Overview
Following multiple internal mandates, the State of Indiana set forth on a PeopleSoft application security project to enhance data security. The State wanted to improve user authentication with single sign-on and expand multi-factor authentication to both federated and non-federated users (i.e. vendors and seasonal workers). Additionally, adherence to application patch levels, master data management, and improved reporting and analytics were top priorities.
Key Challenge
From a security perspective, the State was seeking capabilities that could flexibly support their current and future data security and infrastructure requirements without adding administrative complexity or causing access issues for less sophisticated technology users.
Customer Environment
The State was in the middle of upgrading their PeopleSoft FSCM pillar and was in the RFP stage for sourcing an integrator for a PeopleSoft HCM upgrade project. Decisions were yet to be made regarding their long-term approach to identity management for federated and non-federated system access.
While PeopleSoft data protection was a top priority, the extent to which data masking would be applied and the style and breadth of MFA authentication deployment were also yet to be determined.
Visibility into PeopleSoft activity was limited to core system logs which left significant gaps in understanding and failed to meet the needs for compliance reporting and incident response. Due to their complex nature, only a few PeopleSoft power users could navigate the log info.
The ability to immediately improve the State’s security posture while having the flexibility to support a broad range of potential future requirements was a key component in the vendor assessment process. With staffing challenges limiting the number of support personnel, the deployed technology would need to be supportable throughout the State’s PeopleSoft lifecycle without contributing to the complexity of system upgrades.
Solution
Appsian Security Platform was recommended as a sole source solution for the State’s current set of security challenges because it was the only comprehensive solution for providing application firewall capabilities, data masking, logging, analytics, MFA, and Single Sign-On in a unified, market-proven platform.
With the State yet to decide on their long-term direction for identity management and authentication technology, deploying Appsian addressed the short-term functional need and provided the proven flexibility and configurability needed to accommodate the State’s evolving long-term needs.
Through Appsian, the State could comfortably support multiple identity providers for SSO and MFA solutions without customizing their deployed platform. Moreover, Appsian’s rapid time to deployment for data masking and logging could enable the State to quickly reduce the exposure of sensitive data while providing security-oriented logging and analytics necessary to meet their incident response and compliance reporting needs.
Additionally, as the only comprehensive PeopleSoft security solution in the industry, Appsian Security Platform could be acquired through a single vendor assessment and procurement process that dramatically reduced the time, cost, and risk associated with the purchase. These benefits further carried over into implementation, allowing the State to reduce the implementation overhead of their PeopleSoft security project while continuing their major application upgrade project in parallel.
INDUSTRY
Public Sector
EMPLOYEES
85,000+
PROFILE
The State of Indiana, Information Office of Technology, oversees the infrastructure supporting operations ranging from human capital management to financial and supply chain management for internal procurement as well as vendor management. The State’s PeopleSoft infrastructure supports 35,000 employees, plus an additional 50,000 vendors, other service providers, and seasonal workers.
Supported ERP Platforms
Integrate with Leading IAM Technologies
Learn Why Appsian is Best-of-Breed.
Start your free demo
"Learn how you can reduce risk with rapid threat protection, audit response and access control. All from a single, comprehensive platform"
Trusted by hundreds of leading brands