We are in the midst of a perfect storm of ERP security calamity: the greatest work from home experiment colliding with historic levels of employee churn and unemployment. Hackers are exploiting the situation by launching phishing, spear-phishing, and other social engineering attacks at remote workers to gain access to privileged user accounts and email passwords.
The increased threat surface and hacker activity mandate that companies deploy a strong security posture at the identity perimeter, using tools such as virtual private networks (VPN) and adaptable multi-factor authentication (MFA). However, limiting security to user access and authentication can leave organizations at risk of malicious activity when, not if, a privileged user account is compromised.
Unfortunately, today’s legacy on-premise SAP and PeopleSoft systems simply do not provide organizations the granular visibility and context of user access and data usage they need in real-time to make proactive and strategic decisions. This lack of visibility and reliance on static controls to ensure your most critical data isn’t compromised means that many organizations are flying blind.
Monitoring Privileged User Activity Must Be Part of a Strong Security Posture
The issue with traditional ERP logging and analytics is that it focuses on troubleshooting errors and scanning for broad system vulnerabilities. They were not designed for understanding user behavior, data access, and usage. In addition to ensuring a strict authentication process, companies need to layer in the ability to monitor privileged user activity continuously.
Using a layered-defense approach, organizations can proactively mitigate many of the risks associated with the increased interest in corporate networks and user accounts. A strict authentication process on its own is no longer acceptable. Actively monitoring privileged account activity is a critical way of identifying that an external threat has entered the network, compromised an account, and is ultimately engaged in fraud or theft.
Granular Privileged User Activity to Monitor
Organizations can set fine-grained access controls all day long. For example, organizations may be able to apply time-based ABAC for standard users, since the general human resources employee likely works during daytime hours, and you have visibility into which user accessed an application. Unfortunately, if you do not have a granular-level view into precisely what a user accessed, then you are missing a significant part of the data security puzzle.
I’m sure you can think of a list of all Tier 1, highly sensitive data fields you want to watch closely. A shortlist includes C-suite salary information, social security numbers, bank account information, national ID number, passport number, visa permit number, driver’s license number, etc.
Continuously monitoring privileged user activity and behavior at the granular level provides valuable visibility into how users engage with data and what they do with their access. For example, application-level logging can’t track or show you if a hacker or malicious insider changes employee direct deposit information to route that week’s payroll run into an offshore account. Only field-level logging can show you how much “over access” users may have or if they are engaged in irregular activity.
With this information, organizations can review whether a certain activity was necessary and document the findings. By tracking the activity back to the user, the organization proves governance and proactively protects data.
Appsian360: Monitor ERP Activity for High Privilege Users
Using Appsian360 to monitor privileged user activity, you get a 360-degree view of what is happening around your ERP data as well as full visibility into exactly how your ERP data is being accessed – by whom, from where, on what, and why. From there, you can map out a targeted incident response before damages become catastrophic.
Your organization needs to be in a constant and vigilant state of security when it comes to monitoring privileged user account activity, especially in these times of excessive employee churn and remote access. Unfortunately, doing so in your ERP system is a manual process that needs to be addressed frequently.
Request a demo of Appsian360 to see for yourself how your organization can actively monitor privileged user activity and mitigate the risks associated with a compromised account or malicious insider.
Stop me if you’ve heard (or spoken) this phrase: “All non-essential projects have been put on hold.”
To be fair, pausing large-scale IT projects (like a cloud ERP migration) in such an uncertain and unpredictable environment makes sense. If the project will take months to implement and it isn’t helping keep the lights on, it isn’t essential. Simple as that! But what is considered “essential” is often a matter of opinion rather than true importance.
A perfect example is ERP data security. When COVID-19 hit, many organizations began scoping enterprise security solutions like a VPN, which enables remote access. But only in the sense of creating an authentication point – not actually securing data. We touched on this more in a previous blog.
Enabling remote access with a VPN helps keep the lights on, but now that the lights are on (and will hopefully stay on), at what point do you consider the vast amounts of data exposure that have emerged as a NEW risk vector? As a direct result of remote access. This is the point where data security becomes essential.
Overlooked but Essential
ERP data security too often gets thrown into the “non-essential” project pile, with companies considering it an afterthought, regardless of the economic climate. Afterthought might be too harsh – perhaps they consider what they already have in place as “good enough.” Essentially making the decision to go into completely unprecedented times with legacy technology. Such thinking will leave your data fully exposed to theft, fraud, and other forms of damage. Alas, if you don’t prepare for the future, then the future is likely to be your downfall. This is why we think NOW is the perfect time to make ERP data security a high-priority – dare we say essential – project. Here are five reasons why.
1: Your ERP Data is Already Exposed
Just because your virtual front door is locked doesn’t mean there’s nobody in your house. Besides the fact that user credentials (including VPN credentials) are routinely stolen – insider threats are one of the fastest-growing trends in data breaches, accounting for 34% of attacks in 2019, according to Verizon’s 2019 Data Breach Investigations Report. In addition, many insider breaches occur simply by insiders unintentionally misusing data. Without proper data security and monitoring protocols in place, it’s difficult to know if users are leveraging their privilege to access sensitive information for either legitimate or malicious purposes.
2: Remote Access and Data Security Should Be Synonymous
A remote workforce is nothing new, but not to the scale caused by the COVID-19 outbreak. The rapid scaling of remote access for critical business functions left many companies relying on conventional (but outdated) security technology, like a VPN. All the while, not considering that remote access means an expanded threat surface – and the wider your threat surface, the more exposed your data is to risk. A VPN may leave you feeling like you shrank your threat surface, but you haven’t truly shrunk your level of risk. Today, the most devastating data breaches happen when credentials are stolen and/or insiders leak/expose data. In a remote access environment, credential/insider risks go up dramatically while a VPN does little to mitigate.
When allowing remote access to your ERP data, you need to monitor a variety of data points, such as where is a user coming from? What data are they trying to access? What device are they using? Is that device being used by the right person? Cybercriminals know these systems are vulnerable and are stepping up attacks.
3: Data Security is Not as Costly as A Data Breach
According to IBM’s Cost of a Data Breach Report, the average cost of a data breach is $4 million. The average cost of a breach in the U.S. is $8.2 million – more than double the worldwide average.
The risks posed by a data breach extend well beyond financial. They are operational as well as compliance-related. Then there are the difficult to quantify costs, including negative exposure and scrutiny for your brand and senior leadership.
4: Compliance Stakes Have Never Been Higher
Compliance mandates like SOX, GDPR, CCPA, and others require organizations to maintain details regarding data access, and places a substantial liability when companies are not taking appropriate measures to secure ERP data. Fortunately, organizations can improve compliance by implementing data security tools that respond to insider threats, minimize direct damage caused by a breach, and reduce (or even void) penalties incurred by compromising customer data.
5: ERP Data Security is A Manageable Problem
An essential project doesn’t mean it’s complicated or burdensome. In fact, this is one of the more manageable problems to solve, as adding data security doesn’t involve much change management – unlike a cloud migration project. The key is to NOT customize the application(s) but to seek solutions that are configurable. Customizations are not a quick fix – they are not scalable and place additional complexity on support down the line. Configurable solutions to these challenges exist – trust us!
Data Protection Can Help Keep the Lights On
You could argue that an ERP data security project isn’t going to help keep the lights on; therefore, it isn’t essential. We would say that any project that helps mitigate business and security risks by enhancing your ability to authenticate users, control access to data, and monitor & respond to potential threats, is essential. And if that project can protect you from fines, theft, and fraud due to a data breach in this current work environment? That’s money you can use to keep the lights on.
Request a demonstration today to learn how Appsian can help you with your essential ERP data security project.
According to Kate Hash, Manager of ITS Communications at UNC Chapel Hill, “Up until Friday, our largest download month had been 600 downloads of the app. On Friday alone, we had 2,000. It is clear that ConnectCarolina is adding a value to the app and that the students are now discovering the app because they want to use ConnectCarolina.”
Want to sort cybercrime fact from fiction? Do you think you know the difference? Test your knowledge. In this OHUG sponsored webinar, GreyHeller will set the record straight about cybersecurity myths using data from its Annual Cybersecurity Survey, the Sans Survey and live audience polling.
This engaging and interactive webinar session will test your internal and external threat knowledge and give you the tools necessary to assess your organizations’ PeopleSoft security. All participants will be given a copy of GreyHeller’s Confidential Threat Assessment Matrix which identifies the internal, external and data threat vectors the bad guys have used to compromise HCM data.
The session will include information on:
- Data Masking
- Data Leakage
- Multi-Factor Authentication
- Location Based Security
- Self Service Use
- High Privilege Access
- Logging/Analysis & Forensic Investigation
We will conclude with real world case studies of how PeopleSoft customers are protecting their HCM data from cybercrime.
In this two-part series, GreyHeller founders and former, early PeopleSoft Technical Strategists, Larry Grey and Chris Heller will discuss ERP trends and how they affect PeopleSoft customers. Part I will discuss Gartner’s recently published 2015 Strategic Road Map for Postmodern ERP and how the opportunities and challenges affect PeopleSoft customers. Part II will be a demo-intensive session showing how GreyHeller customers are meeting these challenges today.
July 15 • 11am PST
According to Gartner, Monolithic ERP solutions are being deconstructed into postmodern ERP that will result in a more federated, loosely coupled ERP environment with much of the functionality sourced as cloud services or via business process outsourcers. This direction is driven by a need to support strategic, organization-wide functionality that is more flexible, secure, integrated, and modern.
Where does this leave you as a PeopleSoft customer? Do you need to replace PeopleSoft to achieve the architecture and benefits to drive your organization in the future, or do you have an option to leverage it along with other cloud-based solutions?
This session will answer these questions as well as describe how PeopleSoft can be part of a hybrid approach to utilizing PeopleSoft and the cloud:
- Where PeopleSoft fits
- Integration considerations, including data and security
- User experience modernization
- Lifecycle Management and compliance
- Control over functionality and infrastructure
July 29 • 11am PST
This session will discuss how GreyHeller customers are utilizing our technology today to utilize PeopleSoft effectively in their postmodern ERP roadmap. This demo-intensive session will include customer case studies and product demonstrations that illustrate how to flexibly and safely retain your PeopleSoft investment by evolving its role from being a monolithic application to a key component of your hybrid ERP architecture.
Security: how to protect your most sensitive data and processes in an ever-evolving cybercrime landscape
Identity Management: how to leverage multiple identity providers for your different constituents — Candidates, Vendors, Employees using solutions such as Facebook, LinkedIn, Azure, and on-premise resources
User Experience: how to provide a seamless solution that is modern, looks consistent across cloud and on-premise components, and is easy to use
Flexibility: how to evolve the functionality you deploy rapidly
Lifecycle Management: how to keep up with new updates (driven by regulatory or business value requirements) while keeping a low TCO
Integration: how to control all of the integrations between each of the component