All Posts By

James Beresford

PowerBI Desktop Security Risk!

By | Uncategorised | No Comments

Who doesn’t love PowerBI Desktop? Enterprise BI capability on your desktop for free! You can connect to virtually any source, pull all the data from it and start creating powerful analytics in a matter of minutes. Brilliant! But PowerBI Desktop Security Risk is rarely considered….

PowerBI Desktop Security Risk

PowerBI Desktop Security Risk

Sorry, did you just say “Pull all the data”?

Oh yes. All of it. Everything the developer has access to. You know how business owners used to stress about sales people having their own black books or stealing the customer data? This is so much worse.

If someone (not even a PowerBI developer) has enough access to one of your systems they can pull everything they want from it into PowerBI. There may be some restrictions put in place at the application level which restrict what can be pulled, but users find them annoying and so often access to the data is often very generously granted. The risk then lies in these two factors:

  • Any application security is removed by pulling the data into PowerBI. All those logins that prevented application access now have no effect.
  • A PowerBI file is an unencrypted store of all that data and is easily shared. It can’t even be password protected.

Most of the time this is not really a big concern – people are trying to do the right thing and just want the data to do their jobs. But there are two key scenarios where this risk becomes problematic.

Scenario 1: Malicious actor

Someone within the business wants your data for their own purposes and needs a simple, portable store to take it off your systems. PowerBI is a great tool for pulling large quantities of data and making it highly portable. As PowerBI Desktop is free, once someone has a PowerBI file, they have a means of reading all that data at their convenience.

Scenario 2: Naïve actor

A user builds a piece of valuable reporting that helps someone external to the organisation. They email it to that 3rd party, forgetting that some of the working data has client personal information in it. There has now been an inadvertent data breach for your business to control.

How do you limit the PowerBI Desktop Security Risk?

As with all issues to do with governing risk, there are a mix of hard (technical) and soft (policy) tools you can bring to bear to the problem.

On the “hard” front, first is your Data Loss Prevention software which actively stops PowerBI files being distributed outside of your organisation by email, upload or whatever methods of egress you want to control. Second is controlling the spread of the software by limiting who can actually install it on their desktops. Finally, keep a better grip on your data through rigorous access control, and deploying tools such as Azure information protection to keep an eye or lock on sensitive data.

On the “soft” front, your teams need to be educated on the risks of data loss, costs of data leakage and how it can happen. It won’t deter malicious users much – but it will at least give the naïve actor pause for thought.

How does my organisation protect itself?

PowerBI presents risks but it also offers the ability to really drive data driven decision making in your organisation. It just needs to be governed and directed properly to make sure you maximise the benefits while minimising risks. We have advised many organisations on just this – please reach out to us if PowerBI is in growing your organisation and needs to be properly managed as part of an Enterprise PowerBI implementation.

 

PowerBI Governance – it grows like Mushrooms!

By | Uncategorised | No Comments

PowerBI Governance strangely coincides with one of my other hobbies. I have had a lifelong interest in hunting mushrooms, and was recently gifted a copy of an Australian Field Guide, which helps a lot as my existing knowledge is UK based and not just irrelevant but potentially deadly.

Now, first the science bit: Mushrooms themselves are actually just the most visible part of the whole fungi, which is actually a huge network of mycelium growing in the ground, or in an old tree trunk or whatever its preferred food is. A mushroom is the just the fruiting body of the fungus itself. By the time you see a mushroom, the fungus itself is well established and growing healthily.

PowerBI Governance Mushrooms

PowerBI Governance Mushrooms in the wild!

PowerBI – by the time you see it, it’s already established

From an organisational perspective, PowerBI Governance and mushrooms have a lot in common. By the time a leader becomes aware PowerBI is in the organisation by having spotted a wild dashboard – it usually means it’s got into many parts of the organisation in a wild and unmanaged state.

This isn’t a problem in itself; a few wild gems here and there are good thing to find and can add value to the business. However as with wild mushrooms, telling the good from the bad is not a simple task. Superficially one report can look very much like another – but one can contain the poison of bad data or incorrectly applied business rules – and there’s no way to tell from just looking at it.

This why we farm our mushrooms

To ensure our mushrooms on toast doesn’t end up killing us, we farm mushrooms to make sure we get a safe, edible species to eat. Similarly for PowerBI, once we start consuming it we want to be able to confident of its provenance. This means that you need to move from a business led anarchic state to something more managed.

There’s a lot of models for delivering an Enterprise PowerBI platform but they boil down to 3 approaches:

  • Business Led, bottom up
  • IT Led, top down
  • Hybrid – IT Managed, Business Developed

Which one is right for your organisation will depend on your particular structure and culture. Typically the Hybrid model delivers best results though, as IT manages the technical components – building data sources and so forth – and Business manages the consumables – reports & analysis on that data. Each area plays to its strengths.

Applying governance to your PowerBI deployment

Managing a balance of responsibilities between IT and Business is never easy and so laying some ground rules is essential. Things that need to be considered include:

  • Who is accountable for the validity of the data?
  • How is the service managed from a cost and capacity perspective?
  • What security risks are there and how are they managed?
  • How is adoption and effective usage going to be enabled?

All these things require careful thought and then enforcement through “hard” technical configuration and “soft” policies and guidance. There’s no right answer, and Microsoft’s continual updates mean the answer keeps changing – but my experience with organisations from Local Councils to Global Law Firms to Resource companies has helped me know the right questions.

If you are struggling with an emerging wild mushroom PowerBI deployment, we’d love to hear from you and see what we can do to help bring them under control as part of our Enterprise PowerBI offerings.

And a closing dad joke:

Q: Why does the mushroom always get invited to parties?

A: Because he’s a fun guy!*

Profisee

Profisee partner with Talos

By | Data Platform | No Comments

Profisee + Talos – Partnership Announcement

Profisee have formally partnered with Talos to help deliver MDM (Master Data Management) solutions to Australian business and enhance your Modern Data Platform.

Profisee’s Master Data Management software makes it easy and affordable for companies of all sizes to build a trusted foundation of data across the enterprise. Talos’ expertise ensures a successful implementation that delivers value to the business.

Why is an MDM solution important?

The key benefit of an MDM solution is to improve the quality of your data when it is held in multiple systems. This can quickly yield benefits by simple reduction of duplication of effort – for example reducing the number of mail recipients on a corporate Christmas card list!
An MDM solution is agnostic to the source systems but can integrate back to them to keep data clean. In plain English this means that you can independently manage the data that resides in multiple systems, but allow the MDM solution send cleaned data back to them.

A good tool supports ongoing stewardship and governance through workflows, monitoring and corrective-action techniques that can all be managed by an end user.

Why Profisee?

Profisee is ideal for companies looking to get started with MDM and seeking an easy-to-use, cost-effective and rapidly deployed MDM solution at an affordable price point. The price issue is significant and many enterprise MDM tools come attached with significant price tags and services overhead which may not suit many businesses.
According to Gartner, customers report Profisee offers an economically priced offering and favorable TCO. Combined with shorter implementation time frames, where Profisee has more implementations taking under three months than any other vendor in the 2020 Magic Quadrant, this makes it an ideal tool for initial MDM implementations.
Contact us to speak with one of Talos’s experts.
Contact us today







    The 3 faces of Enterprise PowerBI – Training Personas

    By | Uncategorised | No Comments

    PowerBI Training Personas! Since self service BI became an actual thing we have advised many organisations on how to roll it out successfully and give the best ROI and understanding the users is essential. A key mantra for us has always been to tune the content to the audience. After all, you book The Wiggles for your children’s party, not a heavy metal band (well, unless they are into Hevisaurus!).

    Over the course of working with organisations to define these audiences, consistently there are 3 personas that come up, each with their own needs with regards to enablement in terms of data and training. These 3 personas are:

    • The Actor
    • The Creator
    • The Analyst

    Lets have a quick walk through these PowerBI Training Personas!

    The Actor

    This user makes up the bulk of users in most organisations. Their use of data and reporting is as an input to drive or inform decision making. The individuals in these roles can range from the CEO who needs to have an at-a-glance dashboard of their organisations performance, to a field sales worker who needs to know the buying profile of their next client.

    The level of interactivity with any reporting will be basic – maybe selecting a few options or filters, perhaps drilling down a preset path to get some finer detail. Consequently the degree of training and enablement they need is fairly light. Key information for them is where to find the report, what the data on the report actually means and what buttons to press.

    The Creator

    This type of user is actually one of the most important in terms of organisational impact. These are the people that are tasked with generating content for the Actors, and as such have a deep understanding of the data in their domain. These are the people tasked to work with the technology experts to build out the data models that drive much of the self service capability.

    These users really get into the guts of the data and understand it in depth. When an Actor asks for explanation on a particular data point they are the ones that have to investigate. The technical training they need focuses on content creation and publishing. The enablement needs to cover things like business analysis skills, Master Data Management and Data Cataloguing.

    The Analyst

    Most people calling themselves PowerBI experts sit here, and most organisations have a handful of them – they are not a big population (though a vocal one!). They sometimes fill the role of creator but more often than not are trying to make sense of the organisations data, how it interlinks and where the hidden treasure lies. They “self-serve” from the raw data, constructing new ways to get insight into the organisations performance.

    Here enablement focuses on technical capability as they need to understand how to manipulate and interrelate data that may be in less than ideal forms and certainly hasn’t been through an enterprise cleaning process. Data Catalogues support them in the discovery process.

    To wrap

    The key message to take from this post is that when rolling out PowerBI at scale these different communities and capabilities need to be addressed – and in different ways. There is no value in sending all of your team on advanced PowerBI training if the skills learned will never find a practical application. Similarly if you build it, they won’t come – you need to guide them there.

    Good luck!

    (Adapted from an original LinkedIn article by the author)

    Azure ML PowerBI

    By | AI & ML, Data Visualisation | No Comments

    Leveraging Azure ML Service Models with Microsoft PowerBI

    Machine Learning (ML) is shaping and simplifying the way we live, work, travel and communicate. With the Azure Machine Learning (Azure ML) Service, data scientists can easily build and train highly accurate machine learning and deep-learning models.  Now PowerBI makes it simple to incorporate the insights from models build by data scientists on Azure Machine Learning service and their predictions in the PowerBI reports by using simple point and click gestures. This will enable business users with better insights and predictions about their business.

    This capability can be leveraged by any PowerBI user (with an access privilege granted through the Azure portal).  Power Query automatically detects all ML Models that the user has access to and exposes them as dynamic Power Query functions.

    This functionality is supported for PowerBI dataflows, and for Power Query online in the PowerBI service.

    Schema discovery for Machine Learning Service models

    Unlike the Machine Learning studio (which helps automate the task of creating a schema file for the model), in Azure Machine Learning Service Data scientists primarily use Python to build and train machine learning models.

    Invoking the Azure ML model in PowerBI

    1. Grant access to the Azure ML model to a Power BI user: To access an Azure ML model from PowerBI, the user must have Read access to the Azure subscription. In addition:
    • For Machine Learning Studio models, Read access to Machine Learning Studio web service
    • For Machine Learning Service models, Read access to the Machine Learning service workspace
    1. From the PowerQuery Editor in your dataflow, select the Edit button for the dataset that you want to get insights about, as shown in the following image:
    Azure ML PowerBI Edit Dataset

    Azure ML PowerBI Edit Dataset

     

    1. Selecting the Edit button opens the PowerQuery Editor for the entities in your dataflow:
    Azure ML PowerBI PowerQuery

    Azure ML PowerBI PowerQuery

     

    1. Click on AI Insights button (on the top ribbon), and then select the “Azure Machine Learning Models” folder from the left navigation menu. All the Azure ML models appear as PowerQuery functions. Also, the input parameters for the Azure ML model are automatically mapped as parameters of the corresponding PowerQuery function.
    Azure ML PowerBI AI Insights

    Azure ML PowerBI AI Insights

    1. To invoke an Azure ML model, we can specify the column of our choice as an input.

     

    1. To examine/preview the model’s output, select Invoke. This will show us the model’s output column, and this step also appears (model invocation) as an applied step for the query.
    Azure ML PowerBI Invoke

    Azure ML PowerBI Invoke

    Summary

    With this approach we can integrate all ML models (built using either Azure ML service or studio) with PowerBI reporting. This enables business to effectively utilise the models built by data scientists by any user (typically BI analyst) for relevant datasets based on the problem we are trying to solve (either classification/regression) or to get predictions. Utilising all these new enhancements of Microsoft PowerBI will enlighten business users with better insights and this in turn aids in better decision making.

    Let our Data Visualisation and Machine Learning experts help you explore the potential – contact us today!