Articles in this section
Category / Section

Best Practices for Securing Bold BI Server and Access to Database on a Different Server

Published:

Introduction

When the Bold BI server is installed on one machine and the database is hosted on a separate server, it is crucial to implement a robust security model that addresses both data-in-transit protection and access control. Below are best practices to enhance the security of your Bold BI deployment.

1. Network Security

  • Private Network / VPC Peering: Place the Bold BI server and the database server in the same secure network segment (e.g., same VPC, VLAN, or subnet). Avoid exposing the database directly to the public internet.
  • Firewall Rules: Restrict database access so that only the Bold BI server’s IP address can connect. Block all other inbound traffic.
  • VPN / SSH Tunneling (if remote): If the BI server and database are in different networks, use a VPN or SSH tunnel instead of direct public connections.
  • For more details, please refer documentation:
    Network Security
    How to configure IP Whitelisting

2. Encryption

3. Authentication & Access Control

  • Least Privilege DB Accounts: Create a dedicated database user for the Bold BI server with the minimum required permissions (e.g., read-only for reporting, no DDL rights).
  • Strong Authentication: Use strong passwords or, if supported, certificate-based or Kerberos authentication.
  • Rotation & Secrets Management: Store database credentials securely and rotate them regularly.

4. Monitoring & Auditing

  • Audit Logs: Enable database logging to monitor queries from the Bold BI server account.
  • Alerting: Set alerts for unusual access patterns (e.g., large data exports outside reporting hours).
  • Bold BI Server Logs: Bold BI provides audit and query logs that help administrators monitor user activities and data-query performance. Administrators can track which users accessed specific dashboards or datasets and review related query metrics for accountability.
  • For more details, please refer documentation:
    Audit Logs
    How to get user audit logs in Bold BI®
    Tools for Monitoring and Improving Dashboard Performance and Query Execution

5. Server Hardening

  • Patch Management: Keep both Bold BI and database servers up to date with security patches.
  • OS & DB Hardening: Disable unused ports/services, enforce strong OS-level authentication, and apply CIS hardening benchmarks if available.
  • Segregation of Duties: Keep Bold BI server administration and database administration roles separate.

6. Optional Enhancements

  • Row-Level Security (RLS): The Bold BI tool supports RLS, allowing for user-specific access control at the data layer using RLS.
  • Data Masking / Tokenization: Mask sensitive fields (PII, PHI) before they leave the database when possible.
  • WAF & IDS/IPS: Add a Web Application Firewall (for the Bold BI server) and Intrusion Detection/Prevention for the network segment.
  • For more details, please refer documentation:
    Row-Level Security(RLS)

By following these best practices, you can significantly enhance the security of your Bold BI server and its access to a database hosted on a different server.

Additional References

Was this article useful?
Like
Dislike
Help us improve this page
Please provide feedback or comments
44
Written by Livin Iruthaya Raj Thiruthuva Raj I
Updated:
Comments (0)
Please  to leave a comment
Access denied
Access denied