Analytics

Using Advanced Analytics to Improve ERP System Performance

By Michael Cunningham • November 6, 2020

Improve ERP System Performance with Real-Time Data Access & Usage Visibility  

Your ERP system is a complex ecosystem with multiple deployments, serving hundreds to thousands of users. All of which are processing batch jobs, completing transactions, and performing daily functions that are the lifeblood for operations. Sitting at the center of this ecosystem is your system administrators, who oversee monitoring and maintaining the ERP system’s overall health and performance.  

Factors Driving up Administration Complexity 

In many ERP deployments, integrations with application and web servers, along with other external systems are common. Further increasing complexity is that each has its own set of monitoring tools to determine the quality of service they are delivering. This fragmented approach can make it challenging to identify and resolve ERP system performance issues. Now there’s a tool that allows you to focus exclusively on the health of your ERP system: Appsian360

How Appsian360 Reduces Complexity 

Appsian360 focuses squarely on ERP-specific performance metrics that allow you to quickly isolate and identify performance issues: 

  • Average Page Load Time 
  • Top 10 Components Accessed 
  • Average Page Load Time by Application 
  • Pages Accessed by Device Type 
  • Page Access Count and Average Page Load Time 
  • Top 10 Underperforming Pages 

Appsian360 is also capturing real-time data access and usage information that provide a clear narrative around how user traffic is affecting system performance. It can also be used to combat security threats or uncover fraud. 

Organization-Wide ERP System Performance at a Glance 

Now you have information at your fingertips that allow you to become proactive about system degradation, rather than reactive and relying on users to report the issues to you. Fixing slowness issues ahead of time might also prevent more serious problems like data corruption, which lead to time lost across the whole enterprise. 

You can also focus on application performance across office locations and by hardware. For example: 

  • Average Page Load Time by Country 
  • Average Page Load Time by Location (looks like office locations) 
  • Average Page Load Time by IP [Address] 
  • Average Page Load Time by Web Server 
  • Average Page Load Time by App Server 

If your offices are spread across the globe, for example, in America, India, and New Zealand, you can examine the Average Page Load Time by Country. Just by looking at a map, you can see that maybe one of the offices in India is running slow while the other is performing within normal speeds. You can contact the appropriate IT team in that office to investigate. 

Resolving Individual Issues Within Minutes 

Raise your hand if a user has ever contacted you with, “Oh, the system is really slow today.” It’s a common yet frustrating reality for sys admins because it lacks context. Is the performance slow just for that one person or for everybody? Is the performance issue for a single component or an entire application?  

Without Appsian360, your team has few resources to resolve this issue. For example, the resources available to you might include: 

  • The user description of the problem 
  • You can try to replicate what the user was accessing or viewing 
  • You might need to even visit the user’s office location and check the device 
  • Maybe it’s related to a time of day, etc.  
  • Based on this information, you can try to replicate the issue.  
  • Finally, you might have access to database monitoring tools to give you an idea of how individual queries are performing. However, this is a piecemeal approach and lacks insight into the actual ERP system performance as a whole. 

Resolving these system performance issues manually could take hours or days to resolve. With Appsian360, you can drill into a particular IP address and get details on a user’s individual access in the system, and you can drill-down into the context you need to create actionable insights. For example, you can view the user’s Average Page Load Time by Application. Now you can holistically look at those transaction sets together to see how they’re affecting your system and the users working within the system. 

Drilling down a bit further, you can look at the Top 10 Underperforming Pages. Now you’re getting more granular with your detective work to see if a specific page is performing slowly. In a matter of minutes and just a few clicks, a system admin can diagnose a system performance issue and put into place an action plan to resolve the issue.  

The Proactive Approach to ERP System Performance  

The regular duties of an ERP system administrator include making sure that the system is performing to its maximum ability and resolving any issues and problems the users might have. They’re also trying to resolve system performance issues before people complain there is a problem. Because when the ERP system performance deteriorates, productivity suffers, employee morale declines, and the company’s bottom line is negatively impacted. 

Contact us today to learn how Appsian360 can transform your IT team into proactive ERP application administrators and keep your ERP system running at peak performance levels.  

Stay Updated

Analytics, Security

Monitoring High Privileged User Activity in PeopleSoft and SAP Using Appsian360

By Michael Cunningham • August 11, 2020

We are in the midst of a perfect storm of ERP security calamity: the greatest work from home experiment colliding with historic levels of employee churn and unemployment. Hackers are exploiting the situation by launching phishing, spear-phishing, and other social engineering attacks at remote workers to gain access to privileged user accounts and email passwords.   

The increased threat surface and hacker activity mandate that companies deploy a strong security posture at the identity perimeter, using tools such as virtual private networks (VPN) and adaptable multi-factor authentication (MFA). However, limiting security to user access and authentication can leave organizations at risk of malicious activity when, not if, a privileged user account is compromised.   

Unfortunately, today’s legacy on-premise SAP and PeopleSoft systems simply do not provide organizations the granular visibility and context of user access and data usage they need in real-time to make proactive and strategic decisions. This lack of visibility and reliance on static controls to ensure your most critical data isn’t compromised means that many organizations are flying blind.  

Monitoring Privileged User Activity Must Be Part of a Strong Security Posture   

The issue with traditional ERP logging and analytics is that it focuses on troubleshooting errors and scanning for broad system vulnerabilities. They were not designed for understanding user behavior, data access, and usage. In addition to ensuring a strict authentication process, companies need to layer in the ability to monitor privileged user activity continuously.   

Using a layered-defense approach, organizations can proactively mitigate many of the risks associated with the increased interest in corporate networks and user accounts. A strict authentication process on its own is no longer acceptable. Actively monitoring privileged account activity is a critical way of identifying that an external threat has entered the network, compromised an account, and is ultimately engaged in fraud or theft.   

Granular Privileged User Activity to Monitor  

Organizations can set fine-grained access controls all day long. For example, organizations may be able to apply time-based ABAC for standard users, since the general human resources employee likely works during daytime hours, and you have visibility into which user accessed an application. Unfortunately, if you do not have a granular-level view into precisely what a user accessed, then you are missing a significant part of the data security puzzle.  

I’m sure you can think of a list of all Tier 1, highly sensitive data fields you want to watch closely. A shortlist includes C-suite salary information, social security numbers, bank account information, national ID number, passport number, visa permit number, driver’s license number, etc.   

Continuously monitoring privileged user activity and behavior at the granular level provides valuable visibility into how users engage with data and what they do with their access. For example, application-level logging can’t track or show you if a hacker or malicious insider changes employee direct deposit information to route that week’s payroll run into an offshore account. Only field-level logging can show you how much “over access” users may have or if they are engaged in irregular activity.  

With this information, organizations can review whether a certain activity was necessary and document the findings. By tracking the activity back to the user, the organization proves governance and proactively protects data.  

Appsian360: Monitor ERP Activity for High Privilege Users  

Using Appsian360 to monitor privileged user activity, you get a 360-degree view of what is happening around your ERP data as well as full visibility into exactly how your ERP data is being accessed – by whom, from where, on what, and why. From there, you can map out a targeted incident response before damages become catastrophic.   

Your organization needs to be in a constant and vigilant state of security when it comes to monitoring privileged user account activity, especially in these times of excessive employee churn and remote access. Unfortunately, doing so in your ERP system is a manual process that needs to be addressed frequently.  

Request a demo of Appsian360 to see for yourself how your organization can actively monitor privileged user activity and mitigate the risks associated with a compromised account or malicious insider. 

Stay Updated

Security

Does ERP Data Security Qualify as an Essential IT Project? Here Are Five Reasons Why It Does.

By Michael Cunningham • May 26, 2020

Stop me if you’ve heard (or spoken) this phrase: “All non-essential projects have been put on hold.”

To be fair, pausing large-scale IT projects (like a cloud ERP migration) in such an uncertain and unpredictable environment makes sense. If the project will take months to implement and it isn’t helping keep the lights on, it isn’t essential. Simple as that! But what is considered “essential” is often a matter of opinion rather than true importance.   

A perfect example is ERP data security. When COVID-19 hit, many organizations began scoping enterprise security solutions like a VPN, which enables remote access. But only in the sense of creating an authentication point – not actually securing data. We touched on this more in a previous blog.

Enabling remote access with a VPN helps keep the lights on, but now that the lights are on (and will hopefully stay on), at what point do you consider the vast amounts of data exposure that have emerged as a NEW risk vector? As a direct result of remote access. This is the point where data security becomes essential.

Overlooked but Essential 

ERP data security too often gets thrown into the “non-essential” project pile, with companies considering it an afterthought, regardless of the economic climate. Afterthought might be too harsh – perhaps they consider what they already have in place as “good enough.” Essentially making the decision to go into completely unprecedented times with legacy technology. Such thinking will leave your data fully exposed to theft, fraud, and other forms of damage. Alas, if you don’t prepare for the future, then the future is likely to be your downfall. This is why we think NOW is the perfect time to make ERP data security a high-priority – dare we say essential – project. Here are five reasons why. 

1: Your ERP Data is Already Exposed 

Just because your virtual front door is locked doesn’t mean there’s nobody in your house. Besides the fact that user credentials (including VPN credentials) are routinely stolen – insider threats are one of the fastest-growing trends in data breaches, accounting for 34% of attacks in 2019, according to Verizon’s 2019 Data Breach Investigations Report. In addition, many insider breaches occur simply by insiders unintentionally misusing data. Without proper data security and monitoring protocols in place, it’s difficult to know if users are leveraging their privilege to access sensitive information for either legitimate or malicious purposes. 

2: Remote Access and Data Security Should Be Synonymous  

A remote workforce is nothing new, but not to the scale caused by the COVID-19 outbreak. The rapid scaling of remote access for critical business functions left many companies relying on conventional (but outdated) security technology, like a VPN. All the while, not considering that remote access means an expanded threat surface – and the wider your threat surface, the more exposed your data is to risk. A VPN may leave you feeling like you shrank your threat surface, but you haven’t truly shrunk your level of risk. Today, the most devastating data breaches happen when credentials are stolen and/or insiders leak/expose data. In a remote access environment, credential/insider risks go up dramatically while a VPN does little to mitigate.

When allowing remote access to your ERP data, you need to monitor a variety of data points, such as where is a user coming from? What data are they trying to access? What device are they using? Is that device being used by the right person? Cybercriminals know these systems are vulnerable and are stepping up attacks.

3: Data Security is Not as Costly as A Data Breach 

According to IBM’s Cost of a Data Breach Report, the average cost of a data breach is $4 million. The average cost of a breach in the U.S. is $8.2 million – more than double the worldwide average

The risks posed by a data breach extend well beyond financial. They are operational as well as compliance-related. Then there are the difficult to quantify costs, including negative exposure and scrutiny for your brand and senior leadership. 

4: Compliance Stakes Have Never Been Higher 

Compliance mandates like SOX, GDPR, CCPA, and others require organizations to maintain details regarding data access, and places a substantial liability when companies are not taking appropriate measures to secure ERP data. Fortunately, organizations can improve compliance by implementing data security tools that respond to insider threats, minimize direct damage caused by a breach, and reduce (or even void) penalties incurred by compromising customer data. 

5: ERP Data Security is A Manageable Problem 

An essential project doesn’t mean it’s complicated or burdensome. In fact, this is one of the more manageable problems to solve, as adding data security doesn’t involve much change management – unlike a cloud migration project. The key is to NOT customize the application(s) but to seek solutions that are configurable. Customizations are not a quick fix – they are not scalable and place additional complexity on support down the line. Configurable solutions to these challenges exist – trust us!   

Data Protection Can Help Keep the Lights On 

You could argue that an ERP data security project isn’t going to help keep the lights on; therefore, it isn’t essential. We would say that any project that helps mitigate business and security risks by enhancing your ability to authenticate users, control access to data, and monitor & respond to potential threats, is essential. And if that project can protect you from fines, theft, and fraud due to a data breach in this current work environment? That’s money you can use to keep the lights on.      

Request a demonstration today to learn how Appsian can help you with your essential ERP data security project.  

Stay Updated

Tips and Techniques

CarolinaGo Mobile App Single Day Downloads Hit 2,000

By Hendrix Bodden • August 31, 2015

According to Kate Hash, Manager of ITS Communications at UNC Chapel Hill, “Up until Friday, our largest download month had been 600 downloads of the app. On Friday alone, we had 2,000. It is clear that ConnectCarolina is adding a value to the app and that the students are now discovering the app because they want to use ConnectCarolina.”

Check out the full article on dailytarheel.com to learn more about how UNC mobilized and transformed PeopleSoft using PeopleMobile®.  Read more

Stay Updated

Security

Webinar: Fact or Myth – Protecting your PeopleSoft HCM Data from Cybercrime

By Hendrix Bodden • August 2, 2015

Want to sort cybercrime fact from fiction? Do you think you know the difference? Test your knowledge. In this OHUG sponsored webinar, GreyHeller will set the record straight about cybersecurity myths using data from its Annual Cybersecurity Survey, the Sans Survey and live audience polling.

This engaging and interactive webinar session will test your internal and external threat knowledge and give you the tools necessary to assess your organizations’ PeopleSoft security. All participants will be given a copy of GreyHeller’s Confidential Threat Assessment Matrix which identifies the internal, external and data threat vectors the bad guys have used to compromise HCM data.

The session will include information on:

  • Data Masking
  • Data Leakage
  • Multi-Factor Authentication
  • Location Based Security
  • Self Service Use
  • High Privilege Access
  • Logging/Analysis & Forensic Investigation

We will conclude with real world case studies of how PeopleSoft customers are protecting their HCM data from cybercrime.

Register Now

Stay Updated

Tips and Techniques

PeopleSoft and the Future of ERP

By Hendrix Bodden • June 6, 2015

In this two-part series, GreyHeller founders and former, early PeopleSoft Technical Strategists, Larry Grey and Chris Heller will discuss ERP trends and how they affect PeopleSoft customers. Part I will discuss Gartner’s recently published 2015 Strategic Road Map for Postmodern ERP and how the opportunities and challenges affect PeopleSoft customers.  Part II will be a demo-intensive session showing how GreyHeller customers are meeting these challenges today.

Part I
July 15  •   11am PST

According to Gartner, Monolithic ERP solutions are being deconstructed into postmodern ERP that will result in a more federated, loosely coupled ERP environment with much of the functionality sourced as cloud services or via business process outsourcers.  This direction is driven by a need to support strategic, organization-wide functionality that is more flexible, secure, integrated, and modern.

Where does this leave you as a PeopleSoft customer?  Do you need to replace PeopleSoft to achieve the architecture and benefits to drive your organization in the future, or do you have an option to leverage it along with other cloud-based solutions?

This session will answer these questions as well as describe how PeopleSoft can be part of a hybrid approach to utilizing PeopleSoft and the cloud:

  • Where PeopleSoft fits
  • Integration considerations, including data and security
  • User experience modernization
  • Lifecycle Management and compliance
  • Control over functionality and infrastructure 
Register Now

Part II
July 29   •   11am PST

This session will discuss how GreyHeller customers are utilizing our technology today to utilize PeopleSoft effectively in their postmodern ERP roadmap.  This demo-intensive session will include customer case studies and product demonstrations that illustrate how to flexibly and safely retain your PeopleSoft investment by evolving its role from being a monolithic application to a key component of your hybrid ERP architecture.

  • Security:  how to protect your most sensitive data and processes in an ever-evolving cybercrime landscape

  • Identity Management:  how to leverage multiple identity providers for your different constituents — Candidates, Vendors, Employees using solutions such as Facebook, LinkedIn, Azure, and on-premise resources

  • User Experience:  how to provide a seamless solution that is modern, looks consistent across cloud and on-premise components, and is easy to use

  • Flexibility:  how to evolve the functionality you deploy rapidly

  • Lifecycle Management:  how to keep up with new updates (driven by regulatory or business value requirements) while keeping a low TCO

  • Integration:  how to control all of the integrations between each of the component

Register Now

Stay Updated