At DashThis, we take your data security very seriously. Many of our clients fear that their competitive information could fall into the wrong hands, and we totally understand that. Here’s how we deal with the security of your account and information at DashThis:
DashThis uses heavily encrypted URLs to provide a high level of security. For example, in this dashboard URL:
The “MlZvD_iCYEqEYd-EhkKclA” part is what identifies the dashboard. This is built from a 128 bit unique ID, or if you are techie, a Globally Unique Identifier (GUID).
How unique is this? Well, 128-bits is big enough and the generation algorithm is unique enough that if 1,000,000,000 GUIDs per second were generated for one year, the probability of a duplicate would be only 50%. Or if every human on Earth generated 600,000,000 GUIDs, there would only be a 50% probability of a duplicate.
In short, don’t worry with the probability of someone guessing your dashboard’s URL.
Why do we use these encrypted URLs? Only to simplify the reporting process: there is no need to provide your clients with yet another set of credentials they could lose.
But what if a dashboard URL has been compromised? For example, you accidentally broadcast your dashboard URL on Twitter! Or simply because an employee left and you want to make sure he or she doesn’t have access to the reports anymore? You can re-generate the link for any dashboard:
Extra security by adding a PIN to any dashboard
“But my client is still not comfortable having a report without a password. What should I do?”
We understand that. That’s why you can add a PIN (personal identification number), which is basically an access code required to gain access to the report. From a security point of view, this doesn’t add much security as this PIN will most likely be sent by email along with the encrypted report URL. To be safe, you should at least send both separately. However, from a client point of view, this will reassure them and that’s the big benefit we are looking for here.
Restrict IP addresses
On top of that, you can also restrict access to all your dashboards by IP addresses. This is useful if you are, let’s say, in a private network, like a bank or a government entity. This way, you are certain nobody outside of the authorized IP addresses will have access to any of your reports.
Also, you can activate the access log so you can monitor every access to all dashboards.
Even though our encrypted URLs are very secure, we understand how tricky this matter can be for a variety of clients. Many feel more secure behind a fully controlled password-protected environment. This is why we offer integrated security using an authentication API. There is no need for a complex mechanism; you simply handle your clients’ authentications within your Intranet. Then, you ask for a secured token via our API. This token will be required to access all of your dashboards and that will be the only way to access any dashboard. No direct access will be allowed. It’s as easy as that!
The API is not public and is offered exclusively to our partners. Contact us for more information.