0
In Review

Security enforcement on Report Distributions

Ben Mason 9 months ago in Insights / Reporting updated by Kevin 8 months ago 4

Report Distributions can be sent to non-users, and this is a useful feature. However, it would be helpful if the system would provide filtering to only allow certain email domains to be valid, the system not allowing data to be sent outside of the company.


Business Case: The info security team at company ABC wants to ensure that report distributions (which contain confidential information) can only be sent to company ABC email domains. Perhaps this could be accomplished parameter, once configured the parameter acts on the pages where report distributions are setup – when saving a report distribution page to validate the domain of the emails prior to saving the reporting distributions. The parameter could be in an non-editable location, for example handled with the licensing setup.


This could be configured so @companyABC is the only valid domain:

johnsmith@companyABC is valid

johnsmith@companyXYZ is not valid – not allowed to be saved

johnsmith@gmail.com is not valid – not allowed to be saved

Ben, I am reviewing this one.

Hi Ben, I understand the request here, but I don't see a lot of added security with this feature given any user who has access to the report distribution configuration would also have the ability to run the report, export it, and email it out to any user. How does this help secure the report for you?

Hi Tarun, yes however multiple layers of security are already in place for many corporate email systems which filter, track, flag, and disallow certain actions. Typically, that loop has already been closed.