Analytics, Security

5 Types of Insider Threats and How to Detect Them in Your ERP System

By Michael Cunningham • December 9, 2020

While the majority of data breaches are from insider threats—a startling 57% according to the Verizon Insider Threat Report—many organizations overlook these internal dangers. Whether careless or malicious, employee, partner, or contractor, insider threats are difficult to spot and often go undetected in your ERP system for months or years. 

Insider threats can be particularly dangerous for organizations using legacy ERP systems, such as SAP, PeopleSoft, and Oracle EBS. The primary issue is that most security teams struggle to determine the difference between regular user activity and anomalous activity indicating an insider attack. What makes insider threats especially dangerous is that insiders usually know how to find and access sensitive data and sometimes have a privileged (or over-privileged) account. 

5 Types of Insider Threats in Your ERP System

First, a quick refresh: An insider threat occurs when the insider (user) maliciously or unintentionally misuses their access to negatively affect or harm the business. Not all insiders are disgruntled employees, and their motivations, intent, and access levels vary. Regardless of who they are, an insider who is intentionally or unintentionally violating a business or security policy can inflict plenty of damage. 

Insider threats come in all shapes and sizes and display different behaviors you can leverage for detection and preventionHere are five categories of insider threats that our ERP customers are most likely to encounter: The Careless Worker, the Arrogant Insider, the Disgruntled Employee, the Malicious Insider, and the Irresponsible Vendor.  

The Careless Worker 

These are employees or partners whose actions are inappropriate as opposed to malicious. They will unintentionally break acceptable use policies, mishandle data, and install unauthorized applications, etc. The Careless Worker ignores security awareness training and best practices, making them likely to be the one that falls for a phishing scam and having their account compromised by a hacker.  

The Arrogant Insider 

Arrogant Insiders are employees who do not act with malicious intent but believe they are exempt from security policies. They will take deliberate and potentially harmful actions, such as using unapproved workarounds or transferring potentially sensitive information to cloud storage accounts for easy access. These actions leave vulnerable data and resources unserved and vulnerable to hackers. 

The Disgruntled Employee 

Disgruntled Employee is not happy or feels disrespected in some way and willfully disregards data privacy and security protocols to commit deliberate sabotage or intellectual property theft. For example, using access to leak executive compensation data and cause negative publicity. Disgruntled Employees are especially dangerous and probably the hardest ones to detect because they have elevated levels of privilege.    

The Malicious Insider 

The Malicious Insider is an actor with access to corporate assets who uses existing privileges to exfiltrate data or commit other malicious acts with the goal of financial rewards or further personal gainsA Malicious Insider can result from a compromised account caused by a Careless Worker or a Disgruntled Employee who has gone beyond accessing intellectual property and into theft or fraud.   

The Irresponsible Contractor 

The Irresponsible Contractor compromises security through negligence, misuse, or malicious access to or use of an asset. They are contract workers and temporary employees who are given access like a full-time employee. Sometimes, depending on how an organization assigns roles, they might have more privileges than the job requires. 

How to Detect Insider Threats: Know Your Users. Know Your Data.  

When an insider uses a legitimate login profile to move about your ERP system, telling the difference between regular activity and harmful activity often prevents rapid detection. In fact, a recent report from Ponemon indicates that the average time to detect and contain an insider threat incident is 77 days.  

The number one way to detect anomalous activity is by closely monitoring user behavior around data access and usage. Put another way; you’re looking to identify the context of the access and usage: the who, what, where, when, how, and, ultimately, the why.  

Far too often, user behavior is a mystery, resulting in security, fraud, theft, and business policy violations. Specifically, a lack of context around how, when, and by whom transactions and data fields are being accessed. To gain this insight, you need an advanced analytics platform specifically designed to display granular levels of ERP data access & usage. Like Appsian360 

Context of User Access and Data Usage with Appsian360 

With Appsian360, security and compliance leaders can drill into specific data access and know exactly who is doing what, where, and why. With that level of in-depth, contextual information, any red flag incidents can undergo a rapid response plan. With Appsian360, you can: 

  • Identify when a Careless Worker falls victim to a phishing attack by setting up a dashboard that tracks location-based access. If a legitimate user account suddenly starts accessing your ERP system from outside the United States, for example, you can begin an investigation into other activity by that account. 
  • Closely monitor the activity around sensitive reports and queries and ensure that data is not being exfiltrated in bulk by unauthorized users or offboarding employees, such as Arrogant Insiders.  
  • Monitor high-risk data activity for unusual behavior. For example, a Disgruntled Employee with access to compensation data needs that ability to their job. However, you can track the number of times a user accesses that data during the day or outside of business hours. Instead of asking “if” a person should have access to that data, you can track how often and when that data is accessed. 
  • Track a variety of user access data points when it comes to detecting a Malicious Insider. Since this is usually a compromised account, you can set dashboards to track after-hours access, mobile phone access, strange IP address access, and access from a foreign country. All signs that a legitimate account has been compromised. 
  • Apply a prefix to the username of any outside Irresponsible Contractor or temporary worker to fully track their data access and usage inside your ERP system.  

Close the Visibility Gap to Detect Insider Threats 

The unfortunate reality of ERP applications like PeopleSoft and SAP is that they lack the ability to provide actionable insights into user activity, creating many blind spots for detecting insider threat behavior. Fortunately, organizations using Appsian360 can detect and defend against insider threats by monitoring data access and usage at a granular level that was previously unavailable.  

Want to see a demonstration of how Appsian can help your organization detect insider threats? Contact us to chat with an Appsian security expert today. 

Stay Updated

Analytics

Using Advanced Analytics to Improve ERP System Performance

By Michael Cunningham • November 6, 2020

Improve ERP System Performance with Real-Time Data Access & Usage Visibility  

Your ERP system is a complex ecosystem with multiple deployments, serving hundreds to thousands of users. All of which are processing batch jobs, completing transactions, and performing daily functions that are the lifeblood for operations. Sitting at the center of this ecosystem is your system administrators, who oversee monitoring and maintaining the ERP system’s overall health and performance.  

Factors Driving up Administration Complexity 

In many ERP deployments, integrations with application and web servers, along with other external systems are common. Further increasing complexity is that each has its own set of monitoring tools to determine the quality of service they are delivering. This fragmented approach can make it challenging to identify and resolve ERP system performance issues. Now there’s a tool that allows you to focus exclusively on the health of your ERP system: Appsian360

How Appsian360 Reduces Complexity 

Appsian360 focuses squarely on ERP-specific performance metrics that allow you to quickly isolate and identify performance issues: 

  • Average Page Load Time 
  • Top 10 Components Accessed 
  • Average Page Load Time by Application 
  • Pages Accessed by Device Type 
  • Page Access Count and Average Page Load Time 
  • Top 10 Underperforming Pages 

Appsian360 is also capturing real-time data access and usage information that provide a clear narrative around how user traffic is affecting system performance. It can also be used to combat security threats or uncover fraud. 

Organization-Wide ERP System Performance at a Glance 

Now you have information at your fingertips that allow you to become proactive about system degradation, rather than reactive and relying on users to report the issues to you. Fixing slowness issues ahead of time might also prevent more serious problems like data corruption, which lead to time lost across the whole enterprise. 

You can also focus on application performance across office locations and by hardware. For example: 

  • Average Page Load Time by Country 
  • Average Page Load Time by Location (looks like office locations) 
  • Average Page Load Time by IP [Address] 
  • Average Page Load Time by Web Server 
  • Average Page Load Time by App Server 

If your offices are spread across the globe, for example, in America, India, and New Zealand, you can examine the Average Page Load Time by Country. Just by looking at a map, you can see that maybe one of the offices in India is running slow while the other is performing within normal speeds. You can contact the appropriate IT team in that office to investigate. 

Resolving Individual Issues Within Minutes 

Raise your hand if a user has ever contacted you with, “Oh, the system is really slow today.” It’s a common yet frustrating reality for sys admins because it lacks context. Is the performance slow just for that one person or for everybody? Is the performance issue for a single component or an entire application?  

Without Appsian360, your team has few resources to resolve this issue. For example, the resources available to you might include: 

  • The user description of the problem 
  • You can try to replicate what the user was accessing or viewing 
  • You might need to even visit the user’s office location and check the device 
  • Maybe it’s related to a time of day, etc.  
  • Based on this information, you can try to replicate the issue.  
  • Finally, you might have access to database monitoring tools to give you an idea of how individual queries are performing. However, this is a piecemeal approach and lacks insight into the actual ERP system performance as a whole. 

Resolving these system performance issues manually could take hours or days to resolve. With Appsian360, you can drill into a particular IP address and get details on a user’s individual access in the system, and you can drill-down into the context you need to create actionable insights. For example, you can view the user’s Average Page Load Time by Application. Now you can holistically look at those transaction sets together to see how they’re affecting your system and the users working within the system. 

Drilling down a bit further, you can look at the Top 10 Underperforming Pages. Now you’re getting more granular with your detective work to see if a specific page is performing slowly. In a matter of minutes and just a few clicks, a system admin can diagnose a system performance issue and put into place an action plan to resolve the issue.  

The Proactive Approach to ERP System Performance  

The regular duties of an ERP system administrator include making sure that the system is performing to its maximum ability and resolving any issues and problems the users might have. They’re also trying to resolve system performance issues before people complain there is a problem. Because when the ERP system performance deteriorates, productivity suffers, employee morale declines, and the company’s bottom line is negatively impacted. 

Contact us today to learn how Appsian360 can transform your IT team into proactive ERP application administrators and keep your ERP system running at peak performance levels.  

Stay Updated

Analytics, Security

How Does Appsian Work with SAP GRC Access Control?

By Rajesh Rengarethinam • August 20, 2020

At the SAPinsider 2020 virtual conference experience, one of our product demo attendees asked how Appsian works with SAP GRC Access Control. We get this question a lot as SAP security and system professionals explore adding attribute-based access controls (ABAC) to the native SAP role-based access controls (RBAC) to streamline and strengthen access policy management and enforcement. Sometimes there is confusion about whether ABAC is enhancing or replacing their RBAC. Let’s take a quick look at how Appsian’s ABAC works with and enhances SAP GRC Access Control.  

What is SAP GRC Access Control 

Organizations use SAP Governance, Risk, and Compliance (SAP GRC) to manage regulations and compliance and remove any risk in managing critical operations. One of the SAP GRC modules that helps organizations meet data security and authorization standards is SAP GRC Access Control. This module ensures that the right access is given to the right people with RBAC. It uses templates and workflow-driven access requests and approvals to streamline the process of managing and validating user access and provisioning. Without SAP GRC, for comparison, a person is creating all the roles from scratch and assigning privileges to them.

Appsian Enhances SAP GRC with Attribute-Based Access Controls 

Appsian combines the SAP GRC role-based access controls with an attribute-based access control solution that delivers an ABAC + RBAC hybrid approach. This enhanced approach enables granular control and visibility that delivers a wide range of business benefits and lets you deploy data-centric security policies that leverage the context of access to reduce risk.  

Appsian overcomes the limitations of traditional RBAC, allowing you to fully align SAP security policies with the objectives of your business and streamline audits and compliance. 

As you can see in this illustration, ABAC begins the moment users start to access data and transactions. Where RBAC assigns access based specific roles, ABAC considers the context of access (who, what, where, when, and how) before allowing access to transactions or data. Customers can set up additional rules that allow conditional access, for example, masking specific data fields or limiting the number of transactions after a particular time of day) or entirely denying access based on factors such as an unknown IP address. 

Real-Time Analytics for SAP Security & Risk Management 

With Appsian360, our real-time analytics and reporting tool, Appsian can enhance the SAP GRC reporting capabilities with direct, real-time visibility into transaction usage, violations, and compliance risk. Additionally, customers can: 

  1. Monitor transaction usage, master data changes, and SoD violations 
  2. View actual SoD violations with user, data, and transaction correlation 
  3. Segment reports by user/data attributes 
  4. Drill down into end-user usage events 

Appsian360 provides analytical reports to drill down into end-user usage events to capture business risks and anomalies, and usage events that tie back to compliance risks.  

The ABAC + RBAC Hybrid Approach to SAP GRC Access Control 

By combining data-centric security capabilities with attribute-based policies, Appsian extends and enhances the existing SAP GRC internal access controls and improves the reporting and auditing capabilities. 

Contact us today and schedule a demo to see how Appsian can help you enforce access controls beyond the standard RBAC model of SAP. 

Stay Updated

Analytics, Security

Monitoring High Privileged User Activity in PeopleSoft and SAP Using Appsian360

By Michael Cunningham • August 11, 2020

We are in the midst of a perfect storm of ERP security calamity: the greatest work from home experiment colliding with historic levels of employee churn and unemployment. Hackers are exploiting the situation by launching phishing, spear-phishing, and other social engineering attacks at remote workers to gain access to privileged user accounts and email passwords.   

The increased threat surface and hacker activity mandate that companies deploy a strong security posture at the identity perimeter, using tools such as virtual private networks (VPN) and adaptable multi-factor authentication (MFA). However, limiting security to user access and authentication can leave organizations at risk of malicious activity when, not if, a privileged user account is compromised.   

Unfortunately, today’s legacy on-premise SAP and PeopleSoft systems simply do not provide organizations the granular visibility and context of user access and data usage they need in real-time to make proactive and strategic decisions. This lack of visibility and reliance on static controls to ensure your most critical data isn’t compromised means that many organizations are flying blind.  

Monitoring Privileged User Activity Must Be Part of a Strong Security Posture   

The issue with traditional ERP logging and analytics is that it focuses on troubleshooting errors and scanning for broad system vulnerabilities. They were not designed for understanding user behavior, data access, and usage. In addition to ensuring a strict authentication process, companies need to layer in the ability to monitor privileged user activity continuously.   

Using a layered-defense approach, organizations can proactively mitigate many of the risks associated with the increased interest in corporate networks and user accounts. A strict authentication process on its own is no longer acceptable. Actively monitoring privileged account activity is a critical way of identifying that an external threat has entered the network, compromised an account, and is ultimately engaged in fraud or theft.   

Granular Privileged User Activity to Monitor  

Organizations can set fine-grained access controls all day long. For example, organizations may be able to apply time-based ABAC for standard users, since the general human resources employee likely works during daytime hours, and you have visibility into which user accessed an application. Unfortunately, if you do not have a granular-level view into precisely what a user accessed, then you are missing a significant part of the data security puzzle.  

I’m sure you can think of a list of all Tier 1, highly sensitive data fields you want to watch closely. A shortlist includes C-suite salary information, social security numbers, bank account information, national ID number, passport number, visa permit number, driver’s license number, etc.   

Continuously monitoring privileged user activity and behavior at the granular level provides valuable visibility into how users engage with data and what they do with their access. For example, application-level logging can’t track or show you if a hacker or malicious insider changes employee direct deposit information to route that week’s payroll run into an offshore account. Only field-level logging can show you how much “over access” users may have or if they are engaged in irregular activity.  

With this information, organizations can review whether a certain activity was necessary and document the findings. By tracking the activity back to the user, the organization proves governance and proactively protects data.  

Appsian360: Monitor ERP Activity for High Privilege Users  

Using Appsian360 to monitor privileged user activity, you get a 360-degree view of what is happening around your ERP data as well as full visibility into exactly how your ERP data is being accessed – by whom, from where, on what, and why. From there, you can map out a targeted incident response before damages become catastrophic.   

Your organization needs to be in a constant and vigilant state of security when it comes to monitoring privileged user account activity, especially in these times of excessive employee churn and remote access. Unfortunately, doing so in your ERP system is a manual process that needs to be addressed frequently.  

Request a demo of Appsian360 to see for yourself how your organization can actively monitor privileged user activity and mitigate the risks associated with a compromised account or malicious insider. 

Stay Updated

Security

Protecting ERP Data from Application Vulnerabilities Using A Multi-Layered Security Approach

By Michael Cunningham • August 6, 2020

You spend countless hours, not to mention considerable money, to secure your SAP and Oracle ERP data. One day, you discover that cybercriminals have exposed a vulnerability using an application misconfiguration. This has become increasingly common as criminals seek methods to covertly infiltrate applications to gain access to thousands of employee records. 

This situation happened to Microsoft in December 2019 and didn’t generate the kind of headlines usually associated with data breaches. This was simply a human error. But these kinds of human errors and misconfigurations are one way that hackers can gain a foothold into your SAP or PeopleSoft ERP system. Now the question is, how are you going to protect your data after an attacker side-stepped your perimeter defenses? 

Misconfiguration is the Fastest Growing Security Risk 

According to the 2020 Verizon Data Breach Investigations Report, misconfiguration errors (failing to implement all security controls) are up 4.9% from last year’s report and are the fastest-growing risk to web applications. It’s easy to apply this kind of risk to legacy ERP systems because SAP and PeopleSoft environments often consist of millions of lines of custom code and custom-built components communicating with each other and to external systems through various APIs and interfaces bolted together over time. 

On top of that, you’re dealing with an abundance of changes to roles, configurations, access controls, and compliance protocols to accommodate new business processes and evolving data privacy policies. If companies are not analyzing and monitoring the underlying security implications of all these changes and movement, they’re bound to face a similar situation as Microsoft with a backdoor left unlocked for any hacker to stroll through. 

Finally, don’t forget that many organizations simply do not stay current with system updates and security patches. According to the Data Breach Investigations Report, only half of the vulnerabilities are patched within three months after discovery, leaving companies exposed to attacks against known exploits.  

The Multi-Layered ERP Data Security Approach 

The growing complexity of SAP and PeopleSoft environments make securing ERP data an enormous challenge. To prevent inadvertent exposures from misconfiguration, Greg Wendt, executive director of Appsian, suggests that companies “must adopt a multi-layered security approach with dynamic security tools that can monitor user access in real-time, providing transparency over what data is accessed and by whom.”  

This multi-layered approach includes masking sensitive data, verifying identity via multi-factor authentication (MFA), and enhanced logging and analytics. Appsian adds layers of security WITHIN your ERP system to help ensure your data is still protected when a hacker strolls past your perimeter defenses, thanks to a misconfiguration. 

Dynamic Data Masking provides contextual masking policies that adapt to the context of access. That means when a hacker attempts to access sensitive data fields but doesn’t match key attributes such as user ID, privilege, device, location, or IP address, they will encounter full, partial, click-to-view masking or complete redaction of the data field. 

Adaptive MFA ensures that contextual attributes (ex. device, network, location) are the determining factor for deploying MFA challenges. For example, customers can require an MFA challenge when a user account is accessing the system from a remote IP address or after business hours.  

Enhanced Logging and Analytics with Appsian360 allow you to monitor your networks for suspicious activity and provide detailed insights regarding how, when, and by whom transactions and data fields are being accessed. This visibility is particularly important for identifying users with high-privilege access who are accessing pages they shouldn’t be. The enhanced logging can trace all the pages a user accessed during a session, helping to identify a potential intrusion. This kind of real-time data access and usage visibility was previously unavailable to SAP and Oracle ERP customers. 

Eyes and Ears on the Entire ERP Data Ecosystem at All Times  

“The enterprise must learn to have eyes and ears on their entire data ecosystem at all times,” said Wendt. Microsoft’s recent data breach due to misconfiguration highlights the importance of a security strategy that continuously looks for misconfigurations and compliance violations. Next, they should establish a multi-layered security approach to prevent unauthorized data access, along with enabling organizations with the ability to identify access trends that may be indicative of incorrect access controls. 

Misconfigurations are, unfortunately, a common error and should be treated with the same sense of urgency and level of effort by security professionals as their network perimeter. After all, not all attacks are external. 

Contact us today to learn how the Appsian Security Platform and Appsian360 can help you establish a multi-layered security solution. 

Stay Updated

Security

When it Comes to ERP Data Security, Context (of Access) Matters – Appsian360 Can Help!

By Michael Cunningham • July 28, 2020

Organizations using traditional, on-premise ERP applications like SAP ECC and Oracle PeopleSoft are facing a rapidly changing reality around the collection, storage, and usage of data. Aside from the growing number of compliance regulations they need to follow, such as GDRP, CCPA, and others, they face critical visibility gaps related (explicitly) to understanding ERP data access & usage.  Especially at a fine-grained level.

This lack of visibility is exacerbated by organizations enabling remote and mobile access to their users, exposing them to a myriad of data security and compliance threats like hacking (phishing), along with fraud and theft from internal users. All of which result in the loss of millions of dollars each year.  

Fortunately, ERP applications that were once considered a “black box” can now be enhanced with the most sophisticated logging and analytics technology available on the market. Introducing Appsian360, the first and only data access and usage analytics platform for SAP and PeopleSoft.  

Why Context of User Access and Data Usage Matters  

Far too often, user behavior is a mystery, resulting in security, fraud, theft, and business policy violations. Specifically, a lack of detailed insights regarding how, when, and by whom transactions and data fields are being accessed.   

As they exist today, legacy on-premise SAP and PeopleSoft systems simply do not provide organizations the granular visibility and context of user access and data usage they need in real-time to make proactive and strategic decisions.   

“For years, organizations have been operating with limited visibility, and current threats to ERP data have made this status quo completely intolerable,” said Piyush Pandey, CEO of Appsian. “Appsian360 is about knowing who is doing what – at a very granular level.”   

With Appsian360, security and compliance leaders can drill into specific data access and know exactly who is doing what, where, and why. With that level of in-depth, contextual information, any red flag incidents can undergo a rapid response plan.   

“The beauty of Appsian360 is it’s a comprehensive solution that provides actionable insights,” added Pandey. “We know that forensic investigations and time to mitigation costs organizations countless amounts of money – and we’re pleased that Appsian360 can alleviate much of this burden.”  

Appsian360 for SAP and PeopleSoft  

Appsian360 installs into your ERP web server and does not require any additional customizations. There are zero noticeable effects on application performance. Here’s a high-level look at what Appsian360 can do for you.  

Detect Security Threats in Real-Time: Appsian360 proactively alerts you to security threats like hacking, phishing, misuse of privileged accounts, and many more. You can quickly receive the information required to fully enable forensic investigations.  

Uncover Hidden Business Risks: Appsian360 helps you detect and respond to fraud, theft, and errors by employees and third parties (vendors, consultants, etc.). Companies can maintain a complete view of sensitive business transactions, and what (specific) users are doing.  

Monitor Employee Productivity: Appsian360 helps you maintain oversight as users process and execute business transactions. You can use these insights to ensure efficient staffing and identify potential bottlenecks in critical HR, payroll, and finance activities.  

Understand Data Access & Usage with More Clarity Than Ever Before  

Organizations can no longer rely on having a lot of data. They need to start triangulating and developing context around the data they’re getting and how it’s being used. Appsian360 provides real-time data access and usage visibility previously unavailable to SAP and Oracle ERP customers.  

To see how data security and compliance threats that were once considered “the price of doing business” are no match for the watchful eye of Appsian360, join us for a virtual demonstration on Thursday, August 13. You can register here: https://www.appsian.com/visibilty-using-appsian360/.  

Contact us today for a personalized demo and find out how Appsian360 can fill critical visibility gaps for your organization.   

Stay Updated

Security

Your Network Access Could Be for Sale on the Dark Web. Why ABAC is Critical for ERP Data when Your Network is Vulnerable

By Michael Cunningham • June 1, 2020

Thanks to TV commercials for identity protection services, you’re forgiven for thinking that that dark web is primarily a place where criminals and hackers buy and sell personal information such as credit cards, usernames and passwords, and social security numbers (and other PII). Lately, however, the dark web has seen a flurry of activity for offers to purchase corporate network access, according to a recent “Access for Sale” report from Positive Technologies.  

Criminals Are Becoming More Interested in Corporate Network Access 

Just a year ago, according to the report, cybercriminals were focused more on trading in access to the servers of private individuals for as little as $20. During the second half of 2019, Interest has since picked up in the sale of access to corporate networks. In Q1 2020, the number of postings advertising access to these networks increased by 69 percent from the previous quarter. Prices have also increased: the average cost of privileged access to a single local network is now in the $5,000 range. Additionally, hackers are offering a commission of up to 30 percent of the potential profit from a hack of a company’s infrastructure. 

It’s bad enough that your threat surface has increased due to so many employees working from home, now you have a posse of hackers roaming the dark web looking for bounties to collect. We have a few suggestions to help you keep your ERP data safe even if hackers manage to gain access to your corporate network.   

Adopt Attribute-Based Access Controls (ABAC) to Strengthen ERP Data Security 

Companies using ERP systems are already leveraging role-based access controls. These controls, which align data access privileges and job function resources, provide a baseline for data governance. With the rapid expansion to a remote workforce earlier this year, organizations needed to create more detailed and more dynamic access controls—policies to determine who, what, where, when, and how workers can access ERP data and what transactions they’re allowed to perform.  

With attribute-based access controls (ABAC), a company can incorporate additional context such as geolocation, time of day, and IP address to both ensure the appropriate user is accessing the resources and prevent users from having more access than they need. For example, if the organization knows that an employee should be working from Connecticut, ABAC can prevent access to resources, mask highly sensitive data, or prevent a transaction entirely if the user’s location is suddenly California – or a foreign country.  

These granular, data-centric access privileges can help an organization ensure that users–internal or malicious–do not get too much access to important ERP data – limiting the potential negative effects of a network intrusion by hackers. 

ABAC Should be Coupled with User Activity Monitoring  

Let’s revisit how ABAC helps organizations establish roles and permissions to determine who, what, where, when, and how workers can access ERP data and what transactions they’re allowed to perform. It’s important that you don’t set these controls and “forget” them. You want to make sure what you’ve established is working and to watch for any anomalies that reveal unusual or unwelcome activity.  

Most organizations are already performing some kind of monitoring of user access – but it has to extend beyond manual audits of instances of logging in and logging out of applications and what pages were displayed. Understanding data access, usage, and transactions performed is now a key requirement when maintaining visibility over business data and enforcing security policies. 

Here are five details we recommend monitoring (more details here): 

  1. Who – Details of the User Accessing the Data  
  2. What – Details of the Data Being Accessed  
  3. Where – Location Where the User is Accessing the Data   
  4. When –Time of Day When User is Accessing Data  
  5. How – Type of Device Accessing Data 

Data is only as useful as the insights it provides. Using an analytics platform that includes granular access details, rapid aggregation, and visualization of user access data is a crucial requirement for data security. 

Conclusion 

You know that hackers are already looking for any and all security lapses on your perimeter to gain access to your corporate network. The “Access for Sale” report serves as an important reminder that hackers are willing to do anything to gain an advantage, and organizations must deploy a variety of ERP data security protocols in addition to the standard role-based access controls. 

Appsian has helped hundreds of organizations that leverage legacy ERP applications like PeopleSoft and SAP ECC strengthen their data security posture with ABAC and user-activity monitoring. 

Request a demonstration of the Appsian Security Platform today. Learn how Appsian can help you manage the risks of the dark web in little as 30 days! 

Stay Updated

Security

Why the Keys to Maintaining ERP Data Security in a Remote Environment are Control and Visibility

By Piyush Pandey • May 15, 2020

Remote workforces are nothing new to most organizations. According to Buffer’s 2019 State of Remote Work report, 44% of respondents noted that at least part of their team was “full-time remote,” and 31% said that everyone on the team works remotely. Further, at the time of the report, 30% of respondents said that their entire company worked remotely. However, the COVID-19 pandemic accelerated the work-from-home model. By March 31, 2020, the percent of users working remotely had increased 15 percentage points since the start of the COVID-19 outbreak. With that in mind, organizations are assessing how they can maintain granular levels of control and visibility when ERP data is being accessed remotely

Adopting Contextual Controls to Protect ERP Data 

Most organizations already leverage role-based access controls. These controls, which align data access privileges and job function resources, provide a baseline for data governance. However, they often lead to excessive levels of data access and, in turn, produce additional risks. Contextual controls enable an organization to dynamically control access to data during varying contexts of access, often aligning to least privilege best practices. Migrations to cloud applications are largely due to contextual controls being a business requirement, simply because the interconnected applications required a more dynamic approach. 

With the move to a remote workforce, organizations need to create more detailed and more dynamic access controls. With attribute-based access controls (ABAC), a company can incorporate additional context such as geolocation, time of day, and IP address to both ensure the appropriate user is accessing the resources and prevent users from having more access than they need. For example, if the organization knows that an employee should be working from Connecticut, ABAC can prevent access to resources if the user’s location is suddenly California – or a foreign country. 

Contextual controls provide both the prevention of access policy violations, along with alignment between business requirements and security protocols. Because the organization can limit access according to the principle of least privilege, it reduces the risk of data leakage and financial fraud. Meanwhile, by creating more granular, data-centric access privileges, an organization can ensure that users do not get too much or not enough access – limiting the potential negative effects of restricting access excessively. 

User Activity Monitoring for ERP Data Security and Managing Productivity 

Monitoring user access to resources and tracking how users interact with data provides an additional benefit for many organizations as their workforces move towards a remote model. Most organizations recognize the benefit of monitoring user access – but not just instances of logging in and logging out of applications. Understanding data access and usage is now a key requirement when maintaining visibility over business data. Organizations are turning to analytics platforms that both include granular access details, along with a visualization element (for example, SIEM). Data is only as useful as the insights it provides, and rapid aggregation and visualization of user access data is a crucial requirement for data security. 

Using “Virtual” Work Hours 

Looking at a common security use case, many organizations leverage “virtual” work hours to detect anomalies. For example, an employee usually works between the hours of 8 AM and 6 PM but monitoring and alerting to activity around sensitive data at 3 AM, for instance, can be indicative of unauthorized behavior. This uncharacteristic behavior may be an anomaly, but the organization needs to monitor the user activity more closely. If the user denies accessing the information at 3 AM, then the organization needs to focus its monitoring and have the employee change their password. If the organization detects additional unusual activity, then it may need to review the employee’s activities or investigate a potential data breach. 

Monitoring User Productivity 

From a workforce management perspective, organizations can leverage these insights to review employee productivity. Two use cases present themselves. First, many organizations have contracts that stipulate late payments incur a late fee. If the organization knows that employees should be processing payments ten days prior to the payment date, then they can leverage these reports to ensure that employees meet their timelines, even from a remote location. Additionally, by tracking resource usage data, organizations can monitor whether workforce members are appropriately prioritizing their workdays. If the employees are only accessing a business application at the end of the month, then they are likely waiting until the last minute to input payment information. Preventing these potential revenue losses or rush projects in other areas by speaking with the employee enables the organization to stay on top of its financials. 

Enabling Visibility for Business Applications Has Never Been More Critical 

Creating trust within and across distributed workforces ensures productivity. However, continued status update meetings across multiple time zones decrease workforce member efficiency. Organizations already monitor user access to their systems, networks, and applications. As part of a robust security posture, organizations should apply protections at the new perimeter – user identity. Rather than micromanaging employees via emails or chats, managers can gain valuable insight into how users are accessing resources and prioritizing work schedules by reviewing data and resource usage

In an unprecedented time, companies need to find ways to enable their levels of control and visibility over business data. Whether a business application is on-premise or in the cloud, enhancing these solutions should be a mission-critical objective. 

Risks against an organization are prevalent in a remote environment, whether those risks are security-related or employee-related by fraud, theft, and error. The keys to maintaining ERP data security ultimately lie in your ability to provide oversight for your data, and the time to act is now. 

This article was originally published on Global Trade.  

Stay Updated

Security

Oracle Extends PeopleSoft Support to 2031. Now’s the Time to Invest in PeopleSoft Data Security Projects

By Michael Cunningham • May 6, 2020

On April 19, 2020, Oracle announced on its PeopleSoft Support blog that the company is extending support for the ERP application through 2031. As stated on the blog, Oracle remains “committed to a rolling ten years of support for PeopleSoft. We will review and plan to extend support again next year, and the year after that, so that you have a decade of committed support and can plan your enterprise software investments accordingly.”  

This news should give PeopleSoft customers a sense of certainty that investing in the long-term success of their PeopleSoft applications is mission-critical. Thanks to COVID-19, organizations may be concerned about their short-term financial stability. Add in the newfound uncertainly of continuing large-scale IT projects in this climate (like a cloud ERP migration) – organizations have now found themselves looking for ways to reap maximum benefits with the lowest degree of overhead and project completion time.

Three “Home Improvement” PeopleSoft Data Security Projects  

With large-scale projects on hold, it’s a good time to invest in smaller-scale projects that focus on what is truly mission-critical today (and for the near future) – PeopleSoft data security. You’re already working hard to secure data while users are accessing remotely and while bandaids may be in place right now, organizations must consider strategies that scale long-term. 

Here are three smaller “home improvement” projects that strengthen your PeopleSoft data security posture: 

Integrate your SAML Identity Provider (IdP) for Single Sign-On (SSO)  

When you count the hours spent managing passwords (80% of help desk calls) or tackling SSO projects using customizations and home-grown solutions, you find that removing the complexity of PeopleSoft password management is an ROI positive project. Add in the lost productivity of users not being able to access business transactions (because they’re waiting for their password to be reset), then the ROI increases. The bottom line, a SAML-configured Single Sign-On for PeopleSoft will make everybody happy. A SAML SSO provides the combination of security and productivity that organizations are striving for. And, given the alarming uptick in phishing attacks – user credentials have become an obvious liability.

Strengthen IAM with Adaptive Multi-Factor Authentication (MFA)

When you’re buying new appliances for a remodeling project, you buy a washer and dryer in pairs. Yes, you can wash and dry your clothes using one or the other, but using both is a better option. Same with applying an adaptive multi-factor authentication (MFA) with your SSO as an effective method for verifying identity. Adaptive MFA ensures that contextual attributes (ex. device, network, location) are the determining factor for deploying MFA challenges. The context of access varies in mobile and work-from-home environments, and your level of control should do the same.  This is essential if your users are accessing remotely, as managing authentication (especially for high privilege users) can be challenging.

It is also recommended to expand the use of MFA and apply step-up challenges on transactions that may be considered ‘highly sensitive.’

Real-Time Visibility for User Activity Monitoring and Transaction Logging  

Just like a rug can tie a room together, real-time visibility via user activity monitoring and transaction logging can be the perfect complement to your PeopleSoft data security fixer upper. There are a lot of sensitive transactions being executed outside of the office these days, and monitoring user activity gives you a better sense of how your data is being accessed and used.  

Invest in Today and Plan for Tomorrow 

Now is a good time to take Oracle’s lead in their extension of PeopleSoft support – and alleviate a lot of the complexity around PeopleSoft data security, identity, and access management. Securing remote access with SSO and adaptive MFA today provides significant PeopleSoft ROI – along with applying a strong data security framework that can scale with a myriad of workforce and landscape changes.

Best yet, you can complete these projects in only two to four weeks, and we guarantee you won’t be cleaning up any sawdust when you’re done. 

Request a demonstration of the Appsian Security Platform today.

Stay Updated