?
Picture some scenarios where an expert would be needed to work toward a resolution. Take, for instance, that an unknown issue arises preventing an important user from updating a dashboard or view. Maybe an extract fails overnight and stale data is shown to a large group of users. Finally, a new data connection could be needed to support a critical analytics flow.
Answering how quickly you’ll need that expert gives you the starting point for your own SLA terms related to Tableau Cloud.
Tableau Bridge Installation and Management
While this is given a crash course during the webinar, this blog series from earlier this year will give you the in-depth knowledge you’ll need.
Like the “Operations” section, we have three main sub-areas to look at for a review of security in Tableau Cloud:
- Access Control
- Security Auditing
- Row-Level Security
Access control starts with aligning your application-specific strategies with your organization’s policies and documenting it. Start by asking, “Who needs access to what and why?” Then, the technical part of access control starts. You need technical proficiencies with your identity providers, SAML, SSO and multi-factor authentication, because one of these will inevitably break and it will be critical to repair it.
Additionally, it would behoove you to have a familiarity with role-based access control principles, and to ensure, we’ll note again, that there’s an enforcement of the least-privilege principle.
If your users don’t need access, they don’t get access.
Just as important as getting permissions correct the first time is periodically checking that permissions are periodically checked to ensure compliance.
Is there a written policy covering authentication, user/group permissions structure and site administration privileges, written in both plain text and technical wording? If you do, how often are you auditing your site for compliance with that policy, and who is responsible for performing and reporting said audit? Are audits manual or automated, and can you properly escalate urgent events?
At a high level, row-level security (RLS) provides user and group-specific filters to data that apply to any view where the data exists, like payroll data being only for authorized parties. Documenting the use case and configuration for RLS, and including your configurations in security audits are also vital to the security of your Tableau Cloud.
Just because Tableau Cloud is a software as a service option, that doesn’t mean that you can just roll it out, then ignore it completely. There are two built in tools for site admins that help with Cloud performance: Admin Views and Admin Insights.
Admin Views gives information about the backend of the Cloud instance, while Admin Insights gives information about the frontend of the Cloud instance.
How these are used depends greatly on the organization. Who monitors the Cloud and is it documented? What’s automated and what’s manual? Who needs to handle escalations?
Here, we have a bit of a catch-all section, but “Best Practices” sounds a little more professional.
Site structure and organization have an impact on the smooth running of Cloud, but in the context of site administration, mission critical implementations dashboards and views in Cloud must be maintained with your workflows in mind.
Another thing to consider that isn’t mentioned above is what the range of consequences are if your end users consume incomplete, in concise or just simply bad data. What happens if something slips through the cracks?