I hope the new normal is treating you well there.
Yeah so, whenever a BI expert thinks of an out of the box impact through visualizations, Custom Visuals is one of the big ideas that comes into the mind.
Are Custom Visuals really safe???
Data is everything in today’s tech-savvy industry. One untrusted source is enough to expose out all the information either of the customers or the company’s internal data.
Before proceeding with its security support, let’s understand what the hack is a custom visual!
It allows a developer to create rich user experiences inside the Power BI reports that can extend the visualization abilities, interpretation of the data and analytical capabilities of data analysis and business intelligence.
There are 3 ways to deploy custom visuals for use by report builders:
- Sharing a .pbiviz file
- Adding to the organizational visuals tenant repository
- Having users download visuals from the marketplace (AppSource)
When you receive and use a .pbiviz file, you are taking responsibility for assessing data security. When your Power BI admin deploys a custom visual to the organizational visuals repository, they are approving the visual for use inside your organization.
If you are using visuals from the marketplace, you will need to check the information provided about data privacy, and it’s not all that straightforward at the moment.
One thing that makes understanding data privacy in custom visuals easier is the designation of a certified custom visual. One of the requirements for certification is ” Does not access external services or resources, including but not limited to, no HTTP/S or WebSocket requests go out of Power BI to any services.”
Are the Uncertified Custom Visuals not safe???
Uncertified visuals are not necessarily less secure than custom visuals, but they have not been tested by Microsoft to confirm security. Any random person can create a custom visual, which is pretty cool and also potentially dangerous for data security.
A Disclaimer Placed on Uncertified Custom Visuals. But unfortunately, it is at the bottom of the visual description.
This is helpful, but there are a couple of objections with it:
- This information is at the bottom of the visual description. Once you select a visual from the list, you most likely need to scroll down to see this note.
- This is generic, boilerplate language added by AppSource. They are basically saying that it is possible that the visual might send data over the internet. They are not telling you that it definitely does!
How to check if the visual is safe???
Custom Radar Chart
What Have We Learned?
I hope this blog on custom visuals must have given you an idea about the data privacy. In the end, I would suggest to only use the prebuilt visuals in Power BI unless you really need a custom visual. If needed, use a trusted certified visual only.
Thank you for your time here.
Addend Analytics is a Microsoft Power BI-partner based in Mumbai, India. Apart from being authorized for Power BI implementations, Addend has successfully executed Power BI projects for 100+ clients across sectors like Financial Services, Banking, Insurance, Retail, Sales, Manufacturing, Real estate, Logistics, and Healthcare in countries like the US, Europe, Switzerland, and Australia. Get a free consultation now by emailing us at email@example.com.