Looker: Data Connection Security


This guide covers optimizing Looker's data connection security, detailing SSL, SSH tunneling, firewall setups, monitoring, and best practices for enhanced data protection.

Looker's capability to connect with a myriad of data sources is one of its strengths. Ensuring secure connections is paramount to maintain data integrity and confidentiality. This guide elaborates on Looker's data connection security measures and offers best practices to maximize protection.

1. Understanding Data Connections in Looker

1.1. Data Sources Looker supports various data sources, from traditional databases like MySQL and PostgreSQL to modern data warehouses like BigQuery and Snowflake.

1.2. Data Connectivity Types Connections can be:

  • Direct: Looker connects directly to the data source.
  • Through JDBC: Java Database Connectivity is often used for SQL-based sources.

2. Setting Up Secure Data Connections

2.1. Secure Sockets Layer (SSL) Ensure SSL is enabled for data connections.

  • Navigate to the Admin panel > Database.
  • When adding or editing a connection, check the "Use SSL" box.

2.2. SSH Tunneling For additional security, especially for data sources outside your network:

  • Enable SSH tunneling during the connection setup.
  • Provide SSH credentials and ensure the SSH server is properly configured.

3. Firewall Configurations

3.1. Restricting IP Access Limit which IPs can connect to your data source.

  • In your database firewall settings, whitelist only Looker's IP and other necessary IPs.

3.2. Port Management Ensure only required ports are open, minimizing potential vulnerabilities.

4. Database User Permissions

4.1. Principle of Least Privilege Create a dedicated database user for Looker with only the permissions it needs (e.g., SELECT).

4.2. Periodic Permission Audits Regularly review and update database user permissions to eliminate potential risks.

5. Monitoring and Alerts

5.1. Connection Logs Monitor logs to detect failed connection attempts or other suspicious activities.

5.2. Setting Up Alerts Use Looker’s in-built alerting or third-party tools to get notified about unusual activities.

6. Backup and Redundancy

6.1. Regular Backups Ensure regular backups of your data sources for recovery.

6.2. Secure Backup Data Ensure backup data is encrypted and stored securely, whether on-site or on the cloud.

7. Testing Data Connection Security

7.1. Penetration Testing Regularly conduct penetration tests to check vulnerabilities in your data connections.

7.2. Security Assessment Tools Use tools to assess the security level of your connections and get recommendations.

8. Best Practices

8.1. Regularly Update Credentials Rotate passwords and access keys periodically.

8.2. Two-Factor Authentication (2FA) If your database supports it, enable 2FA for an additional security layer.

8.3. Use Virtual Private Networks (VPN) For remote connections, always use a VPN for enhanced security.

Data connection security in Looker is multi-faceted and requires diligent setup and continuous monitoring. This guide is a foundational resource, but always refer to Looker's official documentation and your database's guidelines for a comprehensive understanding and up-to-date practices. Properly implemented, these measures will fortify your Looker's connection security.