Microsoft strengthens Power BI security with new capabilities

With organizations migrating to the cloud and more people working remotely than ever before due to the pandemic, Microsoft on Wednesday unveiled new security capabilities for Power BI designed to enable organizations to keep sensitive data private.

The new Power BI security capabilities attempt to ensure organizations' data is secure in Microsoft Azure, data is secure when being used by employees throughout the organization and not in danger of being leaked no matter where they're located, and data is being properly governed.

The new capabilities do not, however, address data outside the Microsoft ecosystem stored in other cloud environments.

The aim of the new capabilities is to make analytics part of an integrated data security strategy rather than about system administration, according to Arun Ulag, corporate vice president of the business intelligence platform at Microsoft.

Meanwhile, the decision to enhance the security capabilities of Power BI in early 2021 comes as a result of the changing ways data is stored, accessed and shared across organizations, Ulag said.

The data security measures many organizations have in place -- permissions-based access, row-level security and object-level security related to dashboards and other data assets -- are the same ones that were in place at the turn of the 21st century, and that was fine for an on-premises setup with employees working with data all in one location.

The cloud, however, has altered the efficacy of such measures, and the pandemic has accelerated that change.

"With the pandemic, people have to secure data, but most people are accessing it from home," Ulag said. "I really worry that the whole business intelligence industry has not kept up. Unfortunately, we've been bringing our most critical information to the cloud, but the way we've been thinking about security is the same way we were thinking about security two decades ago."

As a result, Microsoft determined that the security capabilities of Power BI needed an overhaul. So, looking at five key aspects -- data residency, certifications, network security, data encryption and data-loss protection -- the software giant developed the security enhancements.

"Working across Microsoft, we're taking all of these five aspects so that we have a comprehensive security story," Ulag said.

Microsoft is pitching its security as a competitive differentiator because it's not just based on a BI tool but the entire Microsoft ecosystem, including Azure and Office 365. It's an advantage worth trumpeting.

That security story, meanwhile, is one that indeed is an advantage for Power BI users, according to Wayne Eckerson, founder and principal consultant of Eckerson Group.

"Security is a big concern among most companies," he said. "Microsoft is pitching its security as a competitive differentiator because it's not just based on a BI tool but the entire Microsoft ecosystem, including Azure and Office 365. It's an advantage worth trumpeting, at least for inbound traffic to Power BI."

In order to keep data protected in the Microsoft Cloud environment, new network security features include service tags that can be used to restrict an organization's network from the general internet while accessing Power BI using public APIs. Also, the tech giant added Microsoft Azure Private Link to provide secure access to Power BI through Azure networking private endpoints so data never crosses the internet.

In addition, an Azure Virtual Network (VNet) connectivity feature currently in preview will enable secure outbound connectivity from Power BI to data sources within the Azure environment.

"To access on-premises data from Power BI in the cloud, you needed to poke a hole through the firewall via a gateway, which is always a problem, but Microsoft has made this a tad easier with its VNet gateway," Eckerson said.

Meanwhile, to address data security outside the Azure environment, in December Microsoft added Microsoft Information Protection sensitivity labels enabling users to classify critical content in Power BI without stifling collaboration capabilities. The sensitivity labels can be applied to data sets, reports, dashboards and data flows, and the labels stay with the assets whether exported to Excel, PowerPoint or PDF files.

Those sensitivity labels, initially available for Power BI Pro and Power BI Premium, are now available for Power BI Desktop -- the free version of the platform -- as well.

Finally, new data governance features include an integration between Power BI and Azure Purview, a data governance service introduced in December 2020. Microsoft also added support for label inheritance so that classified data retains its classification as it's moved from its data warehouse through Power BI and ultimately to dashboards and reports, and management of content sharing to prevent data loss and any unusual activity that might raise a security alert.

"One of the things we realized a few years ago is that the security model had changed, so we felt like we absolutely had to do this," Ulag said. "Also, we saw a big opportunity to differentiate ourselves. There are things customers won't compromise, and security is one of those things."

While the latest Power BI update focuses on security, Ulag said future updates will be aimed at improving the user experience by making the platform easier to use, adding in more augmented intelligence capabilities such as integrating and embedding Power BI in all of Office and the rest of the Power Platform, and empowering organizations with better security and scalability.