In our conversations with Oracle^_® PeopleSoft customers about modernizing and mobilizing their PeopleSoft pages and customizations, we always introduce the concept of Responsive Design.

What is Responsive design? According to Wikipedia:

Responsive web design (RWD) is a web design approach aimed at crafting sites to provide an optimal viewing experience—easy reading and navigation with a minimum of resizing, panning, and scrolling—across a wide range of devices (from mobile phones to desktop computer monitors).

There are a number of significant benefits from leveraging responsive design techniques in a mobile strategy for PeopleSoft pages and customizations:

• Instead of different solutions/code lines for each device and form factor, there is only a single Responsive Design solution/code line to build and maintain
• A Responsive Design solution is more adaptable to the ever-changing device landscape. For example, in addition to smartphones and tablets, phablets are gaining market adoption at a rapid rate. Proper Responsive Design architecture will automatically adapt to these new device types.

When applying Responsive Design techniques to legacy PeopleSoft transactions, there are a number of hurdles to overcome:

• Many PeopleSoft pages contain hundreds of data elements that must be incorporated into Responsive Design
• Stripping down PS pages is generally not an acceptable practice because each element has a specific purpose
• PS pages have a structure that must be retained in any Responsive Design application
• When generating HTML, PeopleTools incorporates hard-coded length and width attributes that defeat efforts to allow the browser to respond to device sizes

PeopleSoft Timesheet

To illustrate these challenges, let’s take a look at the PeopleSoft Timesheet where there is a complex structure with lots of data elements, hard coded widths and a grid that is wider than a standard desktop view.

Standard Desktop View

With GreyHeller’s Responsive Design technology, we make this transaction responsive out-of-the-box.

Responsive Design view on an iPhone

Note how the data reflows and that grid information is vertical and summarized, yet all data entry fields are easily accessible.

Responsive Design view on an iPad

Note page elements are displayed side-by-side, and the grid responds to display in a tabular versus vertical format.

Recently, one of our Higher Education customers – a highly regarded US university – implemented another option for Two-Factor Authentication using our ERP Firewall software product.

Click to Call allows 2FA pins to be delivered via a telephone voice call.

Click to Call is based on new PeopleCode packages and several Java JAR files that interact with a third party calling system. It is invoked when a PeopleSoft user triggers an event –accessing sensitive data that GreyHeller’s ERP Firewall systems has been configured to protect – that sends the message to the external voice call system. That system then retrieves data containing the requested credentials from PeopleSoft. The user then enters the 2FA pin on the challenge screen which completes the challenge.

iScripts, JAR files, custom application packages, third party integration – sounds complicated right? Wrong. ERP Firewall seamlessly integrates from the user’s page action to the delivery of the call in less than 3 seconds.

The message can be customized to contain important information in addition to just the 2FA pin. This information could be beneficial and timely.

Click to Call joins ERP Firewall’s other 2FA challenges methods:

• Text
• Email
• Time-based one time password (TOTP)
• Duo Security
• IVR
• Instant Messaging
• Biometrics.

If organizations won’t spend what’s necessary to license technology that protects their sensitive data because of cost considerations,we believe class action lawsuits will be a sea change in that way of thinking.

Here’s a link to the PC Chang breach class action law suit.

http://bit.ly/TOLoEC

Last week the website Code Spaces was attacked by a distributed denial of service attack (DDoS). This is a pretty normal occurrence that gets handled by systems and normal access is back soon. What makes the Code Spaces attack interesting is that a person had gained access to the EC2 control panel for the company and wanted a ransom to stop the attack.

There are numerous details on the link above to find out what happened next.

What can be learned from an attack like this?
DDoS attacks are still active and happen frequently. Evernote was hit earlier this month with the attack causing at least four hours of outages. A video game company’s website was hit this week as well with traffic peaking at 110 gigabytes per second. Estimates are that DDoS attacks will be in the range of terabit sized attacks in the near future.

Many organizations believe that everything is safe in the cloud. Basic functions are handed off to the cloud vendor who must prioritize clients: entrusting backups, restores, disaster recovery. Best practices dictate that your organization’s business continuity plans takes these risks and assumptions into consideration. Anytime you give up those controls, risk is added into the equation.

Another risk in moving mission critical functions to the cloud is Internet connectivity and lack of access to production systems if Internet is down.

We recommend:

• Testing backups to ensure restores work and expectations are met.
• Implement business continuity planning and determine how cloud providers play into those plans– test your disasters, be prepared.
• Determine connectivity issue frequency – build contingency plans to reach the cloud during outages.

A single compromised website hosted 862 PHP scripts. Think about that for a minute – 1 server, with 862 scripts. These scripts targeted banking, webmail, PhotoBucket and many online dating sites. The attackers utilized the dating sites to eventually request money from the users. The time and energy invested in this attack is stunning. More information on the attack here.

From a PeopleSoft customer perspective, phishing attacks can be a daily event. Sophistication and success of these attacks varies greatly. End user training and support only goes so far in defense of the organization. Costs of remediation continue to soar. All it takes is one slip – one click – one password.

Compromised ERP solutions cost organizations time, money and lost credibility with constituents.

Is your organization going to continue to risk all of that on a single user id and password?

The attackers have all the time in the world, but you do not… The time is now for implementing Two-Factor Authentication (2FA) to help mitigate these attacks.

Costs associated with the Maricopa County Community College District (MCCCD) data breach that occurred in April 2013 continue to rise and have nearly reached the $20 million mark.

http://bit.ly/1mYb24t

Higher education institutions store the same sensitive data as do banks – SSN; DOB; Address; Bank account/Direct Deposit.

Higher education institutions almost by definition have open networks.

The bad guys have figured that out and are launching full scale attacks on PeopleSoft higher ed customers.

Do the math…..license ERP Firewall for a fraction of data breach costs.

One of the very useful features in Application Designer is the ability to compile the PeopleCode for a project.  You can select Tools -> Compile Project PeopleCode from the Application Designer menu to do so.  This is particularly useful for larger projects or when you are validating a project that has just been imported into an environment for the first time.  If, for example,  someone forgot to include all of the needed PeopleCode for things to work (maybe forgetting to include a needed application package in the project definition),  then compiling the project and finding out about the problem immediately is better than hearing about later when a runtime error happens.

I prefer to do the Compile Project PeopleCode as a first step,  before running the project validation (in the App Designer menu, Tools -> Validate Project) because the project validation stops at the first error while the compile PeopleCode will try to compile everything in the project and report on what it found.

Some enhancements in this area that we’d love to see:

• A way to have this compilation happen automatically when a project is imported.  Either an option to do this on each project import or a general configuration setting indicating that it should always be performed.
• Some filtering mechanism to not show all of the PeopleCode programs that successfully compile.  This is particularly annoying on larger projects because you have to wade through a lot of output in order to find and resolve any errors.

Larry just posted a YouTube video that describes how our ERP Firewall product’s 2-Factor Authentication feature can help prevent students from hacking into PeopleSoft Campus Solutions and changing grades. The video contains specifics on how 2-Factor Authentication works.

Larry created the YouTube video based on what was reported recently at Purdue University where students are facing felony charges for hacking into secure systems and changing grades (we don’t know whether the Purdue incident involved PeopleSoft).

Apparently, hacking to change grades is not uncommon:

• Florida A&M University
• Cal State – Fresno
• Miami University

Chicago office opens

Well, we just couldn’t stay put in the San Francisco East Bay. Based on 2010 growth, and a great first half of 2011, we’ve opened an office in downtown Chicago. We plan to use Chicago as the access point to our Midwest and East Coast customers. And we’re hiring key technical resources…..so if you happen to know anyone who’s a strong PeopleSoft architect and lives in the greater Chicago area, please let us know. The new office address is 200 S. Wacker Drive, 15th Floor – directly across the street from the Willis (Sears) Tower.

Labels: chicago, hiring, new office, peoplesoft architect