Cats & dogs, oil & water…
Apparently, these groups don’t get along. You can definitely add Security Admins & Business Users to that list. The reasons are (sort of) obvious, but only if you point them out. Simply put, one group restricts access and the other group demands access. I understand this is an over-simplification. At the end of the day, if user or corporate data is compromised, everyone gets upset. However, from a tactical standpoint, these two groups are trying to accomplish goals simultaneously and inevitably get in each other’s way.
The friction between business users and security policies typically occurs during the authentication process. For example, when a user is asked to enter login credentials or go through an MFA challenge. While this may seem innocuous, it should be noted that friction (over time) builds and builds – and if a user does not see the benefits in the extra authentication step(s), they are likely to abandon whatever business transaction they’re trying to access. And, abandonment certainly does not promote productivity!
…and, here in lies the true conflict between security and productivity
Securing data that resides in ERP applications has all the makings of a classic conflict between security and business user productivity. All the security focus is on login screen authentication – and traditional, on-premise ERP applications (SAP, PeopleSoft, Oracle EBS) are filled with sensitive data with limited ways to implement fine-grained controls. The result is Security Admins have no choice but to be overly-strict with their security policies (ex. requiring MFA at each login) – causing users to push back and possibly abandon critical business transactions.
This is where Appsian comes in… enabling adaptive multi-factor authentication (MFA)
Appsian enables organizations to implement adaptive, data-centric ERP security policies. Meaning, if fine-grained control is what you’re looking to accomplish – then, Appsian gives you the ability to align specific security policies to specific data elements/transactions. Being specific mitigates user friction, and here is why…
Not all sessions/transactions are risky
Question: Should you have to pass an MFA challenge if you’re working on your company-issued computer and logged on to your corporate network? What is the likelihood the context of that access is fraudulent?
Users appreciate when risk level aligns with security measures
Users don’t like their data compromised either, and when they are executing transactions that are deemed ‘high risk’ (ex. change direct deposit, update benefits, update W-4) a user should expect stepped-up security challenges.
When security aligns to the context of access – security and business policies live in harmony!
It’s corny, but its true. By aligning security to specific data elements and transactions, business processes and security policies become aligned and everyone gets what they want. Users are only challenged when necessary and Security Admins can feel their polices are properly focused.
Users can be fully productive and feel confident their data is safe and secure. True love!
Want to learn more about implementing adaptive MFA for ERP systems? Then Let’s Talk!