×
[searchandfilter taxonomies="search"]
Home / Blog / Australia Under Cyberattack – How to Quickly Implement “Zero Trust Security” in PeopleSoft

Australia Under Cyberattack – How to Quickly Implement “Zero Trust Security” in PeopleSoft

By Greg Sosna • June 23, 2020

Just a few days ago, the Australian Prime Minister, Scott Morrison announced that Australia is being continuously targeted by sophisticated, state-sponsored cyber-attacks. The hacking attempts were confirmed as widespread across “all levels of government,” including essential services and businesses throughout Australia. 

The attacks were reported to exploit system vulnerabilities within the public-facing infrastructure. They also included spear-phishing, aimed at harvesting passwords – specifically for privileged users like admin and service accounts. The attackers are actively targeting national intelligence and Australians’ private information. 

These attacks in Australia are a wake-up call for organizations to harden their security posture NOW!

Besides the basic principles of patching, using safe settings within applications and having a robust backup strategy – the Australian Cyber Security Centre recommends restricting administrative privileges and using Multi-Factor Authentication for all users. Especially while performing a privileged action or while accessing an important data repository. Organizations need to align their security strategy closely with the Zero Trust security model, based on the principle of “never trust, always verify.” 

Legacy ERP applications are both a prime target and highly vulnerable to these attacks

A lot of government agencies and businesses in Australia use legacy ERP applications like PeopleSoft, and these applications make luring targets for cybercriminals because of the wealth of sensitive data they contain.

These large scale ERP systems were not designed to be exposed directly to the internet as we know today. Opening them to remote access, especially now when organizations are trying to maintain continuity, has significantly increased the risk to sensitive information.

Your users are the weakest link in your security strategy – guard them!

The success of Phishing attacks relies entirely on users falling for them. Organizations can beef up security by making minor adjustments to their existing user authentication process. This can be achieved by the use of Single Sign-on (SSO) and Multi-Factor Authentication (MFA).

Implementing an SSO drives users away from using recurring, weak passwords. And MFA can help reconfirm the identity of a user when access comes from an unknown location or when a specific high-risk piece of information is accessed. 

Challenges with implementing SSO and MFA solutions for legacy ERP systems

PeopleSoft applications demand a ton of customization and added infrastructure to support these solutions. Most SAML based Id providers do not work with PeopleSoft because of the lack of native SAML support. To avoid the added effort and cost involved with custom projects, organizations must focus on building native SAML support within PeopleSoft. 

Similarly, there are reservations with many MFA providers as they can only be implemented at the login level. Enforcing MFA at login for every sign-on attempt can cause MFA fatigue. It also allows full access to information, even if the user forgets to lock screen or log out.

To strike a balance between security and usability, MFA can be enforced conditionally, for example, enforcing an MFA challenge when access is coming from an unusual location, or requiring MFA only for a sensitive field or transaction.

Appsian helps customers implement SSO and MFA within PeopleSoft quickly, with little effort. Please write to us at info@stgappsian.wpengine.com to kick start your Zero Trust Security project in your environment. 

Want to learn about our SSO and MFA Solutions in detail? Check out our buyers’ guides. 

Evaluating An SSO For PeopleSoft? Here Are The 6 Questions You Should Ask Your Potential Vendors

Effective Multi-Factor Authentication for PeopleSoft: 4 KEY CONSIDERATIONS

Join Our Upcoming webinars for the Australia (APAC) and ANZ Region.

Greg Sosna is part of our cybersecurity team, and he looks after our customers in the APAC and ANZ region. Join him and other subject matter experts presenting different strategies to protect and enhance your ERP investment today and well into the future.

Related Articles.

MFA Is A “Critical Security Baseline” for Your Zero Trust Strategy
MFA Is A “Critical Security Baseline” for Your Zero Trust Strategy
Following up on last year’s Executive Order to help improve the nation’s cybersecurity posture, the White House released a 30-page…...
March 3, 2022
Learn More
Image describes the material weakness access control violation and vulnerabilities
Material Weakness Series Part 3: Ineffective Transaction Level Controls
In the previous article of this series, we talked about data field-level controls and how you can resolve a data field-level…...
October 25, 2021
Learn More
Ineffective Data Field Level Controls are a Material Weakness
Material Weakness Series Part 2: Ineffective Data Field Level Controls
In the first article of our material weakness series, we addressed what a material weakness is and how an ineffective access control weakness can be resolved. This article will look at another critical…...
October 22, 2021
Learn More

Put the Appsian Security Platform to the Test

Schedule Your Demonstration and see how the Appsian Security Platform can be tailored to your organization’s unique objectives

Home / Blog / Improve SAP Access Policy Management During These Turbulent Times – and Beyond

Improve SAP Access Policy Management During These Turbulent Times – and Beyond

By Ryan Quinonez • June 16, 2020

In these less than ordinary times, organizations are dealing with disruption at a frequency higher than ever before. An unfortunate side-effect of this COVID crisis has been its impact on employees. Whether furloughed, laid off, or set to take on broader responsibilities, change is happening. And naturally, these changes must be reflected in your ERP applications’ access policy management.

The uptick in user provisioning is placing additional pressure on SAP security and IAM teams, already burdened with securing remote access to applications for people working from home. These days, you have to wonder if IT professionals are feeling like they’re chasing something they can’t keep up with. And that leads to problems. 

Joiners, Movers, and Leavers 

The user provisioning process typically encompasses three phases: joiners, movers, and leavers. In short, they are three separate scenarios – when employees are onboarded, when they switch positions/departments internally, and when employees leave the organization. Given COVID, leaving the organization could mean either termination or furlough.

If overburdened IT and security teams cannot address provisioning promptly, organizations are leaving themselves open to an onslaught of risk in times where cyber-attacks are peaking and employees are already feeling stressed out.  

Thanks to an enlarged threat surface from remote access, a compromised account can cause considerable damage before it is detected. Excessive privileges only multiply this risk. Alternatively, strained and disgruntled employees with excessive privileges may be tempted by fraud, especially in cases where segregation of duties (SoD) should be in play. If an employee was given extra responsibilities that necessitated new roles, potential conflicts might be overlooked.  

Three Tips for Improving SAP Access Policy Management 

Setting the roles is only one step. You don’t want to give everybody the same kind of visibility or access to data, depending on their role. This is a great time to invest in data security technology and establish more granular access policies. Here are three tips for improving your SAP access policy management: 

1: Leverage Attribute-Based Access Controls (ABAC) to Simplify User Provisioning  

Organizations with similar roles spanning multiple business units turn to role derivatives to ensure access is segmented appropriately. While effective from a control perspective, managing these roles can prove burdensome as the number of role derivatives multiply with each branch-off.

For example, a manufacturing organization has 50 functional roles shared by users across 10 different plants. Using role derivatives, they would end up managing 500 different roles to ensure access is segregated appropriately. The sheer scale can be overwhelming to your SAP security team to begin with – and now we’re adding in all the joiners, movers, and leavers from COVID-induced workforce changes.

The purpose of roles is to be scalable! We want access policies that are one-to-many, not one-to-one. To gain back simplicity and lighten the load on your IAM teams, organizations can extend their existing role-based access control (RBAC) model with attribute-based access controls (ABAC). ABAC allows you to easily bring fine-grained “attributes” into your authorization decisions. In the example above, one could go from managing 500 role derivatives down to 50 roles and 1 supplemental ABAC policy that can consider the differing factor, a user’s assigned plant code, to automatically segregate their access appropriately. 

2: Reduce Your Attack Surface with Fine-Grained Entitlements 

The Principle of Least Privilege is a crucial tenet in information security. The goal is to minimize risk by providing users with the minimum level of access needed to perform a task at hand. This is the purpose of existing role-based access controls – e.g., an HR manager should not have access to finance transactions because it is out of their scope. However, this does nothing to protect data within their scope. Should the HR manager have access to social security numbers or compensation data at all times? After hours? Remote? The answer is likely, no.  

Organizations can reduce their amount of accepted risk by applying granular business policies and access controls to strengthen data-level and transaction-level security. Leveraging ABAC, you can enforce risk-aware controls to place limitations on what users can access within your application, from where, when, how they can access, and what they can do with data. ABAC provides an additional level of security by incorporating additional context like geolocation, time of day, and IP address. This ensures appropriate user access and prevents users from having more access than they need. Want sensitive data masked when access is outside your network? Done. Want to block high-risk transactions after hours? Easy.  

3: Manage the Identity Lifecycle with User Activity Monitoring 

Organizations should always engage in some kind of user activity monitoring, regardless of the number of joiners, movers, and leavers they’re dealing with. But this monitoring must extend beyond time-consuming and potentially expensive manual audits. You want to make sure the access control policies you’ve established are working and that you’re watching for anomalies. Some user activity to consider monitoring includes: 

  • Identifying high-privilege user activity and critical transactions while closely monitoring and auditing on a regular basis 
  • Continuously monitoring access across peer group activity for visibility into who changed what in regard to roles and permissions 
  • Setting risk-aware alerts such as location of user, device accessing network, etc. This monitoring is vital for streamlining threat detection and alleviating the manual process typically required for threat response 

Assign Ownership and Responsibility Over User Provisioning 

While you’re monitoring user activity, don’t forget to put some eyes on your IT and security teams. You’ll want to assign ownership and responsibility to whoever responds to access requests and reviews temporary team member access. Keep good records as to why approvals are made or changed. You’ll want to approach this in a way that is easily audited. (Tip: email is not that process). 

Conclusion 

There are many moving parts and people that IT staff and security teams must manage. Leveraging tools that can improve an organization’s SAP access policy management will go a long way towards protecting important data and easing the burden on stressed IT and security teams.  

Schedule a demonstration today and learn how Appsian can mitigate SAP business risks with ABAC and User Activity Monitoring. 

Related Articles.

3 Major Benefits of Implementing Automated User Provisioning For JD Edwards
3 Major Benefits of Implementing Automated User Provisioning For JD Edwards 
Increased compliance regulations and the rising number of internal threats have forced organizations to tighten application access and adopt the…...
April 29, 2022
Learn More
3 Key Steps To Prevent Fraud In Your JD Edwards EnterpriseOne Applications
3 Key Steps To Prevent Fraud In Your JD Edwards EnterpriseOne
When you have a few hundred or maybe thousands of users logging into your JD Edwards EnterpriseOne applications – many…...
April 13, 2022
Learn More
4 Steps That Enable You to Prevent Fraud in Oracle EBS
4 Steps That Enable You to Prevent Fraud in Oracle EBS
ERP systems like Oracle EBS are at the core of financial operations for enterprises across the world. With hundreds of…...
March 31, 2022
Learn More

Put the Appsian Security Platform to the Test

Schedule Your Demonstration and see how the Appsian Security Platform can be tailored to your organization’s unique objectives

Home / Blog / Your Network Access Could Be for Sale on the Dark Web. Why ABAC is Critical for ERP Data when Your Network is Vulnerable

Your Network Access Could Be for Sale on the Dark Web. Why ABAC is Critical for ERP Data when Your Network is Vulnerable

By Michael Cunningham • June 1, 2020

Thanks to TV commercials for identity protection services, you’re forgiven for thinking that that dark web is primarily a place where criminals and hackers buy and sell personal information such as credit cards, usernames and passwords, and social security numbers (and other PII). Lately, however, the dark web has seen a flurry of activity for offers to purchase corporate network access, according to a recent “Access for Sale” report from Positive Technologies.  

Criminals Are Becoming More Interested in Corporate Network Access 

Just a year ago, according to the report, cybercriminals were focused more on trading in access to the servers of private individuals for as little as $20. During the second half of 2019, Interest has since picked up in the sale of access to corporate networks. In Q1 2020, the number of postings advertising access to these networks increased by 69 percent from the previous quarter. Prices have also increased: the average cost of privileged access to a single local network is now in the $5,000 range. Additionally, hackers are offering a commission of up to 30 percent of the potential profit from a hack of a company’s infrastructure. 

It’s bad enough that your threat surface has increased due to so many employees working from home, now you have a posse of hackers roaming the dark web looking for bounties to collect. We have a few suggestions to help you keep your ERP data safe even if hackers manage to gain access to your corporate network.   

Adopt Attribute-Based Access Controls (ABAC) to Strengthen ERP Data Security 

Companies using ERP systems are already leveraging role-based access controls. These controls, which align data access privileges and job function resources, provide a baseline for data governance. With the rapid expansion to a remote workforce earlier this year, organizations needed to create more detailed and more dynamic access controls—policies to determine who, what, where, when, and how workers can access ERP data and what transactions they’re allowed to perform.  

With attribute-based access controls (ABAC), a company can incorporate additional context such as geolocation, time of day, and IP address to both ensure the appropriate user is accessing the resources and prevent users from having more access than they need. For example, if the organization knows that an employee should be working from Connecticut, ABAC can prevent access to resources, mask highly sensitive data, or prevent a transaction entirely if the user’s location is suddenly California – or a foreign country.  

These granular, data-centric access privileges can help an organization ensure that users–internal or malicious–do not get too much access to important ERP data – limiting the potential negative effects of a network intrusion by hackers. 

ABAC Should be Coupled with User Activity Monitoring  

Let’s revisit how ABAC helps organizations establish roles and permissions to determine who, what, where, when, and how workers can access ERP data and what transactions they’re allowed to perform. It’s important that you don’t set these controls and “forget” them. You want to make sure what you’ve established is working and to watch for any anomalies that reveal unusual or unwelcome activity.  

Most organizations are already performing some kind of monitoring of user access – but it has to extend beyond manual audits of instances of logging in and logging out of applications and what pages were displayed. Understanding data access, usage, and transactions performed is now a key requirement when maintaining visibility over business data and enforcing security policies. 

Here are five details we recommend monitoring (more details here): 

  1. Who – Details of the User Accessing the Data  
  2. What – Details of the Data Being Accessed  
  3. Where – Location Where the User is Accessing the Data   
  4. When –Time of Day When User is Accessing Data  
  5. How – Type of Device Accessing Data 

Data is only as useful as the insights it provides. Using an analytics platform that includes granular access details, rapid aggregation, and visualization of user access data is a crucial requirement for data security. 

Conclusion 

You know that hackers are already looking for any and all security lapses on your perimeter to gain access to your corporate network. The “Access for Sale” report serves as an important reminder that hackers are willing to do anything to gain an advantage, and organizations must deploy a variety of ERP data security protocols in addition to the standard role-based access controls. 

Appsian has helped hundreds of organizations that leverage legacy ERP applications like PeopleSoft and SAP ECC strengthen their data security posture with ABAC and user-activity monitoring. 

Request a demonstration of the Appsian Security Platform today. Learn how Appsian can help you manage the risks of the dark web in little as 30 days! 

Related Articles.

How to Detect PeopleSoft Security Threats with Real-Time Analytics
How to Detect PeopleSoft Security Threats with Real-Time Analytics
PeopleSoft applications process and store vast amounts of customer, employee, and financial data that are constantly accessed by an increasing…...
April 12, 2022
Learn More
PeopleSoft Data Exfiltration: Be Alerted to the Violation of Data Security & Privacy Policies
PeopleSoft Data Exfiltration: Be Alerted to the Violation of Data Security & Privacy Policies
The financial, reputational, and regulatory impact of a data breach can be catastrophic. Data exfiltration, whether malicious or accidental, typically…...
April 8, 2022
Learn More
PeopleSoft Data Privacy: Detecting When Users View Co-Worker PII Data
PeopleSoft Data Privacy: Detecting When Users View Co-Worker PII Data
Data privacy is often associated with how companies are allowed to collect and handle customer data. Lost in the data…...
April 6, 2022
Learn More

Put the Appsian Security Platform to the Test

Schedule Your Demonstration and see how the Appsian Security Platform can be tailored to your organization’s unique objectives

Home / Blog / Does ERP Data Security Qualify as an Essential IT Project? Here Are Five Reasons Why It Does.

Does ERP Data Security Qualify as an Essential IT Project? Here Are Five Reasons Why It Does.

By Michael Cunningham • May 26, 2020

Stop me if you’ve heard (or spoken) this phrase: “All non-essential projects have been put on hold.”

To be fair, pausing large-scale IT projects (like a cloud ERP migration) in such an uncertain and unpredictable environment makes sense. If the project will take months to implement and it isn’t helping keep the lights on, it isn’t essential. Simple as that! But what is considered “essential” is often a matter of opinion rather than true importance.   

A perfect example is ERP data security. When COVID-19 hit, many organizations began scoping enterprise security solutions like a VPN, which enables remote access. But only in the sense of creating an authentication point – not actually securing data. We touched on this more in a previous blog.

Enabling remote access with a VPN helps keep the lights on, but now that the lights are on (and will hopefully stay on), at what point do you consider the vast amounts of data exposure that have emerged as a NEW risk vector? As a direct result of remote access. This is the point where data security becomes essential.

Overlooked but Essential 

ERP data security too often gets thrown into the “non-essential” project pile, with companies considering it an afterthought, regardless of the economic climate. Afterthought might be too harsh – perhaps they consider what they already have in place as “good enough.” Essentially making the decision to go into completely unprecedented times with legacy technology. Such thinking will leave your data fully exposed to theft, fraud, and other forms of damage. Alas, if you don’t prepare for the future, then the future is likely to be your downfall. This is why we think NOW is the perfect time to make ERP data security a high-priority – dare we say essential – project. Here are five reasons why. 

1: Your ERP Data is Already Exposed 

Just because your virtual front door is locked doesn’t mean there’s nobody in your house. Besides the fact that user credentials (including VPN credentials) are routinely stolen – insider threats are one of the fastest-growing trends in data breaches, accounting for 34% of attacks in 2019, according to Verizon’s 2019 Data Breach Investigations Report. In addition, many insider breaches occur simply by insiders unintentionally misusing data. Without proper data security and monitoring protocols in place, it’s difficult to know if users are leveraging their privilege to access sensitive information for either legitimate or malicious purposes. 

2: Remote Access and Data Security Should Be Synonymous  

A remote workforce is nothing new, but not to the scale caused by the COVID-19 outbreak. The rapid scaling of remote access for critical business functions left many companies relying on conventional (but outdated) security technology, like a VPN. All the while, not considering that remote access means an expanded threat surface – and the wider your threat surface, the more exposed your data is to risk. A VPN may leave you feeling like you shrank your threat surface, but you haven’t truly shrunk your level of risk. Today, the most devastating data breaches happen when credentials are stolen and/or insiders leak/expose data. In a remote access environment, credential/insider risks go up dramatically while a VPN does little to mitigate.

When allowing remote access to your ERP data, you need to monitor a variety of data points, such as where is a user coming from? What data are they trying to access? What device are they using? Is that device being used by the right person? Cybercriminals know these systems are vulnerable and are stepping up attacks.

3: Data Security is Not as Costly as A Data Breach 

According to IBM’s Cost of a Data Breach Report, the average cost of a data breach is $4 million. The average cost of a breach in the U.S. is $8.2 million – more than double the worldwide average

The risks posed by a data breach extend well beyond financial. They are operational as well as compliance-related. Then there are the difficult to quantify costs, including negative exposure and scrutiny for your brand and senior leadership. 

4: Compliance Stakes Have Never Been Higher 

Compliance mandates like SOX, GDPR, CCPA, and others require organizations to maintain details regarding data access, and places a substantial liability when companies are not taking appropriate measures to secure ERP data. Fortunately, organizations can improve compliance by implementing data security tools that respond to insider threats, minimize direct damage caused by a breach, and reduce (or even void) penalties incurred by compromising customer data. 

5: ERP Data Security is A Manageable Problem 

An essential project doesn’t mean it’s complicated or burdensome. In fact, this is one of the more manageable problems to solve, as adding data security doesn’t involve much change management – unlike a cloud migration project. The key is to NOT customize the application(s) but to seek solutions that are configurable. Customizations are not a quick fix – they are not scalable and place additional complexity on support down the line. Configurable solutions to these challenges exist – trust us!   

Data Protection Can Help Keep the Lights On 

You could argue that an ERP data security project isn’t going to help keep the lights on; therefore, it isn’t essential. We would say that any project that helps mitigate business and security risks by enhancing your ability to authenticate users, control access to data, and monitor & respond to potential threats, is essential. And if that project can protect you from fines, theft, and fraud due to a data breach in this current work environment? That’s money you can use to keep the lights on.      

Request a demonstration today to learn how Appsian can help you with your essential ERP data security project.  

Related Articles.

How Often Should You Perform PeopleSoft User Access Reviews And Why
How Often Should You Perform PeopleSoft User Access Reviews And Why
PeopleSoft teams often face threats caused by excess privilege, malicious insiders, and access misuse. Most of these can be mitigated…...
May 27, 2022
Learn More
How to Detect PeopleSoft Security Threats with Real-Time Analytics
How to Detect PeopleSoft Security Threats with Real-Time Analytics
PeopleSoft applications process and store vast amounts of customer, employee, and financial data that are constantly accessed by an increasing…...
April 12, 2022
Learn More
PeopleSoft Data Exfiltration: Be Alerted to the Violation of Data Security & Privacy Policies
PeopleSoft Data Exfiltration: Be Alerted to the Violation of Data Security & Privacy Policies
The financial, reputational, and regulatory impact of a data breach can be catastrophic. Data exfiltration, whether malicious or accidental, typically…...
April 8, 2022
Learn More

Put the Appsian Security Platform to the Test

Schedule Your Demonstration and see how the Appsian Security Platform can be tailored to your organization’s unique objectives

Home / Blog / Access Governance is Critical for Preventing Phishing Attacks

Access Governance is Critical for Preventing Phishing Attacks

By Piyush Pandey • May 18, 2020

The news is flooded with stories about cybercriminals successfully engaging in phishing and social engineering aimed at exploiting people’s COVID-19 fears, all in order to steal user credentials to business applications and VPNs. From fake delivery notifications to World Health Organization (WHO) impersonations, malicious actors are preying on people’s emotions during this pandemic.

The credentials used for authentication are ultimately an organization’s network perimeter. This puts organizations in a difficult position — they can limit employee’s access to these systems and risk negative impacts on productivity and business continuity, or they could bury their head in the sand and hope nothing bad happens. Many are choosing the latter, and the implications are being felt worldwide.

Why There is a Correlation Between a Stressful Environment and Cyber Attack Volume

Social engineering fundamentally relies on taking advantage of strong emotions to trick people into taking actions that can cause them harm. This crisis has emotions running high, and many employees are stuck in a state of fight or flight.

Research shows that stress impairs the brain’s ability to make decisions. That’s why, when people are under stress, they often take more risks and engage in activities that could cause them harm. In other words, employees are not forgetting their phishing trainings, their brains are functionally incapable of making good decisions.

Cybercriminals rely on emotional responses — whether it’s clicking on links, downloading documents, or opening attachments — emotionally charged content (e.g., fake layoff announcement email with a malware attachment) is more likely to result in a successful attack

The problem isn’t the people, it’s the cybercriminals and the tactics they use.

How to Prevent Phishing Attacks?

The Principle of Least Privilege

Often, companies view data protection solely from the compliance and financial risk perspective. Unfortunately, this doesn’t go nearly far enough. It is recommended that companies consider limiting user access to resources based on the principle of least privilege, or the absolute minimum access necessary to complete a job function. Least privilege is a governance strategy that has never been more relevant than today — especially as organizations rely on remote workforces. Fundamentally, when users have more access than necessary, they may accidentally (or intentionally) violate compliance requirements designed to protect the organization.

Today, access governance is largely dictated by predetermined roles and permissions usually classified into groups (administrator, power user, etc.) This classification of permissions is tied to authentication processes like username/password security models that are heavily targeted by cybercriminals through phishing and social engineering. Further, if a phishing attack compromises a user’s credentials, then the cybercriminal may access or acquire as much sensitive data as their victim’s role will allow. This is precisely were least privilege should kick in.

The rise of phishing attacks that target coronavirus fears not only places organizational data at risk, but it also places employees at risk — especially those with high privileges. Many employees use the same credentials for multiple applications, such as social media networks and shared cloud drives. If one set of credentials is compromised, multiple systems are now at risk.

Limiting access to data according to the principle of least privilege provides organizations with the tools necessary to prevent catastrophic data breaches. A good question to ask yourself is, what data should my administrators and power users have access to? Do they need easy access to executive payroll data? Do they need easy access to other employee social security numbers? What do they really need easy access to in order to do their job?

The truth is, they will likely need access to some sensitive data, so how do you protect data that still falls under the principal of least privilege?

Zero Trust

“Zero trust” often sounds harsh — trust no one, assume a threat at all access points, and never grant access by default (e.g., a predetermined role and privilege.) At first glance, this mentality appears to go against corporate values like collaboration and integrity, but, in reality, it fosters them.

Moving toward an IT culture based on zero trust means that an organization can identify all devices, users, applications, and data across its ecosystem. Then, the organization can establish the appropriate controls that limit access where appropriate.

Fundamentally, a zero trust model encourages collaboration and integrity while also supporting employees who mean well but could be making risky decisions while under stress — coronavirus related or otherwise. By setting zero trust identity and access controls, organizations ensure constant alignment between who an employee is and what they have access to, thus, mitigating risk.

Multi-Factor Authentication

Part of establishing an effective zero trust model involves finding solutions that allow organizations to apply contextual attributes when granting access. Attribute-based controls adapt to different contexts and ultimately drive how and when users can access information. For example, an attribute might be geolocation or time of day. Adaptive multi-factor authentication (MFA) takes these attributes and requires additional authentication as users move across systems or within applications. For example, to log into an ERP system, passing a standard authentication challenge is required. Then, to update direct deposit or access payroll information, an adaptive MFA challenge should be deployed. Zero trust means that just because they passed through the front door of the application, they can’t execute the most sensitive transactions.

As employees work remotely, organizations may want to incorporate adaptive MFA so employees in finance or human resources can securely authenticate to their ERP systems. Adaptive MFA will detect anomalous locations or times for activity, trigger an additional authentication process, and prevent malicious actor access.

Ultimately, zero trust and adaptive MFA protect the organization, the person whose information was almost leaked, and the employee whose credentials were stolen. The organization can be alerted to the cyber criminal’s attempt to gain entry to its networks, the person whose data was almost leaked retains privacy, and the employee whose credentials were phished is protected from the negative impact of their privilege being hijacked.

Remote Access Means Phishing and Phishing Requires Additional Strategies 

Organizations have tried to protect themselves from phishing attacks for years. What they have not done is protect themselves during a time of social, emotional, and physical upheaval. But, the current upward trend in phishing attacks should come as no surprise to organizations. Cybercriminals never rest — they take advantage of any weaknesses in an IT ecosystem, both digital and human.

Maintaining strong identity and access governance strategies ensures that both data and end-users can be protected during these strange and unusual times.

This article was originally published by Mission Critical Magazine. 

Related Articles.

How FTC Updates to “Safeguards Rule” Impact Higher Education Institutions
How FTC Updates to “Safeguards Rule” Impact Higher Education Institutions
On December 9, 2021, the Federal Trade Commission (FTC) published a final rule amending the requirements for safeguarding customer information…...
March 11, 2022
Learn More
MFA Is A “Critical Security Baseline” for Your Zero Trust Strategy
MFA Is A “Critical Security Baseline” for Your Zero Trust Strategy
Following up on last year’s Executive Order to help improve the nation’s cybersecurity posture, the White House released a 30-page…...
March 3, 2022
Learn More
Remote Access Security: How to Replicate the 9 to 5 Workday
Remote Access Security: How to Replicate the 9 to 5 Workday
Over the last two years, organizations had to move employees out of a secure office environment and provide them with…...
December 23, 2021
Learn More

Put the Appsian Security Platform to the Test

Schedule Your Demonstration and see how the Appsian Security Platform can be tailored to your organization’s unique objectives

Home / Blog / Why the Keys to Maintaining ERP Data Security in a Remote Environment are Control and Visibility

Why the Keys to Maintaining ERP Data Security in a Remote Environment are Control and Visibility

By Piyush Pandey • May 15, 2020

Remote workforces are nothing new to most organizations. According to Buffer’s 2019 State of Remote Work report, 44% of respondents noted that at least part of their team was “full-time remote,” and 31% said that everyone on the team works remotely. Further, at the time of the report, 30% of respondents said that their entire company worked remotely. However, the COVID-19 pandemic accelerated the work-from-home model. By March 31, 2020, the percent of users working remotely had increased 15 percentage points since the start of the COVID-19 outbreak. With that in mind, organizations are assessing how they can maintain granular levels of control and visibility when ERP data is being accessed remotely

Adopting Contextual Controls to Protect ERP Data 

Most organizations already leverage role-based access controls. These controls, which align data access privileges and job function resources, provide a baseline for data governance. However, they often lead to excessive levels of data access and, in turn, produce additional risks. Contextual controls enable an organization to dynamically control access to data during varying contexts of access, often aligning to least privilege best practices. Migrations to cloud applications are largely due to contextual controls being a business requirement, simply because the interconnected applications required a more dynamic approach. 

With the move to a remote workforce, organizations need to create more detailed and more dynamic access controls. With attribute-based access controls (ABAC), a company can incorporate additional context such as geolocation, time of day, and IP address to both ensure the appropriate user is accessing the resources and prevent users from having more access than they need. For example, if the organization knows that an employee should be working from Connecticut, ABAC can prevent access to resources if the user’s location is suddenly California – or a foreign country. 

Contextual controls provide both the prevention of access policy violations, along with alignment between business requirements and security protocols. Because the organization can limit access according to the principle of least privilege, it reduces the risk of data leakage and financial fraud. Meanwhile, by creating more granular, data-centric access privileges, an organization can ensure that users do not get too much or not enough access – limiting the potential negative effects of restricting access excessively. 

User Activity Monitoring for ERP Data Security and Managing Productivity 

Monitoring user access to resources and tracking how users interact with data provides an additional benefit for many organizations as their workforces move towards a remote model. Most organizations recognize the benefit of monitoring user access – but not just instances of logging in and logging out of applications. Understanding data access and usage is now a key requirement when maintaining visibility over business data. Organizations are turning to analytics platforms that both include granular access details, along with a visualization element (for example, SIEM). Data is only as useful as the insights it provides, and rapid aggregation and visualization of user access data is a crucial requirement for data security. 

Using “Virtual” Work Hours 

Looking at a common security use case, many organizations leverage “virtual” work hours to detect anomalies. For example, an employee usually works between the hours of 8 AM and 6 PM but monitoring and alerting to activity around sensitive data at 3 AM, for instance, can be indicative of unauthorized behavior. This uncharacteristic behavior may be an anomaly, but the organization needs to monitor the user activity more closely. If the user denies accessing the information at 3 AM, then the organization needs to focus its monitoring and have the employee change their password. If the organization detects additional unusual activity, then it may need to review the employee’s activities or investigate a potential data breach. 

Monitoring User Productivity 

From a workforce management perspective, organizations can leverage these insights to review employee productivity. Two use cases present themselves. First, many organizations have contracts that stipulate late payments incur a late fee. If the organization knows that employees should be processing payments ten days prior to the payment date, then they can leverage these reports to ensure that employees meet their timelines, even from a remote location. Additionally, by tracking resource usage data, organizations can monitor whether workforce members are appropriately prioritizing their workdays. If the employees are only accessing a business application at the end of the month, then they are likely waiting until the last minute to input payment information. Preventing these potential revenue losses or rush projects in other areas by speaking with the employee enables the organization to stay on top of its financials. 

Enabling Visibility for Business Applications Has Never Been More Critical 

Creating trust within and across distributed workforces ensures productivity. However, continued status update meetings across multiple time zones decrease workforce member efficiency. Organizations already monitor user access to their systems, networks, and applications. As part of a robust security posture, organizations should apply protections at the new perimeter – user identity. Rather than micromanaging employees via emails or chats, managers can gain valuable insight into how users are accessing resources and prioritizing work schedules by reviewing data and resource usage

In an unprecedented time, companies need to find ways to enable their levels of control and visibility over business data. Whether a business application is on-premise or in the cloud, enhancing these solutions should be a mission-critical objective. 

Risks against an organization are prevalent in a remote environment, whether those risks are security-related or employee-related by fraud, theft, and error. The keys to maintaining ERP data security ultimately lie in your ability to provide oversight for your data, and the time to act is now. 

This article was originally published on Global Trade.  

Related Articles.

How Often Should You Perform PeopleSoft User Access Reviews And Why
How Often Should You Perform PeopleSoft User Access Reviews And Why
PeopleSoft teams often face threats caused by excess privilege, malicious insiders, and access misuse. Most of these can be mitigated…...
May 27, 2022
Learn More
How to Detect PeopleSoft Security Threats with Real-Time Analytics
How to Detect PeopleSoft Security Threats with Real-Time Analytics
PeopleSoft applications process and store vast amounts of customer, employee, and financial data that are constantly accessed by an increasing…...
April 12, 2022
Learn More
PeopleSoft Data Exfiltration: Be Alerted to the Violation of Data Security & Privacy Policies
PeopleSoft Data Exfiltration: Be Alerted to the Violation of Data Security & Privacy Policies
The financial, reputational, and regulatory impact of a data breach can be catastrophic. Data exfiltration, whether malicious or accidental, typically…...
April 8, 2022
Learn More

Put the Appsian Security Platform to the Test

Schedule Your Demonstration and see how the Appsian Security Platform can be tailored to your organization’s unique objectives

Home / Blog / Managing Compliance Costs with Enhanced Cybersecurity Visibility

Managing Compliance Costs with Enhanced Cybersecurity Visibility

By Greg Wendt • May 14, 2020

Data privacy regulations are rapidly reshaping the way companies monitor, manage, and even define the data they collect and store. Prior to new privacy regulations put in place by the European Union and the state of California, the data lifecycle focused solely on collection and dissemination. This meant that the enterprise would collect as much information as possible then store it in a way that maximized accessibility, particularly with the rise of mobile. Cybersecurity, when it was discussed, focused on establishing defensive perimeters to mitigate external threats.

However, since GDPR was implemented in 2018 and reinforced by CCPA in 2019, companies have been required to reconsider how that information lives in their organization and identify who has access to it in order to meet basic compliance standards. Security teams that can adapt to the new requirements are critical to tackling the ballooning costs in compliance, particularly as other states and countries look to pass their own privacy regulations. 

The CCPA and GDPR have elevated customer data security to become a key priority across multiple departments. Since both laws are in the early stages of implementation and interpretation by enforcement agencies, legal departments have become an essential ally in compliance. In the case of the GDPR, the right to be forgotten has been contested by search giant Google in several high-profile court cases, adding greater nuance and detail to how the law impacts data management. Human resources is also a valuable partner in compliance management as they are best positioned to engage employees on new security protocols and assist in the successful deployment of new technology to ensure that workflow is not disrupted. 

Legacy infrastructure increases compliance costs 

The CCPA alone is expected to cost enterprises $55 billion in initial compliance costs, with additional costs to be expected in maintenance fees, with IBM’s 2019 Cost of a Data Breach Report states that the average total cost of a data breach increased to an average of $3.92 million in 2019, though in the United States the average cost per breach rose to $8.9 million. Much of that cost is driven by the recovery process, which involves understanding how the system was breached, what information was affected and bringing systems back online. For many organizations, understanding the scope of damage is difficult because current security systems aren’t designed for data visibility or access management, both of which enable security teams to track who has accessed what data and when. 

Data visibility is a particularly acute challenge in ERP systems because they contain highly sensitive business data, such as financial information, intellectual property or insurance details. Since ERP systems hold so much valuable data, they’re often the last piece of the digital infrastructure to be updated. This results in security gaps when patches are missed, or new security features are added to a legacy system. The “black box” of ERP systems can cause delays in damage assessments, resulting in the risk of hefty fines as the GDPR requires affected customers to be notified within 30 days of when information is compromised. 

Organizations lack tools to comply with “right to know” 

Compliance costs have largely been driven by the wave of “right to know” and “right to be forgotten” requests from their users. The right to know establishes the right of the consumer to know exactly what data a company has collected on them, and to download that data. For the enterprise, this requires being able to identify, organize and share all information pertaining to every single user, breaking the black box paradigm that existed before GDPR. Recent research shows that each request is estimated to cost approximately $1,400, quickly adding to compliance costs. 

The right to be forgotten allows consumers to request that any data related to them be deleted from an organizations’ database. Though the rule is less broadly applicable than the right to know, organizations should be careful of potential violations in their third-party partners or even of careless practices by employees. 

For GDPR and CCPA compliance, outdated and disparate infrastructure also adds major challenges, especially when adhering to the response time limits set out by GDPR. The law requires that organizations respond to right to know requests within 30 days. Yet a global survey of 103 companies worldwide across various industries found that 58% of respondents were unable to meet data access and portability requests within the one-month time limit. One of the main barriers to timely right to know requests was the lack of consolidated, transparent data structures that made finding all relevant information on each individual a costly and long process. 

When organizations don’t understand where collected data is or who can access it, compiling a right to know report is next to impossible. Without any means of tracking access within their internal databases, most enterprises have no idea if the personal information of any user has been accessed, copied or stored in multiple places, forcing compliance teams to track down each piece individually and risking fines when request response takes longer than 30 days. Not only does this heighten the likelihood of compliance violations, but also contributes to the rise of insider security threats, particularly in highly sensitive fields like healthcare and finance. 

As a result, security and compliance teams have begun joining forces to better understand the lifecycle of business data in the enterprise and how it can be effectively secured. 

Regulations align with industry trends 

In many ways, the new regulatory pressures brought by the CCPA and GDPR align with emerging trends in cybersecurity. Insider threats are one of the fastest growing trends in data breaches, accounting for 34% of attacks in 2019. Security features that enable granular tracking of user behavior in real-time addresses ensures access management can be done accurately while also adhering to privacy standards set forth by the GDPR and CCPA. As a result, organizations improve both security and compliance because they can be better prepared to respond to insider threats, minimize direct damage caused by a breach as well as void penalties incurred by compromising customer data. With greater means to identify and differentiate users, security teams are also able to increase access controls as well as better understand who has modified data and when. 

The GDPR and CCPA have had a significant impact on the public expectation for privacy and security. While security measures like multi-factor authentication (MFA) and complex passwords have existed for years, consumers and developers frequently opposed requiring them due to concerns over adding too much friction to the user experience. With cybersecurity concerns entering the mainstream, many consumers are actively seeking out additional ways to protect and manage their personal data. For the enterprise, this has increased employee’s receptiveness to new security features such as MFA to internal systems. Particularly with complex ERP systems, system administrators can unify the heightened expectations for security created by the GDPR and CCPA to reduce the costs of compliance. 

Advanced security tools can address challenges experienced across all departments by supporting secure migrations, enabling better data visibility in new systems, and reducing the long-term costs of compliance. As the security discussion evolves to when not if a hack takes place it is essential to have a holistic program in place to understand what actions will be taken when data is compromised. By hiding their head in the sand, the unprepared enterprise not only risks more damaging attacks but also larger fines. The right security tools can lay the foundation for a program that effectively fulfills the multidisciplinary role of security and engages all necessary experts to protect data and minimize compliance costs. 

This article was originally published by CPO Magazine. 

Related Articles.

How Often Should You Perform PeopleSoft User Access Reviews And Why
How Often Should You Perform PeopleSoft User Access Reviews And Why
PeopleSoft teams often face threats caused by excess privilege, malicious insiders, and access misuse. Most of these can be mitigated…...
May 27, 2022
Learn More
How to Detect PeopleSoft Security Threats with Real-Time Analytics
How to Detect PeopleSoft Security Threats with Real-Time Analytics
PeopleSoft applications process and store vast amounts of customer, employee, and financial data that are constantly accessed by an increasing…...
April 12, 2022
Learn More
PeopleSoft Data Exfiltration: Be Alerted to the Violation of Data Security & Privacy Policies
PeopleSoft Data Exfiltration: Be Alerted to the Violation of Data Security & Privacy Policies
The financial, reputational, and regulatory impact of a data breach can be catastrophic. Data exfiltration, whether malicious or accidental, typically…...
April 8, 2022
Learn More

Put the Appsian Security Platform to the Test

Schedule Your Demonstration and see how the Appsian Security Platform can be tailored to your organization’s unique objectives

Home / Blog / The Implications of Remote (Higher Education) Learning… Now that CSU Announced Campuses are 100% Remote in the Fall

The Implications of Remote (Higher Education) Learning… Now that CSU Announced Campuses are 100% Remote in the Fall

By Scott Lavery • May 13, 2020

California State University, the largest four-year public university system in the country, made headlines when it announced Tuesday that it intends to continue with remote teaching in the fall term at all 23 CSU campuses, affecting most of its 482,000 students. This was a bold move, but I applaud the CSU system, or any college or university, as the rapid shift to online instruction amidst COVID-19 has been an undertaking of historic proportions. 

Lost in the headlines is the amount of work that IT teams must do to enable remote access for nearly the entire university staff and faculty. For Cal State University (an Appsian customer – 17 campuses), that’s more than 53,000 faculty and staff who need access to key information and systems. Along with student users, in total, that’s 535,000 (mostly remote) users accessing the university’s ERP systems from all over the world

The implications of this decision are wide-reaching. Beyond answering questions like, how will you be able to keep students engaged or how will you be able to provide parity to classroom learning, there are a myriad of implications placed squarely on the enterprise systems that support these institutions (ex. PeopleSoft and SAP ECC.) With millions of students, faculty and staff depending on these applications to keep operations running smoothly, how will campuses look to adapt these systems to their new normal? How can they ensure these systems can meet these new demands?

Universities Must Focus on (2) Key Areas: User Experience and Data Security 

Remote and distance learning means operations will be extremely dependent on self-service. Universities using PeopleSoft Campus Solutions face a double-whammy. Maintaining strict authentication and data security policies create challenges on their own. In addition, many campuses require additional UX/UI solutions that enable a unified mobile user experience. Without additional UX solutions in place, PeopleSoft’s mobile user experience can be challenging for students to navigate – especially as they’re trying to access self service via mobile devices. Several colleges and universities use the full suite of Appsian’s technology to address these issues.  

For Students, User Experience is EVERYTHING 

Today, student’s primary method for communication is through their mobile devices. A common problem for universities is that PeopleSoft Campus Solutions’ primary interface is PeopleSoft Classic. This UI is not mobile responsive and has a look and feel that doesn’t necessarily align with Millennial and Gen Z. expectations. As tens of thousands of students register for classes in the fall, this user experience could prove to be problematic, as students are so used to intuitive experiences. Without UX/UI enhancements, campuses run the risk of flooding their support desks or having students abandon self-service transactions – not meeting key enrollment deadlines. 

PeopleUX by Appsian turns the Classic interface of PeopleSoft Campus Solution into a visually engaging user experience. Students can easily navigate through transactions like add/drop/swap courses, view grades, class schedules, search for classes, access advisor information, and financial aid details from their mobile device. Giving students the proper tools to execute the majority of their tasks through self-service will alleviate your staff’s workload. It will also provide one less hurdle students (especially new students) will have to get over before class begins in the Fall. 

For EVERYONE, Data Security is EVERYTHING 

Colleges and universities face the same challenges as businesses that had to transition entire workforces from office-based to work-from-home. Remote access is now a requirement, and IT departments should have the ability to dynamically control access to sensitive transactions and maintain granular visibility into user behavior – something ERP systems like PeopleSoft and SAP ECC inherently lack.  

Campuses are turning to VPN to ensure secure authentication, but VPNs have plenty of vulnerabilities. In many cases, adding Multi-Factor Authentication via Duo Security® has been a top choice – one that Appsian couldn’t recommend more. However, integrating an MFA like Duo with PeopleSoft or SAP ECC presents significant challenges. Integration is necessary, especially if you’re looking to apply step-up MFA at the transaction level. This is recommended because application-layer authentication is good, but transaction level authentication is ultimately the best way to ensure data isn’t unnecessarily exposed.  

Integration also allows you to leverage adaptive MFA. This can enable you to deploy MFA challenges (at the application layer) based on the context of access, such as business hours, location of the device accessing the system, and type of device. This flexibility can reduce the disruption of MFA challenges on the user and ultimately provides significantly better data security. 

Additionally, campuses must consider how they can maintain visibility over the data in their transactions. After all, when you consider the sheer volume of sensitive data in a student information system like student records, student financial information, parent financial information, etc. it becomes clear that the implications of a breach could be catastrophic. This is not lost on hackers who are now aware that large university systems are moving to 100% remote learning. These are data security implications that are not simple to solve, but the focus must be on visibility, control, oversight, and accountability. How detailed is your view of data access and usage? If there was a potential security threat, how long would it take you to detect and remediate it?

Conclusion 

It’s too early to tell how many colleges and universities will follow Cal State University’s lead and announce remote learning plans for the Fall semester. Regardless, now is the time to prepare for a school year that still has many variables and unknown factors that can influence a decision. 

Request a demonstration so you can get to know the many ways that Appsian can help your university and college tighten your PeopleSoft data security and deliver a mobile-responsive and visually compelling user experience to students. 

Related Articles.

How FTC Updates to “Safeguards Rule” Impact Higher Education Institutions
How FTC Updates to “Safeguards Rule” Impact Higher Education Institutions
On December 9, 2021, the Federal Trade Commission (FTC) published a final rule amending the requirements for safeguarding customer information…...
March 11, 2022
Learn More
Remote Access Security: How to Replicate the 9 to 5 Workday
Remote Access Security: How to Replicate the 9 to 5 Workday
Over the last two years, organizations had to move employees out of a secure office environment and provide them with…...
December 23, 2021
Learn More
State of Kansas Secure Sensitive PeopleSoft Data With Dynamic Data Masking Tools
[Customer Story] How Appsian Implemented Dynamic Data Masking to Help The State of Kansas Secure Sensitive PeopleSoft Data
Like most state governments, the State of Kansas wanted employees and non-employees to access PeopleSoft self-service within and outside the…...
December 22, 2021
Learn More

Put the Appsian Security Platform to the Test

Schedule Your Demonstration and see how the Appsian Security Platform can be tailored to your organization’s unique objectives

Home / Blog / ERP User Activity Monitoring: Here are the (5) Most Important Details to Capture

ERP User Activity Monitoring: Here are the (5) Most Important Details to Capture

By Michael Cunningham • May 12, 2020

Analytics have always been necessary for informing ERP data security policies. This has never been more relevant than today, in this everybody-works-from-home environment where function leaders are scrambling to attain oversight and accountability. With whole departments spending 8 hours a day in business applications like PeopleSoft and SAP, establishing strong ERP user activity monitoring strategies is mission-critical. We also touched on this topic a few weeks ago, but now that organizations are adopting visibility solutions, the question becomes – what are the most important details to capture?

Always Capture the Who, Where, When, What, and How 

Remember the good old days of February 2020 when articles touted the growing trend of working from home and that remote access to your ERP system and making transactions available on the internet will one day become the “new normal?” Ah, good times.  

Then COVID-19 happened, and remote work went from growing trend to hard-core reality in a matter of days. System administrators scrambled to collaborate with managers to create new or updated work-from-home polices that determine who, what, where, when, and how workers can access ERP data – and what transactions they’re allowed to perform. Good times, indeed. 

Let’s break down these different details… 

1. Who – Details of the User Accessing the Data 

Even if your user authentication strategies are strong (ex. leveraging multi-factor authentication), you’re still going to have security concerns – especially with high privileged user accounts. Narrowing your visibility efforts on high privilege user activity allows you to focus on the accounts that can cause the most damage (if corrupted or misused.) For example, your organization may be global (with ERP access coming from multiple countries) but your high privilege users may primarily reside near your domestic HQ. High privilege access coming from outside this IP range may be an early sign of unauthorized activity.

2. What – Details of the Data Being Accessed 

What are those Tier 1, highly sensitive data fields you want to closely watch? I’m talking about C-suite salary information, social security numbers, bank account information, etc. Application level logging falls short in showing exactly what a user accessed. However, these details are ultimately the most important. If you do not have visibility into exactly what a user accessed, then you are missing a significant part of the data security puzzle. In many instances, field level logging can show you how much “over access” users may have. After all, least privilege is a best practice – especially in remote environments.

3. Where – Location Where the User is Accessing the Data 

As mentioned above, location can be a leading indicator of unauthorized activity. This strategy can be expanded, especially if you’re operating in a vertical that typically doesn’t require global access (ex. higher education, healthcare, state & local government, etc.) Whether it is a sudden influx of authentication requests from China or one-off access from a European country, having location data is an essential component of ERP user activity monitoring.

4. When –Time of Day When User is Accessing Data 

Thanks to stay-at-home orders, normal 8 to 5 work hours don’t apply when users must (potentially) deal with kids or other distractions. Simply enacting policies that restrict certain transactions from being executed outside of business hours is a quick way organizations can enhance oversight – but how can you really enforce it at scale? Either way, monitoring after hours activity, while not an obvious indicator of a problem, is a solid baseline. Especially if most ERP processing activities are being executed by hourly employees.

5. How – Type of Device Accessing Data 

One of the difficult aspects of rapidly deploying remote ERP access is getting an inventory of all the devices they’ll use. Corporate-managed vs personal devices have a large impact on how you want sensitive business data accessed. Even if every employee has a company-issued device, you’re bound to see unauthorized devices (mobile phone, tablet, personal workstation or laptop, etc.) accessing your system. Knowing exactly what these devices are accessing (or possibly downloading) is extremely important for data loss prevention.

Real-Time User Activity Monitoring Leads to More Informed ERP Data Security Decisions 

Using the Appsian Analytics Console, you get a 360-degree view of what is happening around your ERP data. From there, you can map out a targeted incident response before damages become catastrophic and influence your ERP data security policies.

Some additional examples of ERP data security measures you can deploy include: 

  1. Enabling adaptive authentication policies that deploy additional authentication challenges based on the context of access 
  2. Restricting the availability of specific transactions (partial or full) when access is coming from unwanted geographic locations 
  3. Masking any data field (partial or full) 

Appsian enables organizations to enhance their level of control and visibility over business data. To ease the anxiety of allowing remote ERP access, Appsian can help you make the rapid changes (avg. go-live in 2 weeks) necessary to manage and mitigate risk.

Request a demonstration of the Appsian Analytics Console today.  

Related Articles.

MFA Is A “Critical Security Baseline” for Your Zero Trust Strategy
MFA Is A “Critical Security Baseline” for Your Zero Trust Strategy
Following up on last year’s Executive Order to help improve the nation’s cybersecurity posture, the White House released a 30-page…...
March 3, 2022
Learn More
Remote Access Security: How to Replicate the 9 to 5 Workday
Remote Access Security: How to Replicate the 9 to 5 Workday
Over the last two years, organizations had to move employees out of a secure office environment and provide them with…...
December 23, 2021
Learn More
State of Kansas Secure Sensitive PeopleSoft Data With Dynamic Data Masking Tools
[Customer Story] How Appsian Implemented Dynamic Data Masking to Help The State of Kansas Secure Sensitive PeopleSoft Data
Like most state governments, the State of Kansas wanted employees and non-employees to access PeopleSoft self-service within and outside the…...
December 22, 2021
Learn More

Put the Appsian Security Platform to the Test

Schedule Your Demonstration and see how the Appsian Security Platform can be tailored to your organization’s unique objectives

  1. Pages:
  3. 1
  4. ...
  5. 8
  6. 9
  7. 10
  8. 11
  9. 12
  10. 13
  11. 14
  12. ...
  13. 34
Request a Demo

Start your free demo

"Learn how you can reduce risk with rapid threat protection, audit response and access control. All from a single, comprehensive platform"

Trusted by hundreds of leading brands