Sharing Dashboards with External Users
Periscope Data offers a range of options for distributing reports and visualizations. When collaborating with external organizations, it is recommended to carefully consider how data will be shared and how to control that access. Three methods for securely sharing dashboards are provided - Spaces, Embeds, and Shared Dashboards. The method of sharing should be chosen based upon the data being shared and the organization accessing the data, as well as tradeoffs between convenience and security.
Spaces (Data-Level Permissioning)
Periscope Data recommends using Spaces where possible, as it is the most secure method to gate and restrict access to sensitive data. Spaces are especially useful when dashboards need to be customized on a per-organization basis. By creating a Space for each organization, then managing user account access to each space, administrators can control the accessibility of information at the individual level through permissioning and two-factor authentication.
Usage of Spaces entails implementation costs which must be considered when the set of organizations changes frequently or is growing rapidly. Upon the creation of a new Space, databases must be connected, users must be added with view-only permissions, and dashboards need to be built or recreated.
Periscope Data recommends that dashboards containing personally identifiable information (PII), protected health information (PHI), and other forms of privacy- or security-critical data to be exclusively shared via Spaces.
Using Embedded Dashboards inside a web application or web portal is a common way to share information with external organizations. Periscope Data's Embed API allows integration of dashboards inside an existing web- or app-based container.
Embeds do not require authentication, as access is typically controlled by the web page or app, and data shared in the dashboard is generally filtered based on user rights. This allows complete control over user and group management through the existing security/authentication framework of the web site or app.
Shared Dashboards (Password-Protected Public URL)
To support more casual collaboration, or handle use cases where consumers of data change frequently and Spaces or Embedding are not practical, Periscope Data offers Shared Dashboards. These are designed for convenience and have limited access control provisions, as Shared Dashboards are accessible to anyone who has the URL. While Shared Dashboard URLs are not easily guessed, there is no guarantee of security through obscurity.
To further restrict access, password-protection can be enabled, but the consumer of the content is responsible for managing access. Shared Dashboards are designed for the use case where the data is not security-critical. The following security implications should be considered:
- Multiple users can use the same password to access a particular shared dashboard
- There is no user-level password reset (however, dashboard passwords can be changed)
- Passwords are stored, not hashed, in order to be visible to the dashboard owner within the UI
Passwords set on shared dashboards do not support minimum password length or complexity requirements, and do not expire unless explicitly disabled or the password is changed. Passwords do not ‘lock out’ after repeated failed entry attempts since multiple users use a common dashboard password.
Shared Dashboard passwords can be changed at any time by the owner of the dashboard, at which time the new password must be provided to any users requiring access. Periscope Data recommends that passwords are updated on a regular basis and shared to only those who require access.
Periscope Data encrypts and stores the password for a Shared Dashboard, instead of using a salted hash. Shared Dashboard passwords were implemented in order to facilitate the common use case where an external user needs to be given the password, without altering or disrupting access to those who already have it. Therefore, passwords are encrypted rather than hashed so they can be retrieved by the author of the dashboard when necessary.
Note: Storing passwords is generally considered less secure than storing salted hashes. Periscope Data recommends using unique passwords for shared dashboards and discouraging users from using passwords that are similar to their own account credentials.
Reach out to Periscope Data support with any data security questions or comments at firstname.lastname@example.org.