The European Union’s General Data Protection Regulation (GDPR) came into effect on May 25th, 2018 and made a far-spreading impact on how organizations record, manage and process personal data of European citizens. As an organization leveraging PeopleSoft, you house personally identifiable information (PII) on hundreds of pages, making your PeopleSoft applications a crucial variable in regards to sustaining GDPR compliance. Even though the security of your PeopleSoft applications has always been your priority, GDPR just upped the ante! Non-compliance with several clauses in GDPR can potentially knockout significant profit margins – 4% of global revenue or € 20 million to be precise.
Discover a data breach? The clock is NOW ticking!
Imagine all the chaos a data breach brings – the investigation, remediation, financial liabilities, and the overwhelming task of drafting an internal and external communication plan. The timeline of this process was previously driven by your organization – now that GDPR is in effect, communications with affected parties and relevant regulatory agencies all must be completed before the GDPR hourglass empties, i.e., in 72 hours. GDPR’s mandate is a clear message that the ‘wait and see’ approach that organizations could once get away with is no longer going to work! To establish compliance with GDPR, organizations need to evaluate all possible means that data can be breached, leaked, or manipulated and focus on equipping their PeopleSoft applications with internally layered security features, most specifically enhanced logging, in an effort toward being proactive rather than reactive.
Step 1 to GDPR compliance is getting to know your data
Your PeopleSoft applications are inherently built with robust security features, but modern threats demand data security be taken beyond the standard User ID/Password model. Under GDPR, more PII translates to more liability. Therefore, it’s crucial that organizations:
- Establish measures to track the lifecycle of sensitive data in their PeopleSoft applications
- Define control protocols on how and by whom PII is accessed
- Limit unnecessary exposure of sensitive information
For access controls to be effective, each user’s activity and transaction data must be available for tracking and monitoring by security teams so they can identify and remediate a breach effectively and efficiently.
High-level logging is NOT enough
Unfortunately, out-of-the-box PeopleSoft applications are only capable of high-level logging (login and log out instances), and that information is not sufficient for identifying what specific data fields may be compromised, who has viewed it, and when a user may have viewed specific data. This context is necessary for piecing together the narrative for effectively remediating a breach, and thus, making the initial steps towards complying with GDPR.
How GreyHeller’s Application Security Platform can solve the challenge
The key to preparing your PeopleSoft applications for GDPR is equipping them with advanced and robust security measures, that not only help you prevent a breach but allow you to detect and react to it promptly. With GreyHeller’s Application Security platform (ASP) organizations can effectively control the unwanted exposure of PII and accelerate breach detection and remediation. ASP enables security teams to gain maximum influence over what data is accessed, by whom, and how it is used.
Record each transaction as it happens
Designed to log field level transaction activity, ASP provides you with all the details you need to identify a data breach in time and fulfill the requirements imposed by GDPR. The logging features record all transactions within PeopleSoft on a granular level, providing information on what data was accessed, where it was accessed from, user ids and IP address effected and more.
Seeing is believing
The ASP also features an integrated analytics extension that uses the enhanced logging data to populate and display access activity on engaging dashboards. Comprising of elegant charts, graphs, and maps – these dashboards can be grouped by usage patterns, access trends, geographical locations, etc. to gain a holistic picture of user activity in a single view. The dashboards are equipped with deep drill-down capabilities, allowing security teams to investigate the activity and perform root-cause analysis thoroughly.
We are here to answer any questions you may have – Get a free security consultation for GDPR compliance today or write to us at firstname.lastname@example.org.