Zoomdata provides robust data security that ensures the "three As" of security -- proper authentication, authorization, and accounting of the visual analytics environment. In addition, its architecture provides inherent data security.
Administrators can manage access to the application by creating user accounts in Zoomdata, or by synchronizing with an authentication identity provider (IdP) to take advantage of centralized user management and authentication. Zoomdata adheres to standards-based methods for defining and enforcing security. Supported standard authentication protocols include Kerberos (SPNEGO), OAUTH2, X509, and SAML2 for single-sign-on to Zoomdata along with plugins for LDAP and SAML2 IdPs to facilitate user and permissions verification. Where available, Zoomdata can authenticate as a microservice using Kerberos or LDAP on connections to data sources.
Zoomdata’s authorization security model allows administrators to configure Zoomdata user access to data sources, attributes, and records. Fine-grained access control is configured at the group level with permissions passed via inheritance to the group’s members (users). See role-based access control (RBAC) in Zoomdata.
For data sources that support delegation, user credentials can be passed as a connection parameter. When enabled, the database authorization policies are enforced on queries so that they run with the users’ privileges.
Advanced accounting permits logging of all data a user viewed while using Zoomdata. This is performed by logging all WebSocket data transmitted to user’s browser. All user activity can be recorded in the Zoomdata application logs on the Zoomdata server.
Traditional BI cannot handle the load of big data, and to compensate, they recommend reducing the field scope and aggregating data to an arbitrary level to achieve data sets that are manageable in size. This not only reduces the value of the data, it introduces risk and hidden personnel costs because multiple copies must be secured, managed, and monitored.
Zoomdata is described as being inherently secure because there is no need to extract or move data out of secured data platforms. Direct data connectivity, push-down processing, adaptive caching, Data Sharpening™, and standards-based authentication and authorization (including user delegation) make it possible to securely work with the most current data in your data stores. Restricting the movement of data is a critical requirement for organizations that must regulate and monitor access to sensitive information, and whose data is too big to move.