Data DiscoverySecurity

This applies to: Visual Data Discovery

Symphony provides robust data security that ensures the "three As" of security -- proper authentication, authorization, and accounting of the visual analytics environment. Additionally, its architecture provides inherent data security.

Authentication

Administrators can manage access to the application by creating user accounts in Symphony, or by synchronizing with an authentication identity provider (idP) to take advantage of centralized user management and authentication.

Symphony adheres to standards-based methods for defining and enforcing security. This includes Trusted Access, a default in-house developed security methodology that allows for machine-to-machine authorization of Symphony resources when embedded in your application, using delegated authorization.

Other supported standard authentication protocols include Kerberos (SPNEGO), X.509, and SAML2 for single sign on, along with plug-ins for LDAP and SAML2 IdPs to facilitate user and permissions verification. Where available, Symphony can authenticate as a microservice using Kerberos or LDAP on connections to data sources.

Authorization

Symphony's authorization security model allows administrators to configure user access to data sources, attributes, and records. Fine-grained access control is configured at the group level with permissions passed via inheritance to the groups members (users).

For data sources that support delegation, pass user credentials as a connection parameter. When enabled, the database authorization polices are enforced on queries so that they run with that user's privileges.

Accounting

Advanced accounting permits logging of all data a user viewed while using Symphony. This is performed by logging all WebSocket data transmitted to the user's browser. All user activity can be recorded in they Symphony application logs in your instance.

Inherent Data Security

Symphony is inherently secure because there is no need to extract or move data out of secured platforms. Direct data connectivity, push-down processing, adaptive caching, Data Sharpening™, and standards-based authentication and authorization (including user delegation) make it possible to securely work with the most current data in your data stores. Restricting the movement of data is a critical requirement for organizations that must regulated and monitor access to sensitive information, and whose data is too big to move.