As the premier deep-dive PeopleSoft-focused event of the year, PeopleSoft Reconnect (presented by Quest Oracle User Group) has always touted itself as “created for PeopleSoft users… by PeopleSoft users.” This year’s conference (held in Rosemont, Illinois) did not disappoint.

Appsian was proud to be a conference sponsor, along with provide content, as our PeopleSoft User Experience experts presented sessions on improving PeopleSoft Security and Creating a Modern User Experience Across all PeopleSoft versions. The sessions were hugely successful, with an estimated 75% of conference attendance. During the session, many of the questions pertained to security concerns and the meeting of user experience expectations, as organizations continue to upgrade to PeopleSoft 9.2 and adopt Fluid UI – all in service to staying on Oracle support and maximizing their current ERP investment.

According to Scott Hirni, Director of User Experience Strategy and Solutions at Appsian (who has previously worked with PeopleSoft for 18+ years), “Fluid adoption and on-going enablement was among the top concerns for attendees.” While Fluid adoption is a top project in the PeopleSoft community, it was clear that not all PeopleSoft customers are able to leverage Fluid to its full potential.

Here are a few observations:

• 75% of organizations we spoke to at RECONNECT haven’t attempted to roll out Fluid – despite being on version 9.2
• 25% have started, but have required ongoing guidance
• Most attendees expressed that they were in the process of identifying the key business drivers for implementing Fluid
• Many questions arose about what to do with existing customizations while implementing Fluid

Inspired by Scott’s presentation at RECONNECT 19, here’s a quick look at the roadmap for customers looking to roll out Fluid.

• Identify business drivers i.e. key functional areas that need optimization and would benefit from a Fluid implementation project
• Review the list of already delivered Fluid screens and Classic retirement dates to prioritize rollout accordingly
• Assess the version perquisites of to handle your existing PeopleSoft customizations
• Prepare for UX changes and user adoption challenges that come with the new UI

The bottom line is, Appsian absolutely recommends upgrading to 9.2 and adopting Fluid as the best way to fully leverage your PeopleSoft investment. Staying current with Oracle maintenance and embracing the many advantages that come with a 9.2/Fluid adoption are critical, but we certainly understand that large-scale projects come with uncertainty and questions. With that in mind, Appsian has developed a strategic UX transformation plan that helps PeopleSoft customers analyze their business needs and assess how Fluid UI can help achieve their efficiency goals.

Not sure where to start? Leverage Appsian’s FREE PeopleSoft Fluid Assessment that includes:

· Complementary Onsite Workshop

· Strategic Analysis/Transaction/Use Case Mapping

· Fluid Rollout Plan

· Business/Institutional Alignment

To claim your FREE Fluid assessment you can also write to us at [email protected]

We live in a connected economy.  We live in a connected world.

We want our games, our movies and our friendships to be accessible on our phones and tablets.  Why wouldn’t we also want to be able to manage our work life on those mobile devices as well?

Answer: we do.

Most modern applications are designed from the ground up with mobile support in mind.  For these applications, security is designed around the idea that identity is the new perimeter (check out our Security blog entries for more about that). 

And, to meet today’s consumer expectations, modern applications invest a lot of dollars in the development of mobile-friendly user interfaces that utilize modern technologies, such as HTML 5 and other responsive technologies that provide a smooth and efficient user experience.

But, what about legacy applications? What about ERP systems released in the 90’s? 

These applications were usually designed to be accessed only from within the network, and typically only by a select few users using tailored client applications running on the desktop.

Those legacy systems are still being used by many companies to handle critical operations including human capital management, financials and supply chain. 

How can these applications meet the demands of the new connected world, where managing my work life via mobile is just as important as managing my personal life?

Before we talk about solutions, let’s talk about some of the usability challenges of exposing those applications to a mobile world.

Mobile Devices

Smartphones, tablets and all of the other evolving mobile device footprints vary in their features and specifications. And typically, their capabilities fall well short of the routine desktop computer sitting in your office or home.

How?

• Drastically reduced screen size
• Limited power and processing capabilities
• Challenging data entry methods (virtual keyboard, etc)
• Range of operating systems (iOS, Android, Windows, etc)
• Lack of standard security models

Mobile Connectivity

Desktop computers typically rely on wired connections to a network. Those connections have historically been stable and reliable.

Mobile connectivity is far more more dicey and depends on local conditions that dictate reliability, bandwidth and consistency.

We’ve all had a game of Candy Crush crash because we moved into a cellular dead zone – haven’t we?

Don’t judge me.

And, like the phone games we love to engage in, ERP systems also typically rely on long-lived sessions and multi-step transactions that depend on stable connectivity and session persistence.

The End User

Historically, applications had been designed around technology-oriented interfaces. We get back to the old model of legacy applications being implemented for selected users via a dedicated user interface that maximized the user’s ability to get their job done.

Modern applications, with mobility in mind, take a user-oriented approach to interface development. When you push connectivity out to the mobile world, you need to be able to support end users with different levels of skills (self-service, admins, etc).

How do you provide a user experience that supports retirees, many that may have accessibility challenges, trying to access benefits information via a phone? How do you support students that want quick and easy access to course scheduling and performance reports? How do you provide a mobile user experience that allows managers and administrators to access application functionality required to perform back office tasks?

More to come on this topic. 

After all, challenges breed solutions.

In the meantime, please reach out to [email protected] (or just click on our little onsite chat helper that tends to hang out at the bottom right) to get more info on how Appsian can help bring ERP into the connected world.

I was at the Alliance conference in Orlando this past week, and in the course of presenting and listening to multiple institutions in the higher education space, I picked up on a common thread. There is a lot of confusion on how modern access-level security measures such as Single Sign On (SSO) and Multi Factor Authentication (MFA) work, and more importantly, how they can work together to bolster an organization’s application security posture.

So, let’s start with the basics. I’m going to stay at a high level for this post. If there’s interest, I can dive into the technical nerd-stuff in a follow on. And yes, please encourage me, as I love the technical nerd-stuff.

Single Sign On

Single Sign On (SSO) is essentially an authentication mechanism that allows a user to access multiple applications with a single set of login credentials. Typically, these centralized credentials are maintained in an identity store (LDAP, ADFS, or another provider) and are incorporated into a token standard, such as SAML, that allows for the mapping to the user’s credentials stored in each participating application.

SSO provides a measure of security in that 1) a user does not have to remember (or store on post-it notes) the multiple user names and passwords associated with each application, and 2) it provides a single point to disable a compromised account.

Multi Factor Authentication

Multi Factor Authentication (MFA) is a mechanism where more than one form of authentication is required before allowing a user access to an application, or in the case of granular MFA, to designated sensitive processes or data within an application. Text book MFA dictates that there are three forms of authentication: something you know (user name and password, typically), something you have (a phone that can receive app-based or SMS confirmation requests, for example) and something you are (the rapidly evolving arena of biometrics).

MFA requires the use of at least two of these authentication methods before allowing access. It’s the current standard for securing authentication beyond the use of the standard user name and password method that has become much less secure in these days of phishing attacks and other means of stealing credentials.

MFA is becoming really common these days. Think of anytime you try to access your bank account from a new computer or an atypical location (you’re on vacation in China, for example). You will typically be sent a text with a code to your cell phone that you have to input before you’re allowed access. Again, you start with the something you know, but are additionally required to meet the something you have-based challenge.

It’s not perfect and needs to be implemented securely (which is a moving target), but it is a mechanism that helps prevent many of the common breach vectors that have plagued applications that store sensitive data such as SSNs, bank account numbers and other private information.

Both SSO and MFA utilize the concept of a web “session”.

What Is A Web Session?

Let’s start with what web interactions would be without the concept of a session. We would be in a world where every request made by a web browser would have to include whatever authentication credentials might be required to support the request to the site/application. And, even then, every request would be a one-off request-response without the ability to support multi-step transactions. There would be no persistence that we take for granted when we access online shopping sites or key business applications.

A session is commonly defined as a web server-side storage of information that is designed to maintain information throughout a user’s interaction with a web site or web application. The stored information around the ongoing interaction has a key that is passed between the site/application and every HTTP request that the browser makes. Thus, knowledge of what has transpired in the interactions is maintained and updated and allows for a site or application to respond based on what you did before. And it eliminates the need to re-authenticate with every web request.

How Does SSO Work?

SSO typically involves a user logging into a centralized Identity Provider (Okta, ADFS, LDAP, etc).

And as I’m discussing at a high level, I’m going to stop using the word “typically”, as the various Identity Providers for both SSO and MFA can operate differently under the covers.

Once a user logs into an Identity Provider (IdP), a token (a piece of code usually maintained in a browser) is created.

OK – “usually” is the same as “typically”, so I just have to stick to the most common scenarios.

When the user clicks to access an application that is under the SSO umbrella, the token is used to map the IdP login to the application credentials associated with that user. The IdP does not store the application credentials, but does map the central IdP credentials to an individual application account.

In a perfect SSO world, a user would be assigned application accounts that would have credentials (user name and password) that they would never need to use or know. They would be able to seamlessly traverse the applications they need to do their job based solely on the authentication to the IdP.

The token generated by the SSO IdP can have various parameters that dictate the life of the session that has been established. Timeouts can be specified that would dictate logouts from all SSO-based applications based on inactivity or specified durations.

How Does MFA Work?

SSO is fairly straightforward and adheres to stringent standards such as ADFS, Shibboleth and SAML.

MFA is a little more custom and implementations differ widely between providers.

Common approaches include the use of physical security tokens (key fobs, smart cards, etc), soft tokens (device-based apps that receive challenge requests, etc), mobile authentication (SMS, phone calls, etc) and biometric authentication (retina scans, facial recognition, etc).

The underlying commonality between these mechanisms is that, upon a successful response to the MFA challenge, a token is generated that allows access to the requested resource. The life of that token can be dictated via configuration within the MFA provider profile. Like SSO, this setting can be driven by inactivity or a dictated period of time.

How Do SSO And MFA Work Together?

This is where life gets dicey because cooperation between the tokens generated by SSO and MFA is really dictated by the provider capabilities and the associated configurations.

In general – yes, I found an alternative to “typically” and “usually” – the expiration of an SSO token will block access to all SSO enabled applications if users are prevented from directly logging in. Re-logging into the SSO IdP will be required.

The expiration of an MFA token will block access to subsequent requests for the MFA protected resource, but won’t necessarily block access to other parts of the application.

SSO is a fairly established standard, offering both security and productivity benefits. MFA is still evolving and, while implementations vary greatly, the technology is evolving rapidly to provide that additional layer of identity validation that SSO doesn’t support.

Contact us to learn how Appsian can help bolster your application security posture via SSO and MFA access controls.

Establishing security best practices for your PeopleSoft applications is always a work in progress. As newer, more advanced threats come to light, staying current can feel like a daunting task. While PeopleSoft systems are inherently robust and secure, a constantly evolving threat landscape, PLUS new data regulations have paved the way for several necessary security enhancements. As the end of 2018 draws near, now more than ever, organizations must be aware of the myriad of threats that are well-aware that “year-end” bonus season is coming… and are preparing their tactics to redirect your employees hard-earned payroll/bonuses.

What is the weakest link in your ERP security chain?

Threats today have become increasingly user-centric. The targets for malicious hackers have shifted from entire networks to applications. By leveraging phishing and social engineering attacks, most ERP breaches are now originating from the unauthorized use of valid login credentials – stolen directly from the user themselves. Thus, making your users (and their passwords) by far, the weakest link in your security chain.

Recommendations for mitigating the “human error” element

Inspired by dozens of successful PeopleSoft security projects, security experts at Appsian have compiled a list of best practices that every organization must utilize, and details the steps that should be taken to implement a layered approach to securing PeopleSoft. Rather than solely focusing security efforts on the perimeter, we will discuss how your sensitive data can be protected from malicious intruders (and even insiders) who are able to access PeopleSoft with valid credentials:

• Enabling SAML for centralized identity management and establishing a single sign-on to reduce the risk caused by users having multiple (potentially) weak passwords.
• Expanding traditional multi-factor authentication from login-only to field, page and component levels to ensure data protection from insider threats.
• Employing location-based security to enforce least privilege access when sensitive systems are being accessed from outside your corporate network.
• Enhancing data masking to alleviate challenges posed by static role-based masking rules and reduce unwanted exposure of sensitive data fields.
• Extending logging capabilities to be compliance-ready with 360-degree awareness of what going on inside your PeopleSoft systems and user activity.
• Bringing real-time visibility to breaches, suspicious events, and potential vulnerabilities by incorporating security analytics to your PeopleSoft security infrastructure.

Download the whitepaper to learn more about the best practices for achieving an end-to-end security and compliance strategy.

Download Your Whitepaper!

On a time-crunch? Request a quick session with our PeopleSoft security experts.

Contact Us Today!

1. https://info.digitalshadows.com/ERPApplicationsUnderFire-Press.html
2. https://www.us-cert.gov/ncas/current-activity/2018/07/25/Malicious-Cyber-Activity-Targeting-ERP-Applications
3. https://www.cyberark.com/resource/cyberark-global-advanced-threat-landscape-report-2018/

In the digital security world, social engineering is defined as the act of tricking someone into doing something that is often detrimental to themselves or others. Social engineering attacks can come in many forms: over the web, email, phone, postal mail or even in person.  Attackers can be very creative in how they disguise a malicious request into a seemingly legitimate call to action.  And these attacks have proven to be a very effective way for a criminal to get inside your organization. A successful social engineering attack typically results in a hacker obtaining an individual’s trusted credentials to one or more systems.  They can use those credentials to log in and snoop around for sensitive data or cause havoc in the digital network. Some of the more popular social engineering attacks include:

Phishing

Phishing emails or web sites are set up to fool a user into using their logon credentials to attempt to log into what appears to a trusted site (bank, credit card portal, etc).  The ‘fake’ site then captures those credentials which then can be used to maliciously access the real site equivalents.  

Over the Phone

 Hackers utilize phone-based attacks by posing as representatives of tech support, customer assistance or any number of other groups to obtain login credentials under the guise of helping the individual with a ‘problem’.  Often that problem is represented as a malware program that may have infected the recipient’s computer  or an issue with their bank account or credit card. Another popular phone-based attack vector is a hacker posing as a debt collector, tax agency or even law enforcement in an attempt to fool the recipient into sending money.  

Social Network Harvesting

A more recent social engineering attack is accomplished via setting up ‘fake’ social network app or page (Facebook, LinkedIn, etc). that is designed to target people who are interested in a particular subject, storyline or individual.  Many celebrity fan sites, for example, are set up for this very purpose. The attacker is then able to access the individual’s contacts and other information that allows them to build out a network of potentially favorable targets. Social engineering attacks are always evolving, so it is critical for an organization to implement an awareness training program that is maintained as new threats evolve.  Education is key in helping to ensure that employees recognize these threats and don’t ‘click that link’. In our next post we’ll discuss some other methods of combatting social engineering… Be sure to join us on Thursday November 8th at 1 PM CST for our UPCOMING security webinar,  PeopleSoft & Social Engineering Attacks: Common Techniques & How to Prevent Them.

Register Today!

 

This week, Hackensack Meridian Health (HMH), a New Jersey-based not-for-profit health care organization (and Appsian customer) was identified as a PeopleSoft Innovator for their use of PeopleSoft Fluid UI for HCM Employee Self Service; including the successful native implementation of Appsian’s two-factor authentication solution.

With an initiative to make PeopleSoft available to their 33,000 users via the open internet, HMH began an adoption of Fluid for HCM in early 2018. A “mission critical” objective to this project was pairing Fluid with a solution that provided secure access, while also limiting the amount of clicks and passwords required for users to access PeopleSoft.

HMH turned to Duo as the selected two-factor authentication platform, but still required a solution that natively integrated into PeopleSoft to extend Duo’s functionality. Appsian’s PeopleSoft Application Security Platform was evaluated and quickly selected as the right solution to ensure HMH’s project to make PeopleSoft available to the open internet (via Fluid) was successful.

As an Innovator, Hackensack Meridian Health has been included in the new PeopleSoft Innovators section on www.peoplesoftinfo.com and was announced as an Innovator during the 2018 Oracle OpenWorld conference.

To learn more about Appsian’s solutions for PeopleSoft security, please email us at [email protected] or your can simply Request a Demo

With the support for PeopleSoft 9.1 ending earlier this year (Jan 2018), most PeopleSoft customers are busy upgrading to PeopleSoft 9.2. As you upgrade to v9.2, Fluid becomes the inevitable frontline UI of your PeopleSoft applications. Consequently, upgrading to Fluid is a significant investment in terms of time, effort, and skilled resources. We at GreyHeller feel that the operational disruption and added investment that come with these upgrades are an extremely worthwhile endeavor for your journey toward a modern UI for PeopleSoft HCM, CRM, Financials, SCM and more. That being said, if productivity and engagement are the benchmarks for success with a UX/UI project, shouldn’t you do everything in your power to ensure your upgrade is fully enabled?

It should be acknowledged that a lack of certain best practices can prevent you from achieving your end goal of delivering the user experience you intended – and your users have come to expect from modern applications. Here are some tips to identify indicators that can potentially have a negative impact on your efforts of achieving a flawless adoption of PeopleSoft Fluid UI:

Fluid is the future – get with it!

Before we get into the details of ensuring a successful Fluid enablement project, let’s address the most crucial question first – Why is making the transition from Classic to Fluid important – and why now? The answer lies in Oracle’s announcement of the traditional Classic UI being on a retirement schedule. Oracle’s support doc ID 2238983.2 illustrates the timeline for pages that will be “desupported” at the end of each year. Since, Fluid is going to be the frontier of all PeopleSoft applications upgraded to 9.2, adopting Fluid has become a necessity for organizations to stay current with PeopleSoft.

Inconsistency can prove to be the death of a positive UX

A Fluid adoption should be a project centered around your end-users. Whether you are in the middle of a Fluid adoption or haven’t embarked upon it yet, it is important to consider the specific business needs of your users carefully (i.e., how are you intending them to work and on what mobile devices.) With the end goal of a Fluid upgrade being PeopleSoft applications that are readily available on mobile devices and with a streamlined user experience – it is ultimately user engagement that will prove to be the defining benchmark for success. However, the selective roll-out schedule of Fluid pages can potentially create an inconsistent UX in the interim, as users are likely to encounter existing Classic pages throughout a workflow. The result being (despite your best intentions) a UX that fails to deliver a 100% consistent experience. After all, inconsistency can prove to be the death of a positive UX.

Fluid requires new development skills

Fluid UI uses the same architectural foundation as the Classic layout. However, building design components in Fluid requires extra development work, meaning the required acquisition of skills such as HTML, CSS, JavaScript, etc. To ensure optimum preparedness for your Fluid enablement project, you need to have developers who are well versed in PeopleTools along with these additional skills. To fulfill project requirements, you can choose to invest your time and money in training existing team members or (like most organizations) you can hire new resources. However, the time spent in acquiring skilled resources can slow down the progress of your Fluid enablement project.

Consider the diversity and abundance of mobile devices.

A myriad of mobile devices are released every year, all with different screen sizes and resolutions. To compliment all the available device variables, your UI needs to be responsive. A truly responsive UI is the most critical parameter in mobilizing an application, thus allowing it to fit perfectly on any form factor. Fluid is an adaptive UI which means that it was designed to fit a predetermined set of form factors, i.e., small, medium, large and extra-large. Since there’s an abundance of mobile devices available on the market, and each one of them comes with different display standards, the pre-set form factors might not display content cleanly on every available screen.

How you can make Fluid UI exceptional with PeopleUX

PeopleUX by GreyHeller delivers a fully responsive and consistent user experience regardless of your current version of PeopleSoft. No matter what your upgrade status or your underlying UI (Classic/Classic Plus or Fluid), PeopleUX re-renders the existing HTML without impacting the original PeopleCode – creating a user experience that is visually engaging and uniform throughout the application. PeopleUX optimizes workflows with usability and intuition in mind, allowing users to execute transactions quickly and efficiently without requiring any additional training or technical support.

 A seamless and consistent user-experience allows users to be more productive no matter where they work or what device they use. The best part – PeopleUX can be implemented in a short span of time (60-90 days*) without any operational disruption or intermittent consistency. Lastly, PeopleUX saves you time and boosts Fluid adoption project ROI by eliminating the need to hire or train developers!

Interested to know more about making the Fluid experience truly exceptional? Request a free demo to speak to a PeopleSoft user experience specialist today, or write to us at [email protected]

As a BONUS opportunity – join us on Wednesday July 18th for our latest webinar where you can see for yourself how you can ensure a successful Fluid adoption – Register Today!

The European Union’s General Data Protection Regulation (GDPR) came into effect on May 25th, 2018 and made a far-spreading impact on how organizations record, manage and process personal data of European citizens. As an organization leveraging PeopleSoft, you house personally identifiable information (PII) on hundreds of pages, making your PeopleSoft applications a crucial variable in regards to sustaining GDPR compliance. Even though the security of your PeopleSoft applications has always been your priority, GDPR just upped the ante! Non-compliance with several clauses in GDPR can potentially knockout significant profit margins – 4% of global revenue or € 20 million to be precise.

Discover a data breach? The clock is NOW ticking!

Imagine all the chaos a data breach brings – the investigation, remediation, financial liabilities, and the overwhelming task of drafting an internal and external communication plan. The timeline of this process was previously driven by your organization – now that GDPR is in effect, communications with affected parties and relevant regulatory agencies all must be completed before the GDPR hourglass empties, i.e., in 72 hours. GDPR’s mandate is a clear message that the ‘wait and see’ approach that organizations could once get away with is no longer going to work! To establish compliance with GDPR, organizations need to evaluate all possible means that data can be breached, leaked, or manipulated and focus on equipping their PeopleSoft applications with internally layered security features, most specifically enhanced logging, in an effort toward being proactive rather than reactive.

Step 1 to GDPR compliance is getting to know your data

Your PeopleSoft applications are inherently built with robust security features, but modern threats demand data security be taken beyond the standard User ID/Password model. Under GDPR, more PII translates to more liability. Therefore, it’s crucial that organizations:

• Establish measures to track the lifecycle of sensitive data in their PeopleSoft applications
• Define control protocols on how and by whom PII is accessed
• Limit unnecessary exposure of sensitive information

For access controls to be effective, each user’s activity and transaction data must be available for tracking and monitoring by security teams so they can identify and remediate a breach effectively and efficiently.

High-level logging is NOT enough

Unfortunately, out-of-the-box PeopleSoft applications are only capable of high-level logging (login and log out instances), and that information is not sufficient for identifying what specific data fields may be compromised, who has viewed it, and when a user may have viewed specific data. This context is necessary for piecing together the narrative for effectively remediating a breach, and thus, making the initial steps towards complying with GDPR.

How GreyHeller’s Application Security Platform can solve the challenge

The key to preparing your PeopleSoft applications for GDPR is equipping them with advanced and robust security measures, that not only help you prevent a breach but allow you to detect and react to it promptly. With GreyHeller’s Application Security platform (ASP) organizations can effectively control the unwanted exposure of PII and accelerate breach detection and remediation. ASP enables security teams to gain maximum influence over what data is accessed, by whom, and how it is used.

Record each transaction as it happens

Designed to log field level transaction activity, ASP provides you with all the details you need to identify a data breach in time and fulfill the requirements imposed by GDPR. The logging features record all transactions within PeopleSoft on a granular level, providing information on what data was accessed, where it was accessed from, user ids and IP address effected and more.

Seeing is believing

The ASP also features an integrated analytics extension that uses the enhanced logging data to populate and display access activity on engaging dashboards. Comprising of elegant charts, graphs, and maps – these dashboards can be grouped by usage patterns, access trends, geographical locations, etc. to gain a holistic picture of user activity in a single view. The dashboards are equipped with deep drill-down capabilities, allowing security teams to investigate the activity and perform root-cause analysis thoroughly.

We are here to answer any questions you may have – Get a free security consultation for GDPR compliance today or write to us at [email protected].

Gartner recently released a report addressing the speculations around Oracle’s on-premise and cloud ERP applications. Focusing on Oracle ERP customers’ frequently asked questions, the report is aimed at helping CIOs make informed decisions on whether Cloud applications are a viable replacement for their on-premises suites. Here are the most important takeaways and highlights from the report:

On-premises ERP suites are not at the “end-of-life” stage.

From thousands of client interactions, Gartner concluded that Oracle’s ERP customers are unsure about Oracle’s commitment to its on-premises suite. To put their doubts to rest, Gartner highlighted several factors that reiterate Oracle’s continued investment in their on-premise applications:

Revenue from on-premise applications remains strong

“Oracle’s on-premises suites are not at the end-of-life stage” assures Gartner. “Oracle receives the majority of its software license revenue from customers paying for maintenance, and new sales of its on-premises products,” (68% and 65% in 2016 & 2017 respectively). According to Oracle’s co-founder Larry Ellison, “Oracle spends over $5 billion per year on research and development (R&D) and continues to invest in all its on-premises application products.”

Fluid symbolizes the future for (on-premise) PeopleSoft 

Specific to PeopleSoft, the report mentions that the “…extended Support timeline for PeopleSoft is stated through at least 2027,” and with the launch of enhancement features such as Fluid UI for PeopleSoft, Oracle continues to demonstrate its continued investment in their existing on-premise ERP applications.

Best Practice: Map Your Business Requirements Against the Maturity of Oracle’s Cloud Applications

According to Gartner, Oracle’s cloud applications are the inevitable future of ERP functions, but having been released to different timetables, cloud applications have differing levels of maturity and may not (at this time) offer true parity to Oracle’s legacy, on premise suite. As a best practice, Gartner recommends that decision-makers must consider the development roadmap of the respective cloud applications and avoid confusing the desire to source a new technology with the objective of fulfilling a specific business requirement. In other words, stating that “a full ‘rip and replace’ of your current applications may not be your best option.” Gartner goes on to urge customers to map business requirements carefully against the maturity of Oracle’s cloud applications and ensure that present day business objectives can be met so costly and unexpected change management can be avoided. In addition, the report offers a detailed outline of various situations and subsequent appropriate actions for ERP customers using Oracle’s on-premise suites.

Best Practice: “Take the postmodern approach”

Gartner emphasizes that the decision to move to the cloud must be based solely on the value proposition cloud applications offer over existing on-premises applications. While talking about moving to Cloud applications “as part of a business transformation initiative” Gartner asks decision makers to be aware of “the risks and limitations of recent releases.” Instead of a complete “rip and replace” Gartner suggests a “postmodern approach,” where an organization could decide to replace only parts of their on-premises footprint. Gartner also advises Oracle customers to not “assume that the level of expertise that exists for application support and implementation services for on-premises suites also exists for cloud applications.”

Summary

As stated above, while the future appears to be headed towards the cloud, the fact remains that a “look before you leap” approach is recommended. A cloud migration project must begin with a  thorough evaluation of your business objectives in order to ensure proper alignment between the cloud technology you are adopting and the expected results. Change management can add significant cost and disruption to a project, and while complete elimination of change management is impossible, the more evaluation you undergo prior to the start of a migration project – the more likely to avoid “budget busting” surprises.

So, consider the postmodern approach – what objectives do you need to achieve today vs. what do you need to achieve 5 years from now? Are there specific ERP functions that are working just fine today? If not, are there lightweight optimizations that can be done in the meantime to enhance current functionality? Gartner recommends a postmodern approach in order to avoid a scenario where you go “all in” on the cloud and are left to address an unexpected mess.

Appsian is here to help you make PeopleSoft exceptional. Email us at [email protected] and let us know how PeopleSoft can be working better for you today!       

Access the full version of the report HERE