Employ Least Privilege With Attribute-Based Access Controls
Security best practices begin with employing least privilege. Least privilege is defined as giving users access to only the information and resources needed to execute a particular task. To employ least privilege, organizations are turning to ABAC.
ABAC, also known as policy-based access controls, grants access to users through the use of policies that are automatically enforced using context-aware attributes (e.g., location, time range, days, security clearance level, IP address, max dollar amount allowed to be entered, even require a manager review, etc.) ABAC functions as a preventative control at the business process, transaction, and master data level.
The Appsian Security Platform makes it easy to employ ABAC, while continuing to leverage the Role-Based Controls that are already defined and in-use across the organization.
Enable least privilege for different contexts of user access:
- Restrict high privilege access to your secure network only
- Block the most sensitive transactions (ex. changing direct deposit info) from being executed outside your network
- Implement additional security challenges like MFA or data masking when access occurs outside your network
- Downgrades high privilege users (ex. Administrators) to lower privilege users if PeopleSoft is accessed outside of secure network
- Leverage additional security challenges (ex. MFA) for all users if performing transactions outside of secure network
- Controlled by a configurable rules engine
Enhanced Data & Transaction Security
Execute a robust policy of enforcing data access while ensuring your most sensitive transactions are not executed from an unfamiliar network.
Increased User Productivity
Employing contextual security means you can customize security challenges – rather than rely on one-size-fits-all rules that may restrict users from accomplishing tasks.
Since Appsian leverages a robust rules engine, creating and enforcing security rules is streamlined and simple. Administration is browser-based, which greatly reduces the complexity of ongoing platform management.