2 Replies Latest reply: Apr 1, 2014 6:41 AM by Friedrich Hofmann RSS

    Data security issue with further rollout of QlikView

    Friedrich Hofmann


      Hi,

       

      I have a preliminary question (it's not acute yet as we are not at that point of the rollout, it is still in planning; We have to present the possibilities to the Management now and I just like to know the details beforehand)

       

      => One alternative way of designing the germany-wide rollout of QlikView that we are planning (and the one that we're probably going
           to decide for) is to do everything centrally here.
          => That implies that
                - The development_team here is going to draw variable amounts of data, from Excel_lists or from the databases
                   at the other branches.
                - The other branches are often (if not permanently during office_hours) going to access the Apps on our server.

       

      => My question is: What options do I have to optimally protect that data in transit (in both directions)
           => I know that one option is to password-protect the apps, but I don't really want to do that because the managers are supposed to
                be able to open every app via document_chaining without the need to enter some logon_data every time.
                <=> If in doubt, I would always put security first, so if passwords are the easiest way, so be it ...

       

      Thanks a lot!

      Best regards,

       

      DataNibbler

        • Re: Data security issue with further rollout of QlikView
          Gysbert Wassenaar

          You should really get hold of a network security consultant to discuss the options and pro and cons. If you want to secure the network traffic between the branches you could create VPN connections between them. That way all the data going over the VPN will be encrypted. The Access Point can be configured to allow only https requests so the data exchanged between the users browser and the Access Point will be encrypted. You could even use client certificates to add an additional layer of security. Users can be authenticated against an Active Directory so they won't need to use a login screen to access the Access Point. I think that does mean that all the users (from all branches) would have to be part of the same domain, but I could well be wrong. I don't really know enough about this to say for sure.