Human Resources Security Risks with WebFOCUS
Get acquainted with new technologies is an integral part of my work. It is always very interesting and educational. In elaborating a question of possibility to participate in WebFOCUS project with colleagues from Finland, I conducted research of the subject area applied to human resources and risks associated with it. The human factor is one of the most serious risks in IT industry. By the 1st of September, the Day of Knowledge, I wrote this article.
What is WebFOCUS
It is a modern Business Intelligence system for huge corporations. Official website.
- Highly proprietary. A fixed market share without perspectives to expand. Reference.
- Lack of public tutorials. Expensive learning courses instead, $5600 for a basic course. Self-learning guides cost $250 per guide and is time-limited to read. Reference.
- Windows-only IDE.
- 4GL language. Reference.
- No open labour market to hire specialists. Read below in "WebFOCUS Specialist Portrait" chapter.
- (Very) Detailed manuals. However, they are useless without tutorials. Documentation of version 8.x, version 7.7.x.
- Cross-platform. Except IDE, which is Windows-only.
- 4GL language. It is a minus too, see above.
- Intended to parse huge data sources. Can run on mainframes.
- Innovative. Reference.
- Time proven system. Company and its BI products exists since 1975.
WebFOCUS Specialist Portrait
It is an employee of a huge corporation. His WebFOCUS training and experience he get while working at this corporation. It is impossible to learn this system just googling and reading books at weekend. It is a highly specialized expert. The BI skills itself can be obtained from university statistics courses, accounting courses. This knowledge can be used across different BI systems. WebFOCUS technical knowledges can't be used anywhere else, i.e. in another BI system or in areas of application programming. Such expert will not be able to quickly change his specialization, which highly limits its competitive advantages on the labour market.
WebFOCUS specialist is always a programmer. He can have beginner programming skills and work mostly with IDE GUI and a bit with 4GL. It is usually an employee on a management position with tech university background.
He can be a junior developer. He will create different reports based on requests from a manager.
System administrator is a must-have employee for WebFOCUS maintenance. The technology highly related to *nix systems and Java stack. He may not have expert experience with WebFOCUS UI or programming skills, his main task is to guarantee high level of maintenance of systems: WebFOCUS, as well as its data providers like databases and existing corporate systems.
For successful operations of BI tasks WebFOCUS system must be kept up to date. In a common scenario it's necessary to have 4 specialists:
- A manager, who will invent report types and assign development tasks to programmer.
- A programmer (junior developer), who will carry out tasks related to report generation and UI.
- A senior developer, who will carry out low-level programming tasks and engineer system integration with existing corporate systems.
- A *nix system administrator, to maintenance WebFOCUS and its data sources.
It is a typical in-house approach. Due to lack of open labour market for this speciality the whole team must be trained inside the corporation. Pay attention that training must include instilling high moral principles due to high security risks (see chapter below).
In the present case in-house allows distributed team. A manager and a system administrator must work on-site, but both programmers may work remotely.
Business Intelligence is one of the most sensitive sources of private information. Business indicators of the company may be a tempting target for competitors. On the other hand, the information obtained by BI should be reliable and timely. This imposes restrictions on the team:
- High moral principles. This is a standard requirement for managers and system administrators, but non-standard for programmers.
- High level of professionalism. Errors in data processing may lead to incorrect market estimates and loss of competitive advantages.
The most preferred way to eliminate security risks is to have trained in-house team. Another good option is to sign a long-term contract with external consultants, who will be able to take in-house approach.
Freelancers is not an option at all. Even if you can find a freelancer who declares WebFOCUS in his competences (which is hardly possible) don't allow him to get into your BI data, even "to make a small fix in report". It leads to potential leakage of confidential data and may harm your company much more than you will spend funding in-house team.