Analytics has always been necessary to inform ERP data security policies. In this everybody-works-from-home scenario, with function leaders scrambling toachieve oversight and accountability,it has become more relevant than ever before.Businesses across the globe use applications such as PeopleSoft and SAP;therefore, strong ERP app management techniques are essential. With organizations embracing visibility solutions – what are the most relevant information to capture?
Capture Who, Where?
Flashback to the good old days of February 2020 when articles revealed the trend of work-from-home, remote access to your ERP program, and transactionsaccessible on the internet would one day become the ‘new normal’.Ah, excellent times!
Then COVID-19 happened, and in a matter of days, remote work went from being a growing trend to a hardcore reality. System administrators collaborated with managers to develop new or modified work-from-home policies that decide the who, what, when, where, and how of staffs’ access to ERP data. Indeed, good times.
Let’s break down this information.
1. Who – Details of Users Accessing Data
Even if your user authentication methods are powerful (e.g., multi-factor authentication leverage), you will still have security issues, particularly with high-privilege user accounts. Reducing your visibility efforts on high-privilege user activity allows you to focus on statements. This can cause severe damage (when corrupted or misused). For example, your organization could be global (with multi-country ERP access), but your high-privilege users may primarily be residing near your home base. High-privilege access outside this IP range may be an early sign of unauthorized activity.
2. What – Details of Data Accessed
What are the highly sensitive data fields you want to watch closely? Application-level logging fails to show exactly what a user has accessed. Ultimately, however, these details are the most important. If you don’t have visibility in precisely what a user has accessed, a significant part of the data security puzzle is missing.
3. Where – Location Where a User Accesses Data
Location often can be a leading indicator of unauthorized activity. This strategy can be expanded, primarily if you’re operating in a vertical that typically doesn’t require global access (e.g., higher education, healthcare, state & local government, etc.). Whether it’s a sudden influx of Chinese authentication requests or one-off access from a European country, location data is essential to ERP user monitoring.
4. When – Day and Time of Data Access
Due to stay-at-home orders, regular 9 to 5 timing of work does not apply when users (potentially) deal with kids or distractions. Introducing laws limiting transactionsexecuted outside business hours is an agile way organizations can improve oversight, but how canthey enforce it on a scale? Hour-long monitoring-while not a visible indicator of a problem-is a solid baseline primarily if hourly employees perform most ERP processing activities.
5. How – Data Access System Form
One of the hardest obstacles in the fast deployment of remote ERP access is getting an inventory of all the devices employees will use. Even if everyone has a company-issued device, you’re bound to see unauthorized devices accessing your system (mobile phone, tablet, a personal workstation, laptop, etc.). Knowing exactly what these devices access (or possibly download) is extremely important to prevent data loss.
ERP Data Security Decisions Help Real-time User Activity Monitoring
The Appsian Analytics Console gives you a 360-degree view of what’s happening around your ERP results. From there, you can map a tailored incident response before harm is catastrophic, affecting your ERP data protection policy.
Some additional examples of ERP data protection initiatives are:
- Enabling adaptive authentication policies that deploy additional access-based authentication challenges
- Restricting specific (partial or full) transactions from unwanted locations
- Masking any field (partial or full)
Appsian enables organizations to increase control and visibility over business data. Easing the anxiety of allowing remote access to ERP, Appsian can help you make the rapid changes (average go-live in 2 weeks) needed to manage and mitigate risk. Request a demo of the Appsian Analytics Console today!