SlideShare a Scribd company logo

Peoplesoft Best Practices for Maintaining Security

Appsian
Appsian

User engagement relies greatly on the ease of accessing information, the flexibility in fulfilling transactions

Internet
1 of 10
Download to read offline
Exposing PeopleSoft Self-Service Applications to the Internet Best Practices for Maintaining Security SOLUTION BRIEF
User engagement relies greatly on the ease of accessing information, the flexibility in fulfilling transactions, and the time taken in the process. To continue delivering efficiency for the modern workforce, Oracle has introduced the Fluid UI – a strategic step towards upgrading the PeopleSoft user experience by making transactions mobile-friendly. The Fluid page rollout is focused on enabling transactions that make the most sense for PeopleSoft customers/users. Self-service modules like benefits enrollment, time entry, approvals, student self-service, etc. have been prioritized so that users can fulfill tasks on their own time 1) without depending on access to a desktop computer or 2) having to divert time and focus from their primary responsibilities. Despite the benefits of mobilizing and opening applications for remote access, security ramifications are a major concern of most PeopleSoft customers. Rightfully so, since PeopleSoft applications house your organization’s most sensitive data including PII of students, employees, vendors and even job applicants. Expansion of access to sensitive data beyond a secure network perimeter also increases the risk of threats and more successful breaches. The proliferation of user-centric threats adds to the risk, as hackers increasingly target individual users and devices - leveraging the human-error factor to their advantage. So how do organizations maintain strict data security policies when access to PeopleSoft is available outside a secure corporate network? In this solution brief, we will discuss how organizations can achieve a secure remote access environment for PeopleSoft - using contextual access controls and fine-grained data security features. Abstract 2Exposing PeopleSoft Self-Service Applications to the Internet SOLUTION BRIEF
The Evolution Of The Threat Landscape As enterprise applications are exposed to the public internet, organizations are experiencing a shift in their threat landscape. More and more successful enterprise data breaches are originating from the application level (accessed with valid credentials), completely circumventing the secure corporate networks that organizations rely on to keep sensitive data safe. • Recently there’s been a huge influx of phishing attacks. Despite training and awareness programs, employees continue to fall for phishing attacks. According to the 2019 State of the Phish report, 83% of global security respondents experienced phishing attacks in 2018, up from 76% in 2017. • In last two years the average number of incidents involving malicious insiders increased by 53% and 2019 is predicted to be the costliest year to date when it comes to malicious insider threats. • Black Hat’s Hacker Survey Report found that 73% of hackers say that traditional perimeter security firewalls and antivirus software are irrelevant or obsolete, and 85% of hackers named humans as most responsible for security breaches. It is evident that the focus of cybercrime has shifted from the network to end-users. Therefore, expanding access only increases the attack surface for cybercriminals and malicious insiders to exploit. Exposing PeopleSoft Self-Service Applications to the Internet 3 SOLUTION BRIEF As threats evolve organizations must improve their security posture. In addition to refining policies and procedures, new age security solutions such as contextual access control and fine-grained data security can significantly reduce the probability of user- centric breaches. By enforcing additional authentication measures, improving access controls, and gaining visibility into user actions, organizations can confidently roll out self-service functionality knowing that their PeopleSoft applications are secure. Best Practices And Recommendations Evaluate required security upgrades Expanding access for PeopleSoft self-service applications can have a great impact on workforce productivity, talent retention, and user satisfaction. As a result, organizations might be encouraged to fast-track an ESS rollout project. However, it is essential to evaluate the security concerns associated with remote access beforehand. An analysis of threat vectors, business needs, regulations, and the sensitivity level of your data assets is a vital step to achieving a secure PeopleSoft environment. To truly benefit from mobile and remote access capabilities, it is important that organizations evaluate the risks and strike a balance between convenience and data security.
SOLUTION BRIEF Strengthen identity management Enhance ERP access controls Mask sensitive data fields With the rise in credential compromise caused by social engineering attacks and poor password management, PeopleSoft’s primary security model of Username & Password authentication is no longer an effective method on its own. It is important that organizations prioritize the use of an additional layer of identity authentication to validate access, especially from outside a secure corporate network. Organizations can implement multi-factor authentication (MFA) challenges to reduce successful access attempts in case valid user-credentials are compromised. In fact, according to the Black Hat hacker survey report, MFA has been considered as the top most ‘tough to beat’ feature by hackers. Deploying PeopleSoft self-service often includes expanding access to the public internet. By allowing access outside a secure corporate network, organizations expose themselves to new risks posed by cybercriminals and insiders alike. Equipping PeopleSoft with contextual access controls allow organizations to better align to the principal of least privilege, in turn, eliminating unnecessary privileges and drastically reducing user-centric risk. To reduce your remote attack surface, it is essential that organizations set restrictions and only allow bare minimum access for specific low-risk transactions. Data masking is a best practice for protecting sensitive data fields such as social security numbers, direct deposit information, patient ids and more from unnecessary exposure. By hiding records partially or fully, organizations can significantly reduce the risk of data theft. In the interest of added security, organizations must implement dynamic data masking governed by contextual information, so that even valid users are unable to access sensitive data remotely on personal devices. 4Exposing PeopleSoft Self-Service Applications to the Internet
Build deep visibility into user activity Poor password practices negatively impact productivity and security efforts - No native SAML support Limitations of front door MFA In the context of self-service, organizations are opening themselves up to an entirely new scope of access. Rather than all activity coming from a single, trusted corporate network and uniform set of corporate devices, users are now accessing your sensitive PeopleSoft applications from thousands of unfamiliar end-points. This venture into the unknown requires deep visibility into user activity to be able to detect suspicious access. Additionally, building the capability to monitor, track and record user-actions on a granular level, along with the context of activity, organizations can facilitate logs for audits and regulatory reporting and allow security teams to discover, investigate, and respond to suspicious transactions promptly. Out-of-the-box, PeopleSoft’s native authentication is username and password based and does not enforce strong password policies. With multiple enterprise applications to access, employees tend to set up easy to remember passwords that are also easy to crack. To avoid the use of weak passwords, IT teams enforce mandates around setting up strong passwords which are difficult to remember, which leads to recurring password reset requests. Frequent password reset requests can result in users delaying or abandoning administrative transactions - defeating the purpose of making self- service mobile and available remotely. Organizations can rectify this by establishing a centralized authentication system or a Single Sign-on (SSO). However, PeopleSoft applications lack native SAML support - the widely accepted identity federation standard. As a result, PeopleSoft applications cannot connect with SAML supporting ID providers and are likely to be alienated from other enterprise applications. Most off-the-shelf SSO providers are unaware of this limitation and suggest custom development when faced with the roadblock during implementation/testing. A custom development is costly and time-consuming as it requires specialized knowledge, extensive development, and often the purchase of additional hardware. Most off-the-shelf MFA solutions are limited to login level only. While front-door MFA challenges can be effective in keeping malicious hackers out of PeopleSoft applications, they pose several constraints, i.e. lack of security against insider threats, and decreased employee productivity. 5 SOLUTION BRIEF Challenges Exposing PeopleSoft Self-Service Applications to the Internet
While a login level MFA can protect your applications against external bad-actors, a malicious insider with the ability to successfully pass these challenges can still access, download, distribute, and potentially misuse PII for personal gains. Therefore, to fully leverage the benefits of MFA it is essential to extend the functionality to field, page and component levels. To enforce MFA challenges for high-risk transactions, organizations need to tie authentication policies with contextual information. However, traditional MFA solutions cannot integrate with PeopleSoft’s underlying rules. As a result, organizations are left with rigid rulesets and limited ability to configure MFA policies that meet their employees’ and business’ unique needs. The added disruption of recurring MFA challenges at login can avert users and impact engagement rates. Frequent MFA challenges can force users to avoid self-service transactions resulting in low engagement with critical HR/ administrative initiatives - eventually defeating the purpose of opening self- service for remote access. Since most self-service transactions are low-risk, organizations must focus on protecting high-risk transactions and sensitive fields. 6 - Login level MFA is ineffective for insider threats - Rigid rulesets - MFA fatigue impacts user engagement SOLUTION BRIEF Exposing PeopleSoft Self-Service Applications to the Internet
7 Static access control Limitations of native data masking Logging capabilities are not user-centric SOLUTION BRIEF PeopleSoft allows organizations to implement access controls based on static rules. User-roles or permission lists govern these restrictions, thereby allowing users to access all the sensitive information or nothing at all. With increased access from outside a secure network, organizations need more flexibility to control what users can access based on contextual information such as the location of access, user-privilege and more. For example - high-risk transactions such as financials, payroll, etc. must be blocked for external access despite the privilege level of a user. PeopleSoft’s existing data masking functionality is limited to Bank Account Number, Date of Birth and National ID. The native masking also depends on static, role-based rules; therefore, users who have the privilege to view sensitive data can view it all, no matter where they are accessing the application from. As a result, sensitive data fields are vulnerable to exposure if privilege user credentials are stolen or when privileged users download data on personal/home computers using queries. To ensure that data masking is effective for remote access, masking rules need to be contextually aware of where access is coming from and dynamically applied (inside or outside a secure corporate network). Out-of-the-box, PeopleSoft offers high-level logging designed primarily for debugging and troubleshooting. These logs do not provide information on what data was accessed or any details on the context of access such as who obtained it, when, or from where. However, with the rise in user-centric threats, contextual information tied to user activity logging becomes instrumental in monitoring, reporting, and incident response – especially when the scope of access is expanded beyond a secure network firewall. Appsian’s Application Security Platform (ASP) addresses end-to-end PeopleSoft security requirements that come with the expansion of access. Uniquely designed for PeopleSoft, ASP provides security features that are contextually aware and deploys defenses based on user privilege, business requirements, and the sensitive nature of the data/transactions. ASP plugs into your PeopleSoft web server and enhances the security of your applications, without impacting user experience or requiring additional customization efforts and hardware. Solution Exposing PeopleSoft Self-Service Applications to the Internet
SOLUTION BRIEF Dynamic Access Controls Contextual MFA with field-level data protection ASP allows customers to establish dynamic access controls based on contextual attributes such as the location of access, IP address, user privilege and nature of a transaction. Customers can set restrictions for specific modules or transactions, or prompt users with MFA-gated checkpoints when an access attempt is made from outside a secure corporate network. Organizations can also entirely block high-risk transactions from remote locations while still allowing access to low-risk transactions such as benefits enrollment, time-entry, expenses, approvals and more. Appsian’s MFA solution allows organizations to enforce identity challenges at the field, page, and component levels in PeopleSoft. It is the only solution of its kind that enables IT teams to create contextual rules based on PeopleSoft artifacts and user attributes such as user id, location, IP address, privileges, data sensitivity and more. With ASP’s contextual MFA in place, users can be challenged to reconfirm their identity (using a voice call, OTP, or push notifications) when attempting to view sensitive records or perform high-risk transactions. By using the context of access to enforce MFA challenges, ASP matches the level of risk to the appropriate level of security. This approach maintains robust security while avoiding arbitrary security measures that plague user productivity and engagement. For example, enforcing more robust MFA policies when a user is requesting access from a coffee shop versus at the office. 8Exposing PeopleSoft Self-Service Applications to the Internet
9 Dynamic Data Masking Single Sign-On Logging and Analytics SOLUTION BRIEF ASP allows organizations to enforce dynamic data masking policies to mask or redact any field in PeopleSoft. Using the context of access and data attributes, organizations can implement full-field, partial-field, and click-to-view masking to ensure that only authorized users who need to see data can see it, and only when they should. Coupled with ASP’s field-level MFA, data masking can also be utilized to provide conditional access to allow users to view specific data fields by performing an identity authentication challenge. Additionally, using a click-to-view functionality, organizations can efficiently track access to sensitive data records and trace back on user activity in case of a suspicious transaction. Appsian’s PeopleSoft SSO Connector is the only solution that sits natively within the web server and allows PeopleSoft to support SAML technology; thus, enabling organizations to use SAML-based identity providers for authentication with PeopleSoft applications. By removing the hassle of managing multiple passwords, PeopleSoft SSO reduces the burden on IT teams and makes password management easier. It also empowers users to transition between all enterprise applications, including PeopleSoft, with one strong set of credentials - improving usability and boosting employee engagement. Appsian’s Application Security Platform (ASP) enables granular logging and user activity monitoring for PeopleSoft. ASP allows customers to capture user activity data paired with contextual user information such as device, location, IP address, etc. The transaction level data is recorded in a structured format that can efficiently highlight malicious events, provide actionable data for incident response, and offers ready-to-use audit and compliance reports. With a click-to- view feature, all activity involving sensitive data can then be tagged with the corresponding user role, IP, location, and time of access. Additionally, with ASP’s Real-Time Analytics, these detailed logs can be further visualized on Splunk leveraged dashboards to highlight trends and patterns in user activity and data usage for enhanced data discovery and exploration. Mobile self-service transactions offer an abundance of convenience and flexibility for both users and administrators. Leveraging remote and flexible working that frees users from fixed office and desk environments, organizations can significantly boost productivity, reduce turnaround time, and save associated costs. To manage the increased access surface and the corresponding risk to data assets, organizations must build a proactive security strategy. Application security efforts can be maximized by implementing multiple layers of contextual controls aimed at enhancing visibility, strengthening user authentication and improving governance. While adding fine-grained security features such as data masking, least privilege, MFA, etc. can allow organizations to avoid certain risk vectors upfront, visibility into user activity can allow faster incident response for malicious events and their aftereffects. Conclusion Exposing PeopleSoft Self-Service Applications to the Internet
8111 Lyndon B Johnson Fwy. Dallas, TX 75251 (469) 906-2100 © Appsian 2019 info@appsian.com

Recommended

New Approaches to Security and Availability for Cloud Data
New Approaches to Security and Availability for Cloud DataNew Approaches to Security and Availability for Cloud Data
New Approaches to Security and Availability for Cloud DataEMC
 
IDC: Top Five Considerations for Cloud-Based Security
IDC: Top Five Considerations for Cloud-Based SecurityIDC: Top Five Considerations for Cloud-Based Security
IDC: Top Five Considerations for Cloud-Based Securityarms8586
 
Are you fighting_new_threats_with_old_weapons
Are you fighting_new_threats_with_old_weaponsAre you fighting_new_threats_with_old_weapons
Are you fighting_new_threats_with_old_weaponsBhargav Modi
 
Cloud Service Security using Two-factor or Multi factor Authentication
Cloud Service Security using Two-factor or Multi factor AuthenticationCloud Service Security using Two-factor or Multi factor Authentication
Cloud Service Security using Two-factor or Multi factor AuthenticationIRJET Journal
 
4514ijmnct01
4514ijmnct014514ijmnct01
4514ijmnct01ijmnct
 
Security Threats for SMBs
Security Threats for SMBsSecurity Threats for SMBs
Security Threats for SMBsGFI Software
 
Rapport X force 2014
Rapport X force 2014Rapport X force 2014
Rapport X force 2014Patrick Bouillaud
 
VIPRE Business Takes a Bite out of Bloatware
VIPRE Business Takes a Bite out of BloatwareVIPRE Business Takes a Bite out of Bloatware
VIPRE Business Takes a Bite out of BloatwareGFI Software
 

Recommended

New Approaches to Security and Availability for Cloud Data
New Approaches to Security and Availability for Cloud DataNew Approaches to Security and Availability for Cloud Data
New Approaches to Security and Availability for Cloud DataEMC
 
IDC: Top Five Considerations for Cloud-Based Security
IDC: Top Five Considerations for Cloud-Based SecurityIDC: Top Five Considerations for Cloud-Based Security
IDC: Top Five Considerations for Cloud-Based Securityarms8586
 
Are you fighting_new_threats_with_old_weapons
Are you fighting_new_threats_with_old_weaponsAre you fighting_new_threats_with_old_weapons
Are you fighting_new_threats_with_old_weaponsBhargav Modi
 
Cloud Service Security using Two-factor or Multi factor Authentication
Cloud Service Security using Two-factor or Multi factor AuthenticationCloud Service Security using Two-factor or Multi factor Authentication
Cloud Service Security using Two-factor or Multi factor AuthenticationIRJET Journal
 
4514ijmnct01
4514ijmnct014514ijmnct01
4514ijmnct01ijmnct
 
Security Threats for SMBs
Security Threats for SMBsSecurity Threats for SMBs
Security Threats for SMBsGFI Software
 
Rapport X force 2014
Rapport X force 2014Rapport X force 2014
Rapport X force 2014Patrick Bouillaud
 
VIPRE Business Takes a Bite out of Bloatware
VIPRE Business Takes a Bite out of BloatwareVIPRE Business Takes a Bite out of Bloatware
VIPRE Business Takes a Bite out of BloatwareGFI Software
 
Malicious Insiders
Malicious InsidersMalicious Insiders
Malicious Insidersgjohansen
 
Eileen Presentation
Eileen PresentationEileen Presentation
Eileen Presentationjc06442n
 
Healthcare Industry Security Whitepaper
Healthcare Industry Security WhitepaperHealthcare Industry Security Whitepaper
Healthcare Industry Security WhitepaperCasey Lucas
 
International Journal of Engineering Inventions (IJEI)
International Journal of Engineering Inventions (IJEI)International Journal of Engineering Inventions (IJEI)
International Journal of Engineering Inventions (IJEI)International Journal of Engineering Inventions www.ijeijournal.com
 
Internet Security Agent
Internet Security AgentInternet Security Agent
Internet Security AgentInternational Journal of Engineering Inventions www.ijeijournal.com
 
Patch management
Patch managementPatch management
Patch managementGFI Software
 
How IT can Choose the Right Technologies
How IT can Choose the Right TechnologiesHow IT can Choose the Right Technologies
How IT can Choose the Right TechnologiesJumpCloud
 
Network Environments
Network EnvironmentsNetwork Environments
Network EnvironmentsGFI Software
 
ZS Infotech v1.0
ZS Infotech v1.0ZS Infotech v1.0
ZS Infotech v1.0Muhammad Zubair
 
When Less is More: Why Small Companies Should Think Outside the(Red/Yellow) B...
When Less is More: Why Small Companies Should Think Outside the(Red/Yellow) B...When Less is More: Why Small Companies Should Think Outside the(Red/Yellow) B...
When Less is More: Why Small Companies Should Think Outside the(Red/Yellow) B...GFI Software
 
IRJET- A Survey on Cloud Data Security Methods and Future Directions
IRJET- A Survey on Cloud Data Security Methods and Future DirectionsIRJET- A Survey on Cloud Data Security Methods and Future Directions
IRJET- A Survey on Cloud Data Security Methods and Future DirectionsIRJET Journal
 
Hybrid Technology
Hybrid TechnologyHybrid Technology
Hybrid TechnologyGFI Software
 
How to reduce security risks to ensure user confidence in m-payments
How to reduce security risks to ensure user confidence in m-paymentsHow to reduce security risks to ensure user confidence in m-payments
How to reduce security risks to ensure user confidence in m-paymentsBMI Healthcare
 
Big Data for Security
Big Data for SecurityBig Data for Security
Big Data for SecurityJoey Jablonski
 
Banking and Modern Payments System Security Analysis
Banking and Modern Payments System Security AnalysisBanking and Modern Payments System Security Analysis
Banking and Modern Payments System Security AnalysisCSCJournals
 
Identified Vulnerabilitis And Threats In Cloud Computing
Identified Vulnerabilitis And Threats In Cloud ComputingIdentified Vulnerabilitis And Threats In Cloud Computing
Identified Vulnerabilitis And Threats In Cloud ComputingIOSR Journals
 
5 steps-to-mobile-risk-management-whitepaper-golden-gekko
5 steps-to-mobile-risk-management-whitepaper-golden-gekko5 steps-to-mobile-risk-management-whitepaper-golden-gekko
5 steps-to-mobile-risk-management-whitepaper-golden-gekkoDMI
 
Why Passwords are not strong enough
Why Passwords are not strong enoughWhy Passwords are not strong enough
Why Passwords are not strong enoughEMC
 
security-team-guide-reducing-operational-risk.pdf
security-team-guide-reducing-operational-risk.pdfsecurity-team-guide-reducing-operational-risk.pdf
security-team-guide-reducing-operational-risk.pdfgokuforhelp
 
Effective multi factor authentication for people soft
Effective multi factor authentication for people softEffective multi factor authentication for people soft
Effective multi factor authentication for people softAppsian
 
Mobile Security: 5 Steps to Mobile Risk Management
Mobile Security: 5 Steps to Mobile Risk ManagementMobile Security: 5 Steps to Mobile Risk Management
Mobile Security: 5 Steps to Mobile Risk ManagementDMIMarketing
 
Cyber Security Trends - Where the Industry Is Heading in an Uncertainty
Cyber Security Trends - Where the Industry Is Heading in an UncertaintyCyber Security Trends - Where the Industry Is Heading in an Uncertainty
Cyber Security Trends - Where the Industry Is Heading in an UncertaintyOrganization
 

More Related Content

What's hot

Malicious Insiders
Malicious InsidersMalicious Insiders
Malicious Insidersgjohansen
 
Eileen Presentation
Eileen PresentationEileen Presentation
Eileen Presentationjc06442n
 
Healthcare Industry Security Whitepaper
Healthcare Industry Security WhitepaperHealthcare Industry Security Whitepaper
Healthcare Industry Security WhitepaperCasey Lucas
 
How IT can Choose the Right Technologies
How IT can Choose the Right TechnologiesHow IT can Choose the Right Technologies
How IT can Choose the Right TechnologiesJumpCloud
 
Network Environments
Network EnvironmentsNetwork Environments
Network EnvironmentsGFI Software
 
When Less is More: Why Small Companies Should Think Outside the(Red/Yellow) B...
When Less is More: Why Small Companies Should Think Outside the(Red/Yellow) B...When Less is More: Why Small Companies Should Think Outside the(Red/Yellow) B...
When Less is More: Why Small Companies Should Think Outside the(Red/Yellow) B...GFI Software
 
IRJET- A Survey on Cloud Data Security Methods and Future Directions
IRJET- A Survey on Cloud Data Security Methods and Future DirectionsIRJET- A Survey on Cloud Data Security Methods and Future Directions
IRJET- A Survey on Cloud Data Security Methods and Future DirectionsIRJET Journal
 
How to reduce security risks to ensure user confidence in m-payments
How to reduce security risks to ensure user confidence in m-paymentsHow to reduce security risks to ensure user confidence in m-payments
How to reduce security risks to ensure user confidence in m-paymentsBMI Healthcare
 
Banking and Modern Payments System Security Analysis
Banking and Modern Payments System Security AnalysisBanking and Modern Payments System Security Analysis
Banking and Modern Payments System Security AnalysisCSCJournals
 
Identified Vulnerabilitis And Threats In Cloud Computing
Identified Vulnerabilitis And Threats In Cloud ComputingIdentified Vulnerabilitis And Threats In Cloud Computing
Identified Vulnerabilitis And Threats In Cloud ComputingIOSR Journals
 

What's hot (16)

Malicious Insiders
Malicious InsidersMalicious Insiders
Malicious Insiders
 
Eileen Presentation
Eileen PresentationEileen Presentation
Eileen Presentation
 
Healthcare Industry Security Whitepaper
Healthcare Industry Security WhitepaperHealthcare Industry Security Whitepaper
Healthcare Industry Security Whitepaper
 
International Journal of Engineering Inventions (IJEI)
International Journal of Engineering Inventions (IJEI)International Journal of Engineering Inventions (IJEI)
International Journal of Engineering Inventions (IJEI)
 
Internet Security Agent
Internet Security AgentInternet Security Agent
Internet Security Agent
 
Patch management
Patch managementPatch management
Patch management
 
How IT can Choose the Right Technologies
How IT can Choose the Right TechnologiesHow IT can Choose the Right Technologies
How IT can Choose the Right Technologies
 
Network Environments
Network EnvironmentsNetwork Environments
Network Environments
 
ZS Infotech v1.0
ZS Infotech v1.0ZS Infotech v1.0
ZS Infotech v1.0
 
When Less is More: Why Small Companies Should Think Outside the(Red/Yellow) B...
When Less is More: Why Small Companies Should Think Outside the(Red/Yellow) B...When Less is More: Why Small Companies Should Think Outside the(Red/Yellow) B...
When Less is More: Why Small Companies Should Think Outside the(Red/Yellow) B...
 
IRJET- A Survey on Cloud Data Security Methods and Future Directions
IRJET- A Survey on Cloud Data Security Methods and Future DirectionsIRJET- A Survey on Cloud Data Security Methods and Future Directions
IRJET- A Survey on Cloud Data Security Methods and Future Directions
 
Hybrid Technology
Hybrid TechnologyHybrid Technology
Hybrid Technology
 
How to reduce security risks to ensure user confidence in m-payments
How to reduce security risks to ensure user confidence in m-paymentsHow to reduce security risks to ensure user confidence in m-payments
How to reduce security risks to ensure user confidence in m-payments
 
Big Data for Security
Big Data for SecurityBig Data for Security
Big Data for Security
 
Banking and Modern Payments System Security Analysis
Banking and Modern Payments System Security AnalysisBanking and Modern Payments System Security Analysis
Banking and Modern Payments System Security Analysis
 
Identified Vulnerabilitis And Threats In Cloud Computing
Identified Vulnerabilitis And Threats In Cloud ComputingIdentified Vulnerabilitis And Threats In Cloud Computing
Identified Vulnerabilitis And Threats In Cloud Computing
 

Similar to Peoplesoft Best Practices for Maintaining Security

5 steps-to-mobile-risk-management-whitepaper-golden-gekko
5 steps-to-mobile-risk-management-whitepaper-golden-gekko5 steps-to-mobile-risk-management-whitepaper-golden-gekko
5 steps-to-mobile-risk-management-whitepaper-golden-gekkoDMI
 
Why Passwords are not strong enough
Why Passwords are not strong enoughWhy Passwords are not strong enough
Why Passwords are not strong enoughEMC
 
security-team-guide-reducing-operational-risk.pdf
security-team-guide-reducing-operational-risk.pdfsecurity-team-guide-reducing-operational-risk.pdf
security-team-guide-reducing-operational-risk.pdfgokuforhelp
 
Effective multi factor authentication for people soft
Effective multi factor authentication for people softEffective multi factor authentication for people soft
Effective multi factor authentication for people softAppsian
 
Mobile Security: 5 Steps to Mobile Risk Management
Mobile Security: 5 Steps to Mobile Risk ManagementMobile Security: 5 Steps to Mobile Risk Management
Mobile Security: 5 Steps to Mobile Risk ManagementDMIMarketing
 
Cyber Security Trends - Where the Industry Is Heading in an Uncertainty
Cyber Security Trends - Where the Industry Is Heading in an UncertaintyCyber Security Trends - Where the Industry Is Heading in an Uncertainty
Cyber Security Trends - Where the Industry Is Heading in an UncertaintyOrganization
 
5 Steps to Mobile Risk Management
5 Steps to Mobile Risk Management5 Steps to Mobile Risk Management
5 Steps to Mobile Risk ManagementDMIMarketing
 
Corporate Cybersecurity: A Serious Game
Corporate Cybersecurity: A Serious GameCorporate Cybersecurity: A Serious Game
Corporate Cybersecurity: A Serious GameTatainteractive1
 
InformationSecurity_11141
InformationSecurity_11141InformationSecurity_11141
InformationSecurity_11141sraina2
 
Clearswift f5 integration
Clearswift f5 integrationClearswift f5 integration
Clearswift f5 integrationMarco Essomba
 
Icit analysis-identity-access-management
Icit analysis-identity-access-managementIcit analysis-identity-access-management
Icit analysis-identity-access-managementMark Gibson
 
Just-How-Secure-is-your-Remote-Workforce-Infinity-Group-Ebook.pdf
Just-How-Secure-is-your-Remote-Workforce-Infinity-Group-Ebook.pdfJust-How-Secure-is-your-Remote-Workforce-Infinity-Group-Ebook.pdf
Just-How-Secure-is-your-Remote-Workforce-Infinity-Group-Ebook.pdfInfinityGroup5
 
Taking Control of the Digital and Mobile User Authentication Challenge
Taking Control of the Digital and Mobile User Authentication ChallengeTaking Control of the Digital and Mobile User Authentication Challenge
Taking Control of the Digital and Mobile User Authentication ChallengeEMC
 
The 14 Most Common Security Risks For SaaS Applications And How To Fix Them.pdf
The 14 Most Common Security Risks For SaaS Applications And How To Fix Them.pdfThe 14 Most Common Security Risks For SaaS Applications And How To Fix Them.pdf
The 14 Most Common Security Risks For SaaS Applications And How To Fix Them.pdfGroovy Web
 
En msft-scrty-cntnt-e book-protectyourdata
En msft-scrty-cntnt-e book-protectyourdataEn msft-scrty-cntnt-e book-protectyourdata
En msft-scrty-cntnt-e book-protectyourdataOnline Business
 
ultimate-guide-to-getting-started-with-appsec-veracode
ultimate-guide-to-getting-started-with-appsec-veracodeultimate-guide-to-getting-started-with-appsec-veracode
ultimate-guide-to-getting-started-with-appsec-veracodeSean Varga
 
Security attacks taxonomy on
Security attacks taxonomy onSecurity attacks taxonomy on
Security attacks taxonomy onijmnct
 

Similar to Peoplesoft Best Practices for Maintaining Security (20)

5 steps-to-mobile-risk-management-whitepaper-golden-gekko
5 steps-to-mobile-risk-management-whitepaper-golden-gekko5 steps-to-mobile-risk-management-whitepaper-golden-gekko
5 steps-to-mobile-risk-management-whitepaper-golden-gekko
 
Why Passwords are not strong enough
Why Passwords are not strong enoughWhy Passwords are not strong enough
Why Passwords are not strong enough
 
security-team-guide-reducing-operational-risk.pdf
security-team-guide-reducing-operational-risk.pdfsecurity-team-guide-reducing-operational-risk.pdf
security-team-guide-reducing-operational-risk.pdf
 
Effective multi factor authentication for people soft
Effective multi factor authentication for people softEffective multi factor authentication for people soft
Effective multi factor authentication for people soft
 
Mobile Security: 5 Steps to Mobile Risk Management
Mobile Security: 5 Steps to Mobile Risk ManagementMobile Security: 5 Steps to Mobile Risk Management
Mobile Security: 5 Steps to Mobile Risk Management
 
Cyber Security Trends - Where the Industry Is Heading in an Uncertainty
Cyber Security Trends - Where the Industry Is Heading in an UncertaintyCyber Security Trends - Where the Industry Is Heading in an Uncertainty
Cyber Security Trends - Where the Industry Is Heading in an Uncertainty
 
Measures to Avoid Cyber-attacks
Measures to Avoid Cyber-attacksMeasures to Avoid Cyber-attacks
Measures to Avoid Cyber-attacks
 
Measure To Avoid Cyber Attacks
Measure To Avoid Cyber AttacksMeasure To Avoid Cyber Attacks
Measure To Avoid Cyber Attacks
 
5 Steps to Mobile Risk Management
5 Steps to Mobile Risk Management5 Steps to Mobile Risk Management
5 Steps to Mobile Risk Management
 
Corporate Cybersecurity: A Serious Game
Corporate Cybersecurity: A Serious GameCorporate Cybersecurity: A Serious Game
Corporate Cybersecurity: A Serious Game
 
InformationSecurity_11141
InformationSecurity_11141InformationSecurity_11141
InformationSecurity_11141
 
Clearswift f5 integration
Clearswift f5 integrationClearswift f5 integration
Clearswift f5 integration
 
Icit analysis-identity-access-management
Icit analysis-identity-access-managementIcit analysis-identity-access-management
Icit analysis-identity-access-management
 
Just-How-Secure-is-your-Remote-Workforce-Infinity-Group-Ebook.pdf
Just-How-Secure-is-your-Remote-Workforce-Infinity-Group-Ebook.pdfJust-How-Secure-is-your-Remote-Workforce-Infinity-Group-Ebook.pdf
Just-How-Secure-is-your-Remote-Workforce-Infinity-Group-Ebook.pdf
 
Taking Control of the Digital and Mobile User Authentication Challenge
Taking Control of the Digital and Mobile User Authentication ChallengeTaking Control of the Digital and Mobile User Authentication Challenge
Taking Control of the Digital and Mobile User Authentication Challenge
 
Fy17 sec shadow_it-e_book_final_032417
Fy17 sec shadow_it-e_book_final_032417Fy17 sec shadow_it-e_book_final_032417
Fy17 sec shadow_it-e_book_final_032417
 
The 14 Most Common Security Risks For SaaS Applications And How To Fix Them.pdf
The 14 Most Common Security Risks For SaaS Applications And How To Fix Them.pdfThe 14 Most Common Security Risks For SaaS Applications And How To Fix Them.pdf
The 14 Most Common Security Risks For SaaS Applications And How To Fix Them.pdf
 
En msft-scrty-cntnt-e book-protectyourdata
En msft-scrty-cntnt-e book-protectyourdataEn msft-scrty-cntnt-e book-protectyourdata
En msft-scrty-cntnt-e book-protectyourdata
 
ultimate-guide-to-getting-started-with-appsec-veracode
ultimate-guide-to-getting-started-with-appsec-veracodeultimate-guide-to-getting-started-with-appsec-veracode
ultimate-guide-to-getting-started-with-appsec-veracode
 
Security attacks taxonomy on
Security attacks taxonomy onSecurity attacks taxonomy on
Security attacks taxonomy on
 

More from Appsian

Appsian payroll diversion_infographic
Appsian payroll diversion_infographicAppsian payroll diversion_infographic
Appsian payroll diversion_infographicAppsian
 
Appsian compliance risk_analytics_data_sheet(1)
Appsian compliance risk_analytics_data_sheet(1)Appsian compliance risk_analytics_data_sheet(1)
Appsian compliance risk_analytics_data_sheet(1)Appsian
 
Appsian securing mobile_ess_solution_brief
Appsian securing mobile_ess_solution_briefAppsian securing mobile_ess_solution_brief
Appsian securing mobile_ess_solution_briefAppsian
 
2020 content sap_solution_brief_saprecon
2020 content sap_solution_brief_saprecon2020 content sap_solution_brief_saprecon
2020 content sap_solution_brief_sapreconAppsian
 
Asp for sap_data_sheet___appsian_application_security_platform_2019
Asp for sap_data_sheet___appsian_application_security_platform_2019Asp for sap_data_sheet___appsian_application_security_platform_2019
Asp for sap_data_sheet___appsian_application_security_platform_2019Appsian
 
Appsian remote access_infographic
Appsian remote access_infographicAppsian remote access_infographic
Appsian remote access_infographicAppsian
 
Asp for sap_data_sheet___appsian_application_security_platform_2019
Asp for sap_data_sheet___appsian_application_security_platform_2019Asp for sap_data_sheet___appsian_application_security_platform_2019
Asp for sap_data_sheet___appsian_application_security_platform_2019Appsian
 
4. data security eb__1_
4. data security eb__1_4. data security eb__1_
4. data security eb__1_Appsian
 
Sap rba cplus_abac_datasheet_appsian_2020
Sap rba cplus_abac_datasheet_appsian_2020Sap rba cplus_abac_datasheet_appsian_2020
Sap rba cplus_abac_datasheet_appsian_2020Appsian
 
Establishing CCPA Compliance in Legacy PeopleSoft Systems
Establishing CCPA Compliance in Legacy PeopleSoft SystemsEstablishing CCPA Compliance in Legacy PeopleSoft Systems
Establishing CCPA Compliance in Legacy PeopleSoft SystemsAppsian
 
Safeguarding PeopleSoft Against Direct Deposit Theft
Safeguarding PeopleSoft Against Direct Deposit TheftSafeguarding PeopleSoft Against Direct Deposit Theft
Safeguarding PeopleSoft Against Direct Deposit TheftAppsian
 
Enterprise GRC for PEoplesoft
Enterprise GRC for PEoplesoftEnterprise GRC for PEoplesoft
Enterprise GRC for PEoplesoftAppsian
 
Appsian360 For SAP and PeopleSoft
Appsian360 For SAP and PeopleSoftAppsian360 For SAP and PeopleSoft
Appsian360 For SAP and PeopleSoftAppsian
 
Peoplesoft Erp
Peoplesoft ErpPeoplesoft Erp
Peoplesoft ErpAppsian
 
Sap Grc Security
Sap Grc SecuritySap Grc Security
Sap Grc SecurityAppsian
 

More from Appsian (15)

Appsian payroll diversion_infographic
Appsian payroll diversion_infographicAppsian payroll diversion_infographic
Appsian payroll diversion_infographic
 
Appsian compliance risk_analytics_data_sheet(1)
Appsian compliance risk_analytics_data_sheet(1)Appsian compliance risk_analytics_data_sheet(1)
Appsian compliance risk_analytics_data_sheet(1)
 
Appsian securing mobile_ess_solution_brief
Appsian securing mobile_ess_solution_briefAppsian securing mobile_ess_solution_brief
Appsian securing mobile_ess_solution_brief
 
2020 content sap_solution_brief_saprecon
2020 content sap_solution_brief_saprecon2020 content sap_solution_brief_saprecon
2020 content sap_solution_brief_saprecon
 
Asp for sap_data_sheet___appsian_application_security_platform_2019
Asp for sap_data_sheet___appsian_application_security_platform_2019Asp for sap_data_sheet___appsian_application_security_platform_2019
Asp for sap_data_sheet___appsian_application_security_platform_2019
 
Appsian remote access_infographic
Appsian remote access_infographicAppsian remote access_infographic
Appsian remote access_infographic
 
Asp for sap_data_sheet___appsian_application_security_platform_2019
Asp for sap_data_sheet___appsian_application_security_platform_2019Asp for sap_data_sheet___appsian_application_security_platform_2019
Asp for sap_data_sheet___appsian_application_security_platform_2019
 
4. data security eb__1_
4. data security eb__1_4. data security eb__1_
4. data security eb__1_
 
Sap rba cplus_abac_datasheet_appsian_2020
Sap rba cplus_abac_datasheet_appsian_2020Sap rba cplus_abac_datasheet_appsian_2020
Sap rba cplus_abac_datasheet_appsian_2020
 
Establishing CCPA Compliance in Legacy PeopleSoft Systems
Establishing CCPA Compliance in Legacy PeopleSoft SystemsEstablishing CCPA Compliance in Legacy PeopleSoft Systems
Establishing CCPA Compliance in Legacy PeopleSoft Systems
 
Safeguarding PeopleSoft Against Direct Deposit Theft
Safeguarding PeopleSoft Against Direct Deposit TheftSafeguarding PeopleSoft Against Direct Deposit Theft
Safeguarding PeopleSoft Against Direct Deposit Theft
 
Enterprise GRC for PEoplesoft
Enterprise GRC for PEoplesoftEnterprise GRC for PEoplesoft
Enterprise GRC for PEoplesoft
 
Appsian360 For SAP and PeopleSoft
Appsian360 For SAP and PeopleSoftAppsian360 For SAP and PeopleSoft
Appsian360 For SAP and PeopleSoft
 
Peoplesoft Erp
Peoplesoft ErpPeoplesoft Erp
Peoplesoft Erp
 
Sap Grc Security
Sap Grc SecuritySap Grc Security
Sap Grc Security
 

Recently uploaded

Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...
Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...
Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...tanu pandey
 
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
Hot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night Stand
Hot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night StandHot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night Stand
Hot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night Standkumarajju5765
 
Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...
Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...
Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...Call Girls in Nagpur High Profile
 
Call Now ☎ 8264348440 !! Call Girls in Sarai Rohilla Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Sarai Rohilla Escort Service Delhi N.C.R.Call Now ☎ 8264348440 !! Call Girls in Sarai Rohilla Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Sarai Rohilla Escort Service Delhi N.C.R.soniya singh
 
Moving Beyond Twitter/X and Facebook - Social Media for local news providers
Moving Beyond Twitter/X and Facebook - Social Media for local news providersMoving Beyond Twitter/X and Facebook - Social Media for local news providers
Moving Beyond Twitter/X and Facebook - Social Media for local news providersDamian Radcliffe
 
INDIVIDUAL ASSIGNMENT #3 CBG, PRESENTATION.
INDIVIDUAL ASSIGNMENT #3 CBG, PRESENTATION.INDIVIDUAL ASSIGNMENT #3 CBG, PRESENTATION.
INDIVIDUAL ASSIGNMENT #3 CBG, PRESENTATION.CarlotaBedoya1
 
WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)
WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)
WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)Delhi Call girls
 
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...Delhi Call girls
 
Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...
Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...
Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...tanu pandey
 
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779Best VIP Call Girls Noida Sector 75 Call Me: 8448380779
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779Delhi Call girls
 
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRL
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRLLucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRL
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRLimonikaupta
 
(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...
(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...
(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...Escorts Call Girls
 
AWS Community DAY Albertini-Ellan Cloud Security (1).pptx
AWS Community DAY Albertini-Ellan Cloud Security (1).pptxAWS Community DAY Albertini-Ellan Cloud Security (1).pptx
AWS Community DAY Albertini-Ellan Cloud Security (1).pptxellan12
 
CALL ON ➥8923113531 🔝Call Girls Lucknow Lucknow best sexual service Online
CALL ON ➥8923113531 🔝Call Girls Lucknow Lucknow best sexual service OnlineCALL ON ➥8923113531 🔝Call Girls Lucknow Lucknow best sexual service Online
CALL ON ➥8923113531 🔝Call Girls Lucknow Lucknow best sexual service Onlineanilsa9823
 
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$kojalkojal131
 
Networking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOGNetworking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOGAPNIC
 
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call GirlVIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girladitipandeya
 

Recently uploaded (20)

Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...
Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...
Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...
 
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
 
Hot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night Stand
Hot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night StandHot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night Stand
Hot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night Stand
 
Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝
 
Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...
Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...
Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...
 
Call Now ☎ 8264348440 !! Call Girls in Sarai Rohilla Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Sarai Rohilla Escort Service Delhi N.C.R.Call Now ☎ 8264348440 !! Call Girls in Sarai Rohilla Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Sarai Rohilla Escort Service Delhi N.C.R.
 
Moving Beyond Twitter/X and Facebook - Social Media for local news providers
Moving Beyond Twitter/X and Facebook - Social Media for local news providersMoving Beyond Twitter/X and Facebook - Social Media for local news providers
Moving Beyond Twitter/X and Facebook - Social Media for local news providers
 
INDIVIDUAL ASSIGNMENT #3 CBG, PRESENTATION.
INDIVIDUAL ASSIGNMENT #3 CBG, PRESENTATION.INDIVIDUAL ASSIGNMENT #3 CBG, PRESENTATION.
INDIVIDUAL ASSIGNMENT #3 CBG, PRESENTATION.
 
WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)
WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)
WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)
 
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...
 
Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...
Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...
Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...
 
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779Best VIP Call Girls Noida Sector 75 Call Me: 8448380779
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779
 
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRL
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRLLucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRL
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRL
 
(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...
(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...
(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...
 
AWS Community DAY Albertini-Ellan Cloud Security (1).pptx
AWS Community DAY Albertini-Ellan Cloud Security (1).pptxAWS Community DAY Albertini-Ellan Cloud Security (1).pptx
AWS Community DAY Albertini-Ellan Cloud Security (1).pptx
 
CALL ON ➥8923113531 🔝Call Girls Lucknow Lucknow best sexual service Online
CALL ON ➥8923113531 🔝Call Girls Lucknow Lucknow best sexual service OnlineCALL ON ➥8923113531 🔝Call Girls Lucknow Lucknow best sexual service Online
CALL ON ➥8923113531 🔝Call Girls Lucknow Lucknow best sexual service Online
 
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
 
(INDIRA) Call Girl Pune Call Now 8250077686 Pune Escorts 24x7
(INDIRA) Call Girl Pune Call Now 8250077686 Pune Escorts 24x7(INDIRA) Call Girl Pune Call Now 8250077686 Pune Escorts 24x7
(INDIRA) Call Girl Pune Call Now 8250077686 Pune Escorts 24x7
 
Networking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOGNetworking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOG
 
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call GirlVIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
 

Peoplesoft Best Practices for Maintaining Security

  • 1. Exposing PeopleSoft Self-Service Applications to the Internet Best Practices for Maintaining Security SOLUTION BRIEF
  • 2. User engagement relies greatly on the ease of accessing information, the flexibility in fulfilling transactions, and the time taken in the process. To continue delivering efficiency for the modern workforce, Oracle has introduced the Fluid UI – a strategic step towards upgrading the PeopleSoft user experience by making transactions mobile-friendly. The Fluid page rollout is focused on enabling transactions that make the most sense for PeopleSoft customers/users. Self-service modules like benefits enrollment, time entry, approvals, student self-service, etc. have been prioritized so that users can fulfill tasks on their own time 1) without depending on access to a desktop computer or 2) having to divert time and focus from their primary responsibilities. Despite the benefits of mobilizing and opening applications for remote access, security ramifications are a major concern of most PeopleSoft customers. Rightfully so, since PeopleSoft applications house your organization’s most sensitive data including PII of students, employees, vendors and even job applicants. Expansion of access to sensitive data beyond a secure network perimeter also increases the risk of threats and more successful breaches. The proliferation of user-centric threats adds to the risk, as hackers increasingly target individual users and devices - leveraging the human-error factor to their advantage. So how do organizations maintain strict data security policies when access to PeopleSoft is available outside a secure corporate network? In this solution brief, we will discuss how organizations can achieve a secure remote access environment for PeopleSoft - using contextual access controls and fine-grained data security features. Abstract 2Exposing PeopleSoft Self-Service Applications to the Internet SOLUTION BRIEF
  • 3. The Evolution Of The Threat Landscape As enterprise applications are exposed to the public internet, organizations are experiencing a shift in their threat landscape. More and more successful enterprise data breaches are originating from the application level (accessed with valid credentials), completely circumventing the secure corporate networks that organizations rely on to keep sensitive data safe. • Recently there’s been a huge influx of phishing attacks. Despite training and awareness programs, employees continue to fall for phishing attacks. According to the 2019 State of the Phish report, 83% of global security respondents experienced phishing attacks in 2018, up from 76% in 2017. • In last two years the average number of incidents involving malicious insiders increased by 53% and 2019 is predicted to be the costliest year to date when it comes to malicious insider threats. • Black Hat’s Hacker Survey Report found that 73% of hackers say that traditional perimeter security firewalls and antivirus software are irrelevant or obsolete, and 85% of hackers named humans as most responsible for security breaches. It is evident that the focus of cybercrime has shifted from the network to end-users. Therefore, expanding access only increases the attack surface for cybercriminals and malicious insiders to exploit. Exposing PeopleSoft Self-Service Applications to the Internet 3 SOLUTION BRIEF As threats evolve organizations must improve their security posture. In addition to refining policies and procedures, new age security solutions such as contextual access control and fine-grained data security can significantly reduce the probability of user- centric breaches. By enforcing additional authentication measures, improving access controls, and gaining visibility into user actions, organizations can confidently roll out self-service functionality knowing that their PeopleSoft applications are secure. Best Practices And Recommendations Evaluate required security upgrades Expanding access for PeopleSoft self-service applications can have a great impact on workforce productivity, talent retention, and user satisfaction. As a result, organizations might be encouraged to fast-track an ESS rollout project. However, it is essential to evaluate the security concerns associated with remote access beforehand. An analysis of threat vectors, business needs, regulations, and the sensitivity level of your data assets is a vital step to achieving a secure PeopleSoft environment. To truly benefit from mobile and remote access capabilities, it is important that organizations evaluate the risks and strike a balance between convenience and data security.
  • 4. SOLUTION BRIEF Strengthen identity management Enhance ERP access controls Mask sensitive data fields With the rise in credential compromise caused by social engineering attacks and poor password management, PeopleSoft’s primary security model of Username & Password authentication is no longer an effective method on its own. It is important that organizations prioritize the use of an additional layer of identity authentication to validate access, especially from outside a secure corporate network. Organizations can implement multi-factor authentication (MFA) challenges to reduce successful access attempts in case valid user-credentials are compromised. In fact, according to the Black Hat hacker survey report, MFA has been considered as the top most ‘tough to beat’ feature by hackers. Deploying PeopleSoft self-service often includes expanding access to the public internet. By allowing access outside a secure corporate network, organizations expose themselves to new risks posed by cybercriminals and insiders alike. Equipping PeopleSoft with contextual access controls allow organizations to better align to the principal of least privilege, in turn, eliminating unnecessary privileges and drastically reducing user-centric risk. To reduce your remote attack surface, it is essential that organizations set restrictions and only allow bare minimum access for specific low-risk transactions. Data masking is a best practice for protecting sensitive data fields such as social security numbers, direct deposit information, patient ids and more from unnecessary exposure. By hiding records partially or fully, organizations can significantly reduce the risk of data theft. In the interest of added security, organizations must implement dynamic data masking governed by contextual information, so that even valid users are unable to access sensitive data remotely on personal devices. 4Exposing PeopleSoft Self-Service Applications to the Internet
  • 5. Build deep visibility into user activity Poor password practices negatively impact productivity and security efforts - No native SAML support Limitations of front door MFA In the context of self-service, organizations are opening themselves up to an entirely new scope of access. Rather than all activity coming from a single, trusted corporate network and uniform set of corporate devices, users are now accessing your sensitive PeopleSoft applications from thousands of unfamiliar end-points. This venture into the unknown requires deep visibility into user activity to be able to detect suspicious access. Additionally, building the capability to monitor, track and record user-actions on a granular level, along with the context of activity, organizations can facilitate logs for audits and regulatory reporting and allow security teams to discover, investigate, and respond to suspicious transactions promptly. Out-of-the-box, PeopleSoft’s native authentication is username and password based and does not enforce strong password policies. With multiple enterprise applications to access, employees tend to set up easy to remember passwords that are also easy to crack. To avoid the use of weak passwords, IT teams enforce mandates around setting up strong passwords which are difficult to remember, which leads to recurring password reset requests. Frequent password reset requests can result in users delaying or abandoning administrative transactions - defeating the purpose of making self- service mobile and available remotely. Organizations can rectify this by establishing a centralized authentication system or a Single Sign-on (SSO). However, PeopleSoft applications lack native SAML support - the widely accepted identity federation standard. As a result, PeopleSoft applications cannot connect with SAML supporting ID providers and are likely to be alienated from other enterprise applications. Most off-the-shelf SSO providers are unaware of this limitation and suggest custom development when faced with the roadblock during implementation/testing. A custom development is costly and time-consuming as it requires specialized knowledge, extensive development, and often the purchase of additional hardware. Most off-the-shelf MFA solutions are limited to login level only. While front-door MFA challenges can be effective in keeping malicious hackers out of PeopleSoft applications, they pose several constraints, i.e. lack of security against insider threats, and decreased employee productivity. 5 SOLUTION BRIEF Challenges Exposing PeopleSoft Self-Service Applications to the Internet
  • 6. While a login level MFA can protect your applications against external bad-actors, a malicious insider with the ability to successfully pass these challenges can still access, download, distribute, and potentially misuse PII for personal gains. Therefore, to fully leverage the benefits of MFA it is essential to extend the functionality to field, page and component levels. To enforce MFA challenges for high-risk transactions, organizations need to tie authentication policies with contextual information. However, traditional MFA solutions cannot integrate with PeopleSoft’s underlying rules. As a result, organizations are left with rigid rulesets and limited ability to configure MFA policies that meet their employees’ and business’ unique needs. The added disruption of recurring MFA challenges at login can avert users and impact engagement rates. Frequent MFA challenges can force users to avoid self-service transactions resulting in low engagement with critical HR/ administrative initiatives - eventually defeating the purpose of opening self- service for remote access. Since most self-service transactions are low-risk, organizations must focus on protecting high-risk transactions and sensitive fields. 6 - Login level MFA is ineffective for insider threats - Rigid rulesets - MFA fatigue impacts user engagement SOLUTION BRIEF Exposing PeopleSoft Self-Service Applications to the Internet
  • 7. 7 Static access control Limitations of native data masking Logging capabilities are not user-centric SOLUTION BRIEF PeopleSoft allows organizations to implement access controls based on static rules. User-roles or permission lists govern these restrictions, thereby allowing users to access all the sensitive information or nothing at all. With increased access from outside a secure network, organizations need more flexibility to control what users can access based on contextual information such as the location of access, user-privilege and more. For example - high-risk transactions such as financials, payroll, etc. must be blocked for external access despite the privilege level of a user. PeopleSoft’s existing data masking functionality is limited to Bank Account Number, Date of Birth and National ID. The native masking also depends on static, role-based rules; therefore, users who have the privilege to view sensitive data can view it all, no matter where they are accessing the application from. As a result, sensitive data fields are vulnerable to exposure if privilege user credentials are stolen or when privileged users download data on personal/home computers using queries. To ensure that data masking is effective for remote access, masking rules need to be contextually aware of where access is coming from and dynamically applied (inside or outside a secure corporate network). Out-of-the-box, PeopleSoft offers high-level logging designed primarily for debugging and troubleshooting. These logs do not provide information on what data was accessed or any details on the context of access such as who obtained it, when, or from where. However, with the rise in user-centric threats, contextual information tied to user activity logging becomes instrumental in monitoring, reporting, and incident response – especially when the scope of access is expanded beyond a secure network firewall. Appsian’s Application Security Platform (ASP) addresses end-to-end PeopleSoft security requirements that come with the expansion of access. Uniquely designed for PeopleSoft, ASP provides security features that are contextually aware and deploys defenses based on user privilege, business requirements, and the sensitive nature of the data/transactions. ASP plugs into your PeopleSoft web server and enhances the security of your applications, without impacting user experience or requiring additional customization efforts and hardware. Solution Exposing PeopleSoft Self-Service Applications to the Internet
  • 8. SOLUTION BRIEF Dynamic Access Controls Contextual MFA with field-level data protection ASP allows customers to establish dynamic access controls based on contextual attributes such as the location of access, IP address, user privilege and nature of a transaction. Customers can set restrictions for specific modules or transactions, or prompt users with MFA-gated checkpoints when an access attempt is made from outside a secure corporate network. Organizations can also entirely block high-risk transactions from remote locations while still allowing access to low-risk transactions such as benefits enrollment, time-entry, expenses, approvals and more. Appsian’s MFA solution allows organizations to enforce identity challenges at the field, page, and component levels in PeopleSoft. It is the only solution of its kind that enables IT teams to create contextual rules based on PeopleSoft artifacts and user attributes such as user id, location, IP address, privileges, data sensitivity and more. With ASP’s contextual MFA in place, users can be challenged to reconfirm their identity (using a voice call, OTP, or push notifications) when attempting to view sensitive records or perform high-risk transactions. By using the context of access to enforce MFA challenges, ASP matches the level of risk to the appropriate level of security. This approach maintains robust security while avoiding arbitrary security measures that plague user productivity and engagement. For example, enforcing more robust MFA policies when a user is requesting access from a coffee shop versus at the office. 8Exposing PeopleSoft Self-Service Applications to the Internet
  • 9. 9 Dynamic Data Masking Single Sign-On Logging and Analytics SOLUTION BRIEF ASP allows organizations to enforce dynamic data masking policies to mask or redact any field in PeopleSoft. Using the context of access and data attributes, organizations can implement full-field, partial-field, and click-to-view masking to ensure that only authorized users who need to see data can see it, and only when they should. Coupled with ASP’s field-level MFA, data masking can also be utilized to provide conditional access to allow users to view specific data fields by performing an identity authentication challenge. Additionally, using a click-to-view functionality, organizations can efficiently track access to sensitive data records and trace back on user activity in case of a suspicious transaction. Appsian’s PeopleSoft SSO Connector is the only solution that sits natively within the web server and allows PeopleSoft to support SAML technology; thus, enabling organizations to use SAML-based identity providers for authentication with PeopleSoft applications. By removing the hassle of managing multiple passwords, PeopleSoft SSO reduces the burden on IT teams and makes password management easier. It also empowers users to transition between all enterprise applications, including PeopleSoft, with one strong set of credentials - improving usability and boosting employee engagement. Appsian’s Application Security Platform (ASP) enables granular logging and user activity monitoring for PeopleSoft. ASP allows customers to capture user activity data paired with contextual user information such as device, location, IP address, etc. The transaction level data is recorded in a structured format that can efficiently highlight malicious events, provide actionable data for incident response, and offers ready-to-use audit and compliance reports. With a click-to- view feature, all activity involving sensitive data can then be tagged with the corresponding user role, IP, location, and time of access. Additionally, with ASP’s Real-Time Analytics, these detailed logs can be further visualized on Splunk leveraged dashboards to highlight trends and patterns in user activity and data usage for enhanced data discovery and exploration. Mobile self-service transactions offer an abundance of convenience and flexibility for both users and administrators. Leveraging remote and flexible working that frees users from fixed office and desk environments, organizations can significantly boost productivity, reduce turnaround time, and save associated costs. To manage the increased access surface and the corresponding risk to data assets, organizations must build a proactive security strategy. Application security efforts can be maximized by implementing multiple layers of contextual controls aimed at enhancing visibility, strengthening user authentication and improving governance. While adding fine-grained security features such as data masking, least privilege, MFA, etc. can allow organizations to avoid certain risk vectors upfront, visibility into user activity can allow faster incident response for malicious events and their aftereffects. Conclusion Exposing PeopleSoft Self-Service Applications to the Internet
  • 10. 8111 Lyndon B Johnson Fwy. Dallas, TX 75251 (469) 906-2100 © Appsian 2019 info@appsian.com