Making transactions mobile-friendly is a strategic move toward improving the PeopleSoft application’s user experience. Companies emphasize remote access to self-service modules such as registration of benefits, time entry, permissions, and self-service for students to complete assignments in their own time and even on their own computers.
Despite the advantages of mobilizing and opening remote access applications for PeopleSoft, security implications are serious concerns. Expanding access to confidential data beyond a protected perimeter of the corporate network raises the likelihood of attacks and more successful data breaches. As hackers are increasingly targeting individual users and devices – using the human-error factor to their advantage, the emergence of user-centric threats also adds to the risk.
No Native Support for SAML
Native SAML support for PeopleSoft applications is lacking. Consequently, PeopleSoft applications cannot connect to ID providers supporting SAML and are likely to be alienated from other business applications. This restriction is not known to most off-the-shelf SSO providers, and they often suggest custom production, which is expensive, time-consuming, and usually requires the purchase of additional hardware.
Static Native Access Controls
PeopleSoft helps organizations to enforce static rules-based role-based access controls (RBACs). With expanded remote access from beyond a secure network, organizations need more flexibility to monitor and regulate, based on contextual information, what users can access. While authorizing access, RBAC cannot use dynamic information such as company code, project ID, IP address, location, device type, etc.
MFA Limitations at Login Page
The primary security model of username & password authentication by PeopleSoft is limited to the login of an application-a restriction that still persists with MFA add-ons from third parties. You have no means of protecting the data through your PeopleSoft applications after a user passes a login. This security control gap means that a high privilege malicious insider might log in and then have access to your PeopleSoft systems and data.
Out of the box, PeopleSoft provides high-level logging, particularly designed for debugging and troubleshooting. These logs do not provide information about what data was accessed, nor do they provide any information on the access context, such as who, where, or when it was collected. Besides, PeopleSoft cannot track, record, or control user behavior and the behavior at a granular level.
Limited Data Masking
The current functionality of PeopleSoft’s data masking is restricted and relies on static rules based on roles. That ensures that users who have the privilege of accessing confidential data, regardless of where they access the application, can see it all. Consequently, sensitive data fields are exposed when user privilege credentials are stolen or when privileged users download data using queries on personal / home computers.
Your ERP investment offers considerable ROI over its lifetime. Expanding remote access and allowing mobile transactions is the best way to ensure that your users stay efficient to optimize your investment. Organizations can secure their ERP data with a data security solution that delivers a comprehensive suite of access controls and fine-grained security features. Such a solution should, ideally, offer the following capabilities:
It should let you take advantage of the access context and apply the permissions accordingly. If users access a protected network or the open internet, you can determine precisely what they can view and what transactions they can perform.
With such a security solution, you can have MFA challenges dynamically deployed based on the access context. For example, when a user accesses PeopleSoft from a remote IP address, or after business hours, customers can request an MFA challenge. The disturbance of the MFA can be minimized by this versatility, as the risk level can be matched with the security threat.
Logging & Analytics
The ideal solution should allow, for PeopleSoft, granular logging and user activity tracking. It should enable clients to collect user activity data coupled with contextual user information, including location, device, IP address, etc. The transaction-level information should be captured in a standardized format that can illustrate malicious incidents, provide actionable data required for incident response, and should provide audit and compliance reports that are ready-to-use.