Looker: Public Sharing of Dashboards


Public Sharing of Dashboards

Data visualization and dashboards have emerged as critical tools in our data-driven world, facilitating easier decision-making and insights extraction. Looker, being at the forefront of this domain, offers capabilities to share dashboards. But when these dashboards are shared publicly, it can raise several security concerns. This article will outline why public sharing is problematic, how unintentional sharing might happen, and ways to prevent such inadvertent exposures.

The Risks of Publicly Sharing Dashboards

  1. Sensitive Data Exposure: Dashboards can often contain business-critical or private data. Sharing these dashboards publicly might expose sensitive information to unauthorized individuals or even competitors.
  2. Regulatory Violations: For businesses that operate under strict data protection regulations, like GDPR or HIPAA, public sharing can result in non-compliance, leading to financial penalties and reputational damage.
  3. Misinterpretation of Data: In the wrong hands, or without the proper context, data can be misinterpreted, which can result in misinformation or misleading narratives about a business.
  4. Breach of Intellectual Property: Apart from the data itself, the way it's visualized, analyzed, or the insights drawn from it could be proprietary. Publicly sharing dashboards can thus inadvertently give away strategic business information.

How Public Sharing Might Inadvertently Happen

  1. Lack of Awareness: Users might not be aware of the implications of sharing dashboards publicly and might do so for the sake of convenience.
  2. Mistaking Internal Links for Public: Looker provides both public and private sharing links. Users might mistakenly generate and share a public link instead of a restricted one.
  3. Default Settings: Some configurations or templates might have default settings that enable easier public sharing, leading to unintentional exposures if not appropriately adjusted.
  4. Absence of Review Mechanisms: Without a process to review and approve dashboard sharing actions, users might share data without realizing its sensitivity.

Strategies to Mitigate Public Sharing Risks

  1. Educate Users: Awareness is the first line of defense. Regularly conduct training sessions to inform users about the risks and implications of public sharing.
  2. Review Default Settings: Ensure that the default settings for new dashboards are set to private or restricted sharing. Public sharing should require deliberate actions.
  3. Implement Approval Workflows: Consider introducing a review and approval process for sharing dashboards. This adds an additional layer of scrutiny before data goes public.
  4. Monitor Dashboard Activities: Utilize Looker's auditing and logging capabilities to monitor dashboard sharing activities. Any unusual or unauthorized sharing should trigger alerts.
  5. Role-Based Access Control (RBAC): Use Looker’s RBAC to restrict who can create public sharing links. Limit this capability only to trusted and trained individuals.
  6. Periodic Audits: Schedule regular audits of shared dashboards. Check the sharing settings and validate whether the dashboards still need to be shared and with whom.

The convenience of sharing data should never come at the cost of security and privacy. While Looker’s dashboard sharing capabilities are powerful, they need to be wielded with caution. Through a combination of user education, robust processes, and utilizing Looker's built-in security features, organizations can share insights without compromising data security.