Screenly Launches Hyper-Secure Power Bi App To Integrate Visualized Data Tools And Digital Signage

October 18, 2023 by Dave Haynes

There are numerous CMS software companies indicating in their features and benefits that their platforms have integrated with Microsoft’s popular and powerful business intelligence and data visualization tool, Power BI.

I don’t have enough nerd in me to discern what’s the optimal way to go at this, but I asked Bristol, UK-based Screenly CEO Viktor Petersson what was distinct about his company’s newly announced Power BI app – given the assertion that it meets the very high online security requirements of Fortune 500s.

Screenly suggests its new Power BI Edge App sets itself apart from competing CMS platforms in at a couple of key ways:

1. Encrypted Secrets: Say goodbye to unprotected secrets. Thanks to advanced technologies such as the Trusted Platform Module (TPM) within our Screenly Max Player and Public Key Infrastructure (PKI), your secrets are securely safeguarded. Only the designated player can access these secrets, and they are never left exposed on some random storage medium. Your data is held under the highest security.
2. Write-Only Secrets with RLS: All our secrets are akin to confidential agents – they are write-only and shielded by Row Level Security (RLS) within our database cluster. Neither our team nor users can access these secrets. Only our ultra-secure backend can retrieve them when required.

A lot of that reads like Martian to me, so I asked Petersson by email if he could provide some explanation and context.

His take:

First, let’s take a step back. When accessing dashboards that are behind a login, there are three primary methods:

1. JavaScript Automation: Through this, we employ JavaScript to automate the login process. It’s something we’ve utilized occasionally, but it’s more of our plan B. The reason being, it’s prone to errors and isn’t the gold standard in security. There’s always that risk of someone (or something) can gain access to the credentials.

2. Public URL: Some dashboard systems, including Power BI, offer this feature. It’s akin to having a secret handshake. However, there isn’t a robust security layer, so if the link gets out, anyone with that link has an open invite.

3. Native Integration: This is our preferred route, and some other companies have touched on that a bit, as well.

From Petersson:

Where we stand out is in our comprehensive secure approach. Starting with our setup in Power BI (or more precisely, Azure), our method diverges from that of others. They rely on an individual’s account for dashboard access, which might be quicker but sacrifices some security layers. We opt for a tighter approach, anchoring all security protocols to a designated ‘Application’ in Azure. This ensures the app gets just the essential permissions. Both our client’s tech team and Microsoft regard this as a top-tier security method.

When it comes to content delivery, we capitalize on Edge Apps’ features, ensuring airtight encryption. This robust setup guarantees that data remains inaccessible, even if someone tried to fiddle with the device’s hard drive. Additionally, all the authentication is conducted on the device itself, courtesy of the Edge App. This means playback remains consistent, even if our back-end faced hiccups. Many other vendors might just send the raw data, stored without encryption, directly to the device. That’s a risk we’re not willing to take.

The significance? Compliance. 

Working with Fortune 500 companies means adhering to rigorous security protocols. Especially when deploying devices in high-footfall areas. Some of the dashboard content is of paramount importance. In the wrong hands, it could lead to malpractices like insider trading. Hence,  methods 1 and 2 were out of the question, and method 3 underwent meticulous scrutiny.