With the workforce disruption caused by Coronavirus (COVID-19),enabling remote access to ERP applications like Oracle PeopleSoft has become a business requirement. This has resulted in organizations that fear disruptions to business continuity, rushing to scope additional security solutions. Many are turning to the early adopters of remote PeopleSoft access to better understand the gaps in PeopleSoft’s security model, the implications of exposure to the internet, and the mitigation steps required to maintain security.
Hackensack Meridian Health (HMH), identified authentication vulnerabilities in PeopleSoft’s username and password security model:
Thus, resulting in the scoping of a Single Sign-On and Multi-Factor Authentication (MFA) project. Both solutions required a Security Assertion Markup Language (SAML) integration with HMH’s respective identity provider, Duo Security. The project enabled hospital staff to quickly access business-critical functions, including medical supply ordering, scheduling, and billing. All of which had a positive impact on HMH’s ability to take care of their patients. The project resulted in HMH winning Oracle Innovator Awards in 2018 and 2019.
Cornell University wanted to enhance the logging capability for PeopleSoft Campus Solutions:
Their goal was to record user activity while performing various transactions to improve security and incident response. Cornell University proceeded to scope solutions that would enhance their visibility without hindering system performance. Once a 3rd party logging solution was installed, Cornell University was enabled to allow access to remote students, employee and staff while maintaining granular levels of visibility. This proved critical when subsequent security incidents required rapid investigation.
The State of North Dakota identified the need to enable remote access to employees state-wide:
IT leaders sought to equip PeopleSoft Human Capital Management (HCM) and Financials with advanced features to dynamically limit data exposure and increase visibility of user activity. After deploying a 3rd party solution for dynamic data masking and location-based security, the State of North Dakota was able to accurately align the risk level of user access with the exposure of sensitive data. Providing a clear path to enable secure, remote access to users.
With COVID-19 creating a myriad of questions and concerns for business leaders, PeopleSoft customers are encouraged to approach remote access projects carefully.
Let us know if we can help enable your journey. Contact us today!