I was recently speaking with a customer who expressed a common concern. Because of COVID-19, their entire finance team was forced to work remotely and they were concerned about the risks of executing critical financial transactions. Purchasing, payroll, expenses, everything… all being done from unknown locations and on devices they couldn’t regulate.
From Convenient to Mandatory
It got me thinking, prior to COVID-19 the objectives for enabling remote access to PeopleSoft had mostly been out of a desire for productivity and convenience. For years, Appsian has been working with forward-thinking organizations who identified remote access had significant value. Post COVID-19, organizations are in ‘survival mode’ and have no choice but to open access to their most sensitive financial transactions – and hope for the best. The potential for ‘adding insult to injury’ (ie financial losses) in a remote environment is enormous, and like any rapid pivot, requires a strong strategy to be successful.
You Don’t Know What You Don’t Know
During our conversation, it became clear that their situation posed far more questions than answers. For instance, ‘confidentiality around salary has never been more important’ (I assume they’ve required some employees to take salary reductions) ‘how can I know who viewed salary information, or perhaps downloaded queries?’ ‘how can I be sure unauthorized vendors are not being created?’ ‘how can I be sure payroll is being issued correctly?’ ‘how can I be sure sensitive information isn’t downloaded to someone’s home computer?’ It became clear they were flying blind – and starting to panic.
Traditional ERP Visibility Come Up Short
None of the questions above were able to be answered in this customer’s current environment. It’s common knowledge that traditional ERP logging and analytics focus on troubleshooting errors and scanning for broad system vulnerabilities. They were not designed for understanding user behavior, data access, and usage. If the task is to ensure that data is not being accessed maliciously, exfiltrated, or business processes are not being exploited – ERP visibility comes up short.
This customer initially partnered with Appsian for Single Sign-On and Multi-Factor Authentication – both of which, they were happy to have! However, their attention had turned from intrusion prevention to incident response and risk management. While they had the capability to ensure user authentication was strong, they lacked the ability to understand what activity was taking place. And more importantly, if trends in user behavior were indicative of malicious activity.
How ERP Analytics Prevent ‘Adding Insult to Injury’
This is where ERP Analytics becomes essential. When ERP access is both remote and ubiquitous, the ability to detect and respond to malicious activity is greatly reduced.
Using the Appsian Analytics platform, customers are fully enabled to understand exactly how their ERP data is being accessed – by whom, from where, on what and why. With this information in hand, organizations are fully enabled to detect unauthorized activity and formulate a rapid response before damages become catastrophic.
Analytics Provide Peace-of-Mind
Needless to say, it feels good to provide true value to a customer. It’s not everyday that a customer comes to you, concerned that their business is in trouble (from a market perspective) and they are also concerned additional financial losses will follow (from a business process perspective.) This is where having available data and granular oversight will provide peace-of-mind. During unpredictable times, having as much information at your disposal is critical. This is especially true when sensitive financial processes are taking place outside of your office – essentially your direct control and watchful eye.
The Next Step…
If a lack of visibility is a concern, we’d love to talk. In a brief 30 minute session, we can outline how deep our Analytics can go, common use cases that are pre-configured in the platform, and how they can align to your unique business processes.
Put the Appsian Security Platform to the Test
Schedule Your Demonstration and see how the Appsian Security Platform can be tailored to your organization’s unique objectives