4.1 Data in Analyzer Projects

By their very nature, Analyzer projects might contain sensitive information. To mitigate the risk of data exposure, use the following techniques:

  • Use an external Analyzer Database: Analyzer’s internal HSQLDB stores all project information locally where you run Analyzer. Using an external MySQL database to store Analyzer project information gives you better control over where this information is stored and how accessible it is. For information about configuring the Analyzer database, see Section 2.1.3, Database Settings.

  • Have consultants use local hardware: Because projects, data set instances, and reports can all contain sensitive data, consultants should use local computers and systems when working with Analyzer. This helps prevent sensitive data from leaving the site. If a consultant brings a computer on-site, all Analyzer projects should be deleted before leaving the site to help protect sensitive information.

    Even when using an external Analyzer database, projects contain sensitive connection information, including hostnames, usernames, and passwords that should be protected.

    NOTE:If consultants install their own licenses (activation keys) for Analyzer while using a customer’s local hardware, they should delete the license files from the local machine when their consulting engagement ends. Analyzer stores the license file in the user’s home directory.

  • Limit project exports: To prevent the copying and distribution of sensitive information, limit the export of Analyzer projects and connection profiles.

  • Limit reports: To prevent the copying and distribution of sensitive information, limit report generation that contains sensitive data. For more information about reports, see Section 3.11, Auditing and Reporting.