BI Battles Risky Business

Cognos, the provider of business intelligence and performance management solutions, announced today the results of a security evaluation of its recently released flagship product, Cognos 8 Business Intelligence. The evaluation, conducted independently by Symantec Corporation, showed Cognos's product is able to deliver minimal security risks. The level of security the product provides points to the increasing risk of company-wide information loss and the call for vendors in the BI space to tighten up their security offerings. "What we're finding that as organizations right now are caught [between a rock and a hard place], where IT wants to get more information into more people's hands, and with that comes increasing concerns about security," says Harriet Fryman, senior director of product marketing for Cognos. She cites the increasing use of mobile technology in locations that are not secure as part of the growing risks IT departments face in the battle to keep their companies' and customers' information safe. To step up to the safety plate, Cognos developed Cognos 8 BI with security surrounding authentication, access control, data level security, application firewall, and encryption. These measures include the leveraging of third-party authentication, better customer control over BI activities, and firewall monitors to counter the threat of unauthorized access to the server. While the report found that "none of the capabilities assessed contained high risk instances of common Web-application vulnerabilities," Cindi Howson, president of ASK and author of the BIScorecard, says that Cognos 8 BI represents a step forward for the company in terms of security, noting that before Cognos 8 the separate components of the company's solution were keeping it behind. However, with the newest version, Howson says, "I would say they're now on par with the other vendors." She sees the use of third-party authentication as one of Cognos's greatest security standards, but she notes that other vendors are developing this option. Fryman asserts that Cognos is focusing on security right now because its customers are demanding a higher level of information safety than just "a check box item of a user ID and password." While Howson states that the company and its customers have always been highly concerned with security, the extent of the threat is bigger now that more companies are adopting enterprise solutions. "If you go back five years ago, when there were so many more departmental deployments--if you had one breach then one department was hurt," she says. Now, with all the departments of a company linked in one system, a security breach means jeopardizing all information across all segments and sectors of a business, including personal and HR data. Although companies like Cognos are continuing to build out their security offerings, Howson says there is still a long way to go before they can give themselves a good pat on the back. She explains that finding the perfect balance of security to make sure that a system is both airtight and accessible is one of the biggest challenges vendors face today. "I don't think anybody has figured out a magic bullet for what is the right balance." Related articles: BI Keeps an Open Mind Cognos Faces Forward