With a heightened focus on PII accountability, organizations are taking the opportunity to fully review their GRC policies to minimize risk factors. Because your ERP system contains sensitive data throughout hundreds of transactions, PLUS many organizations are broadening user access beyond their secure network, security professionals have been running into several challenges when implementing GRC policies in ERP systems:
ERP systems have limited provisions to mask or redact sensitive data.
ERP access cannot be controlled based on specific data attributes. For example, regulating access based on who is requesting access and the location from which access is being requested from.
Tracking specific events or manually analyzing security logs can be time-consuming. Thus, putting organizations at risk of being non-compliant with breach remediation mandates (ex. 72-hour notifications via GDPR.)
Requirements for fine-grained customized privileges makes role creation and administration very complex and difficult to maintain.
Join us as we discuss these challenges and present strategies for integrating robust access controls, apply least privileged policies, and leverage data visualization to ensure a strong GRC foundation in your ERP systems.