[searchandfilter taxonomies="search"]

PeopleSoft Data Privacy: Detecting When Users View Co-Worker PII Data

Data privacy is often associated with how companies are allowed to collect and handle customer data. Lost in the data privacy breach headlines is that protecting employee information is just as critical for security and compliance. In fact, we have a lot of organizations who ask us to help them understand if, when, and how an employee is viewing co-worker PII data, especially within the same department.

In this Appsian solution demo, we’ll show you how real-time analytics can provide granular information and alerts when users are accessing and viewing other employee information.

When organizations using PeopleSoft request the ability to monitor and detect when one employee accesses the PII data of another employee, data privacy isn’t always the number one reason for the request. Data security and employee safety are also factors.

Of course, there are employees who require privileged access to sensitive and personal information to perform their daily tasks. However, those employees most likely do not need to access a co-worker’s PII, especially within the same department.

Beyond data privacy, we’ve heard about situations where an employee would stalk a co-worker. They had a level of access that allowed them to look at the personal information of another employee such as their home address, phone numbers, ID numbers, etc. Appsian allows you to create alerts around this kind of activity so you can quickly respond in an appropriate manner.

Appsian’s enhanced PeopleSoft’s logging capabilities and real-time analytics allow you to detect, understand, and report when an employee is viewing co-worker PII data. It provides granular data that shows you the specific employee ID that looked at personal data, the specific data viewed, to whom it belonged, and whether they’re within the same department.

Contact us today to learn how we can help you take a proactive approach to detect and prevent PeopleSoft data privacy violations, including users viewing co-worker PII data.

Put the Appsian Security Platform to the Test

Schedule Your Demonstration and see how the Appsian Security Platform can be tailored to your organization’s unique objectives

Transform Your PeopleSoft Application from a Mysterious Black Box to an Actionable White Box

Every day, countless people have access to your PeopleSoft application, where they perform a variety of transactions and access critical data. But do you know who is accessing what, from where, and for what purpose? Or do you view your PeopleSoft application as a mysterious black box that YOU HOPE is capturing the level of transaction details you need to understand user behavior around data access and usage?

Fortunately, adding transaction monitoring and real-time analytics to your PeopleSoft application can transform that mysterious black box into a white box that offers complete visibility into user activity.

Why PeopleSoft Application Logs Aren’t Enough For Actionable Insights

The reason why PeopleSoft applications are viewed as a black box is that organizations are likely to lose track of user activity once a user is authenticated into the system. This creates blind spots that allow bad actors to stay undetected for months or years. What’s more challenging is that native PeopleSoft app logs cannot even tell who accessed what, when, from what device, and why.

PeopleSoft applications logs were initially designed for debugging and troubleshooting, which provides insufficient data for breach investigation and remediation. As a result, security teams often end up manually analyzing network and database logs and making assumption-based decisions. This leads to more false positives than actual suspicious activities and potential threats.

How Transaction Logging & Real-Time Analytics Transform The Black Box Into A White Box

A white box, in this case, is your PeopleSoft application but with better clarity. The first big step is to have granular visibility into user activities. Here are three ways transaction logging and real-time analytics can help you achieve clarity and enable you to detect and prevent fraud arising from malicious activities within the system.

1. Keeps You Audit-Ready

If your recorded PeopleSoft app logs aren’t granular enough, your investigation teams will struggle to detect the threats in time. Transaction details like what data was accessed by whom, when, where, and why can determine the context of access and degree of risk. This information enables security teams to monitor user behavior around data access and usage. In addition, granular transaction logging and monitoring capabilities allow administrators to run reports and perform audits.

2. Improved Compliance, Breach Investigation, And Remediation

With mounting regulations, it is crucial to have visibility into how sensitive PeopleSoft data is accessed to protect your organization from legal and financial repercussions. Companies storing PII must leverage contextual application logging data to ensure that sensitive information is accessed only by authorized users. To investigate and respond to breaches efficiently, organizations need to expand logging capabilities to capture additional information such as IP address or location, the webserver being accessed, user ID, pages accessed, actions performed, and more.

3. Transaction Logs & Data Analytics For Real-Time Threat Detection

PeopleSoft breaches have become more user-centric in nature. Companies, therefore, need better visibility into real-time data access and usage trends. Taking all business transactions and aggregating them into visually compelling dashboards that highlight patterns, trends, and anomalies can help security personnel quickly detect and respond to threats.

Appsian Takes the Mystery Out of Your PeopleSoft Application

When it comes to detecting and preventing data security breaches and privacy violations, hope is not a strategy. Unfortunately, native PeopleSoft logging provides limited data, leaving an incomplete audit trail of transaction-level user activity. This is what makes it a black box.

Appsian helps you enhance your logging capabilities by capturing granular transaction details in real-time. The real-time analytics provided by Appsian360 helps convert your PeopleSoft application from a black box of mystery into a white box full of actionable insights. With Appsian360, you can –

Detect Data Security Threats In Real-Time: Enrich data access information with attributes like IP address, user role, geographic location, device, etc., and capture authentication trends like failed login attempts and be alerted to potential attacks.
Uncover Hidden Business Risks: Maintain a complete view of sensitive business transactions, and what (specific) users are doing to effectively detect and respond to fraud, theft, and errors by employees and third parties.
Monitor Employee Productivity: Get detailed information on transaction volume, type of data accessed, contextual details on privileged sessions, and receive alerts on suspicious activities (e.g., unauthorized access).

Schedule a demo with our PeopleSoft experts to learn how our transaction logging and real-time analytics can help you combat security threats, uncover hidden business risks, effectively respond to audit findings and ensure compliance. Without customizations or additional hardware.

Put the Appsian Security Platform to the Test

Schedule Your Demonstration and see how the Appsian Security Platform can be tailored to your organization’s unique objectives

4 Steps That Enable You to Prevent Fraud in Oracle EBS

ERP systems like Oracle EBS are at the core of financial operations for enterprises across the world. With hundreds of transactions occurring daily, it can be hard for audit and security teams to monitor all user activity. This necessitates a strong and strategic approach to identifying and preventing fraud. While there is no single solution that can help you prevent fraud, implementing the right combination of tools and solutions can enable you to identify vulnerabilities and mitigate fraud risk within your Oracle EBS environment.

How To Prevent Internal Fraud in Oracle EBS

Identify Vulnerabilities In Your Oracle EBS Systems

The complexity of Oracle EBS systems makes it difficult to track and monitor user activity. To protect access to critical data and transactions, security and compliance teams need to know who is accessing what. So, the logical first step in your fraud prevention strategy has to be a complete audit of your Oracle EBS applications to analyze your existing data security vulnerabilities. A detailed audit helps you identify weaknesses and provides insights into the improvements required to fill the gaps in your security.

Tip: Instead of burdening your existing security team, employ a third-party audit service that specializes in vulnerability and risk audits. This is a one-time exercise that can help you assess high-risk applications and locate blind spots that your teams may have missed.

Implement Segregation Of Duties

Segregation of Duties (SoD) is a well-established method to effectively reduce the risk of internal fraud. However, many Oracle E-Business Suite customers struggle to implement SoD with SQL reporting and complicated spreadsheets. Identifying role conflicts against hundreds of user roles in a dynamic environment can be time-consuming and an administrative challenge. Instead, opting for an automated SoD solution can help you instantly identify all existing role conflicts/violations and continuously monitor new validations as they occur.

Tip: Check for solutions that provide multiple options to resolve SoD conflicts by pointing out the best combinations of authorization roles.

Streamline User Provisioning

Provisioning plays a key role in ensuring your Oracle EBS users have access only to the data and transactions they require. However, granting user access requests while acquiring and documenting the appropriate approvals is a disjointed process. Also, without the right tools to check for potential Segregation of Duties conflicts before access is granted, new conflicts will inadvertently creep into the system. Streamlining your user provisioning process with an automated system enables you to set up an approval and review process that is documented. Not only does this reduce overprovisioning, but it also simplifies your audits.

Tip: Look for provisioning automation tools that also offer preventive Segregation of Duties checks.

Track And Audit Changes To Critical Data In Real-Time

The ability to monitor changes to data is crucial to identifying and tracking fraudulent activities. Visibility into master data changes, like bank accounts and supplier details, can provide auditors with the information they need to investigate and document potential fraud. While Oracle EBS allows you to audit all changes to selected tables, it does have an option to choose exactly which data and transactions should be audited. So, auditors may end up sifting through large volumes of irrelevant data. However, implementing a solution to track changes to data in real-time ensures that critical data changes are fully transparent. Since all changes to data are logged, you can take charge of your data and decide what to audit and monitor without having to go through hundreds of columns.

Tip: Choose a solution that not only monitors data changes by users but also provides before and after values.

Fraud Prevention in Oracle EBS with Appsian

Appsian enables you to analyze your existing Oracle EBS security without placing any demand on your technical team. It pinpoints weaknesses and makes recommendations to minimize fraud risks. Appsian’s Oracle EBS fraud prevention solution monitors user activity in real-time and logs all changes to the master data, enabling you to promptly investigate for signs of any fraudulent intention. The solution also triggers alerts and notifications to ensure such activities do not go undetected for long and result in huge losses.

Take a first-hand look at Appsian’s Oracle EBS fraud prevention capabilities. Schedule a demo with our ERP experts.

Put the Appsian Security Platform to the Test

Schedule Your Demonstration and see how the Appsian Security Platform can be tailored to your organization’s unique objectives

PeopleSoft Data Privacy: Accessing Executive or Co-Worker Compensation Data

When it comes to PeopleSoft data privacy, the financial, reputational, and regulatory impact of having your employees’ or executives’ compensation or personal data accessed can be catastrophic.

In this Appsian solution demo, you’ll learn how real-time analytics can provide alerts if members of the same department look at each other’s compensation information. Or when a privileged user accesses an executive’s compensation data.

A common request we get from our PeopleSoft customers is to ensure that they are always alerted when somebody accesses an executive’s or co-worker’s compensation information or other personal data. Even when accessing this information is part of an employee’s daily responsibilities, they don’t need to be viewing it every time they access an employee’s record.

Previously, we demonstrated how dynamic data masking and real-time analytics work together to control & monitor access to sensitive information. Here, we’re focusing on compensation information. Receiving an alert and logging activity every time a user accesses this information is critical for monitoring and complying with data privacy policies.

This level of detail can also help organizations tell the difference between legitimate access or when a privileged user accesses this information outside the scope of their everyday responsibilities – which could indicate malicious intent by a disgruntled employee or a compromised account.

Appsian’s Real-Time Analytics allows you to track the number of times a user accesses that data during the day or outside of business hours. So instead of asking “if” a person should have access to that data, you can track how often and when that data is accessed.

Not only are you risking a data privacy violation, but a disgruntled employee could also cause internal conflicts and external PR issues if they leak executive compensation information. Knowing who accessed what and when is critical for ensuring policies are met while aiding in response tactics with full forensic details.

Appsian helps you take a proactive approach to detect and prevent PeopleSoft data privacy violations, including users accessing executive compensation information.

Contact us today to learn how we can help you with alerts when executive or co-worker compensation data is accessed. In addition, we provide the fastest path for applying data masking and logging across all necessary data fields in PeopleSoft.

Put the Appsian Security Platform to the Test

Schedule Your Demonstration and see how the Appsian Security Platform can be tailored to your organization’s unique objectives

Oracle EBS Segregation of Duties: Why Automation is the Answer

When it comes to preventing fraud, segregation of duties is a key component of any compliance and risk strategy. However, enforcing SoD policies within your Oracle EBS applications can be riddled with several challenges, especially if you’re a large organization with thousands of users. From overprovisioning of users due to ill-defined roles to lack of visibility into user activity to tedious audit reporting, the entire SoD exercise can be a compliance nightmare. Ultimately leading to undetected violations, failed audits, and potential fraud.

Here’s how intelligent automation can help you streamline your SoD efforts, prevent fraud, and provide data to validate your compliance measures.

Detecting SoD Conflicts Before They Happen

Oracle EBS admin teams deal with requests every day to grant new roles and authorizations to users either because they are new or assigned new responsibilities. Every time this happens, manually verifying if the new roles result in SoD conflicts is practically impossible. The result? Overprovisioning and SoD conflicts that remain undetected and lead to an increase in fraud risk and audit failures. However, a simulation tool that provides a testing platform for potential violations can detect these conflicts immediately and send alerts to the admin/security teams. When integrated into your Oracle EBS systems, the simulation tool can also enable you to enforce SoD directly into your live environment.

[Tip: Look for a solution that not only alerts you to SoD conflicts but also offers possible solutions to remediate the conflicts so that business operations are not impacted.]

Automated SoD Analysis and Remediation

Automation helps you go beyond static rules that are built into preconfigured libraries. An advanced solution equipped with dynamic modeling and analysis can detect SoD risks based on risk patterns not just within your Oracle EBS environment but across multiple applications. With intelligent automation, you will be able to detect SoD conflicts, sensitive access, and potential policy violations for existing users immediately upon deployment.

Real-Time Auditing and Conflict Resolution

If you’re still using manual processes, conflicts and violations are usually detected after the fact. Automated SoD solutions can analyze user behavior and usage data paired together with vast amounts of historical data in the field of risk assessment to resolve conflicts as they happen. The continuous monitoring of user activity enables you to detect risky user behavior, even within the scope of user’s authorizations. This allows the auditing of specific violation events in real-time.

For example: A buyer who usually issues POs for $5000 suddenly starts to issue $10,000 POs. Even though the buyer in question has the authorization to perform the transaction, this could be a potential fraud risk. An automated solution enables you to flag this behavior for real-time for auditing and validation. Security and admin teams can also use the analysis to focus only on user activities. This allows them to remove redundant authorizations that are not in use, effectively de-provisioning users and mitigating risk.

Effortless Audit Reports

Auditing Oracle EBS roles and authorization can be tedious and time-consuming for internal and external auditors. Manually cross-referencing user activity against role conflicts to identify SoD violations is a huge auditing challenge. The process is inefficient, unscalable, and could lead to mistakes. Failure to detect SoD violations could have serious compliance ramifications for the company.

Automation helps eliminate a large part of manual data collection and analysis. Auditors can instantly access pre-defined risk reports, while security teams can receive automated reports on all roles containing an SoD violation. Users who have performed activities that violate SoD can be identified easily to initiate preventative and remediation measures.

Automate Oracle EBS Segregation of Duties with Appsian

The implementation of segregation of duties as a fraud prevention control is essential for any enterprise; however, detecting SoD conflicts, remediating them, and preventing violations is a whole other game. Appsian enables you to effectively implement SoD across your Oracle EBS applications with an automated solution that works in real-time to detect and prevent SoD violations. It continuously monitors all Oracle EBS user activity and authorization usage to deliver key insights and reports that enable your security and audit teams to implement SoD with significant savings in cost and time.

Schedule a demo with Appsian’s Oracle EBS specialists to understand how you can simplify your SoD journey with automation.

Put the Appsian Security Platform to the Test

Schedule Your Demonstration and see how the Appsian Security Platform can be tailored to your organization’s unique objectives

How to Use PeopleSoft Data Masking and Logging to Detect Security Threats

Security threats exist at the application, transaction, and data level. Unfortunately, default PeopleSoft data masking and logging capabilities are insufficient to meet today’s modern data security and privacy requirements.

In this Appsian Solution demo, we’ll show you how dynamic data masking and real-time analytics work together to secure identity, control & monitor access to sensitive transactions, protect UI data, and provide deep visibility into data access and usage.

While all activity should be monitored for security and compliance purposes, high privilege user accounts should be continuously monitored and analyzed for potentially malicious trends.

Click-to-View Data Masking

Allowing access to sensitive data fields to everyone with valid login credentials can lead to unnecessary exposure, resulting in non-compliance with regulatory requirements such as Sarbanes-Oxley, PCI DSS, HIPAA, GDPR, etc. Appsian offers several types of dynamic data masking, including full, partial, click-to-view masking, or complete redaction to any data field in PeopleSoft.

As we demonstrate in this video, click-to-view field masking helps protect against unnecessary exposure of sensitive data while still allowing users to view data with expressed intent. The Appsian Security Platform (ASP) creates very specific and targeted logs in PeopleSoft. These logging features like click-to-view masking develop a complete audit trail of all data access for quick reference.

Real-Time Analytics

Appsian’s transaction-level activity logging captures granular, real-time information on who a user is, what they’re trying to access, and where they’re coming from. With that information, our real-time analytics application aggregates data access and usage trends. Then, it displays them on a visually rich dashboard, eliminating the time-consuming need to translate unstructured logs into actionable information.

Strengthen PeopleSoft Data Security and Privacy with Appsian

Appsian helps you take a proactive approach to detect and prevent PeopleSoft security threats. In addition, we provide the fastest path for applying PeopleSoft data masking and logging across all necessary data fields.

Contact us today to learn how we can help you quickly respond to security threats with full forensic information and prevent costly data breaches and non-compliance penalties.

Put the Appsian Security Platform to the Test

Schedule Your Demonstration and see how the Appsian Security Platform can be tailored to your organization’s unique objectives

6 Warning Signs of PeopleSoft Privileged Account Misuse

Privileged user accounts are hacker magnets. With cyberattacks getting more targeted and sophisticated, intruders can easily bypass traditional authentication measures. So it’s no wonder that 74% of data breaches stem from privileged account abuse by external hackers and insiders with elevated privilege (according to the 2021 Verizon Data Breach Investigations Report).

Why Compromised Account Activity Is Difficult To Detect In PeopleSoft

PeopleSoft applications usually offer limited monitoring and logging capabilities. Once a user is authenticated at the front door, it is difficult to track their activities within the system. This creates blind spots that allow the bad actors to stay undetected for months or years. A viable solution is to continuously monitor user activity around data access and usage inside PeopleSoft.

6 Warning Signs Of Privileged Account Misuse

When companies monitor outlier behavior patterns, they are more likely to detect compromised accounts or possible malicious activities. This reduces the discovery and containment time and cost. Here are six key signs to monitor that could indicate privilege account misuse in PeopleSoft.

1. Questionable Login Patterns

Always watch out for privileged users trying to log in to PeopleSoft applications outside their working hours. For example, a system admin logging in at 3:00 AM on a Sunday should trigger an alert. Additionally, sudden changes in IP address, location, device, etc., could be possible indicators of privilege account misuse.

2. Deviation From Normal Activities

Let’s say Paula from the HR department needs access to an employee’s payroll information to do her job. You find her trying to access the data outside of her login hours from a suspicious IP address. This could be a sign of privilege misuse.

3. Unusually Long Or Short Session Length

Privileged PeopleSoft users typically have a fixed set of activities. This means the duration a particular application or session is active and a specific credential is logged in could indicate malicious activities. Granular details with logs that capture employee session lengths can differentiate between normal and malicious activities.

4. Unauthorized Changes To Master Data

PeopleSoft applications often have large volumes of sensitive master data stored across multiple siloes. Any changes to master data, such as adjusting a PO amount beyond limits and direct deposit changes, need to be investigated.

5. Unusual Data Downloads And Query Running

Running queries and downloading sensitive PeopleSoft data to unauthorized devices, outside of business hours, and from unknown locations are a few warning signs of privilege abuse. In addition, an employee using unapproved workarounds for transferring data to cloud storage accounts for easy access often leaves critical data and PII vulnerable to attackers.

6. Frequently Failed Attempts At Logging Into Critical Applications

You would typically flag failed password attempts by an external user. Similar attempts by internal privileged users, however, do not raise eyebrows. PeopleSoft passwords being inherently weak, usually become the targets for attack. Erratic behaviors indicating compromised privileged accounts should always generate alerts.

How to Detect and Prevent Privileged Account Misuse in PeopleSoft

Attackers always try to make anomalous behavior appear routine and normal. To protect your PeopleSoft applications, begin with monitoring your privileged user accounts to uncover hidden business risks and data security threats in real-time. Appsian Real-Time Analytics offers the following capabilities to mitigate privileged user risk across your PeopleSoft ecosystem:

Continuously monitoring privileged user activity and behavior at a granular level provides visibility into what they do with their access and how they engage with data.
Detailed logs to capture granular transaction details like discounting, PO amount increases, recurring purchases, etc.
Track all the user access data points with dashboards to track off-peak access, strange IP address access, and access from unknown locations.

The next step is to prevent improper activity by adopting a layered, data-centric security model that includes –

Enhanced access controls with dynamic authorization policies
Expanded use of data masking to all fields considered personally identifiable
Stepped-Up Multi-Factor Authentication to prevent unauthorized access

Schedule a demo with our security experts to mitigate privileged user risk across your PeopleSoft ecosystem.

Put the Appsian Security Platform to the Test

Schedule Your Demonstration and see how the Appsian Security Platform can be tailored to your organization’s unique objectives

How Automation of Oracle EBS Access Review Helps You Save Time and Cost

Oracle EBS applications may have hundreds or even thousands of users logging in daily to access data, generate reports, and perform transactions. These users have multiple roles with varying levels of authorizations that keep changing depending on their job requirements. From a compliance and security point of view, it is essential for any organization to know who has access to what. The purpose of a periodic access review is to first ascertain this data, analyze it, and make informed decisions about user roles, authorizations, and the various risks involved with access. While the process might be straightforward, it can be very time-consuming. This is where automation can make a significant difference to your access review process.

Why Access Reviews Are Tedious

For most organizations, a user access review exercise is done at least once a year. Usually initiated by the internal audit department, the access review process requires business owners to review the Oracle EBS access rights of their respective teams. As a result, the process is highly manual, cumbersome, and time-consuming.

Business owners need to fill out documentation that involves fields like usernames, employment status, role information in relation to the tasks, and access rights. Now imagine going through this process for every single Oracle EBS application and user in the company. For large enterprises, the user numbers could easily be in the thousands. The result? Business managers end up signing off on documentation that they don’t fully understand. And there is a real possibility that the data is simply not accurate.

The next part becomes even more complex when business owners, security teams, or auditors navigate through the pile of data collected to get any meaningful information. The entire process is a huge administrative overhead that ultimately does not deliver enough value for the time invested.

Streamline Oracle EBS Access Reviews with Automation

When you have a large number of users accessing various Oracle EBS applications, the periodic access review process can be a substantial administrative undertaking. A viable solution to this challenge is deploying an access review automation solution that reduces the manual work, eases the process for business managers, and provides data that is useful for your security and audit teams.

Benefits of User Access Review Automation

Reminders: Let’s face it. Business managers have a lot on their plate already. Conducting an access review is not really on the top of their to-do list. Automation allows you to send out reminders to all relevant business managers and reviewers to undertake reviews. Reviewers can also be informed about any open reviews that need to be completed. This reduces the administrative burden of keeping tabs on the reviews and following up on the review status.

Directly Review Uploads: With an automated solution, your reviewers can directly update their assignments as they check them. They no longer need to send the updated review forms to IT staff, making the process simpler for both parties. Your IT and audit teams also have a full view of all completed and pending reviews.

Audit and Risk: Since the process is automated, a complete audit trail of the review is maintained. Any de-provisioning required because of a review can also be fully automated. This helps satisfy your internal auditors and makes data readily available for external auditors. Also, the user access data collected during the review can be directly plugged into risk management solutions to assess application risk, data risk, and compliance levels.

Overall, automation allows you to simplify and streamline your Oracle EBS access review process. It reduces the administrative burden of multiple departments that are involved. As a result, companies can save time and costs while extracting reliable access data that can be used to make critical decisions to achieve compliance and mitigate risk.

Automate Oracle EBS Periodic User Access Reviews with Appsian

Appsian’s Periodic Access Review is an automated access review solution that integrates with your Oracle EBS applications to provide a seamless review experience for all stakeholders. It eliminates manual processes and allows you to undertake Process Owner, Supervisor, and custom reviews of Oracle EBS users.

With automated reminders and escalations built-in, you can conduct multiple reviews at any time, resulting in substantial time and cost savings. The solution also maintains a complete audit trail to provide evidence for your auditors. As well as full visibility of risk so that better, more informed decisions can be made during the review process.

Schedule a demo with our Oracle EBS experts to understand the automated review process and how it can simplify your user access reviews.

Put the Appsian Security Platform to the Test

Schedule Your Demonstration and see how the Appsian Security Platform can be tailored to your organization’s unique objectives

How FTC Updates to “Safeguards Rule” Impact Higher Education Institutions

On December 9, 2021, the Federal Trade Commission (FTC) published a final rule amending the requirements for safeguarding customer information under the Gramm-Leach-Bliley Act (GLBA) (the Safeguards Rule). The Safeguards Rule has long specified cybersecurity standards under which financial institutions must maintain customer information, including higher education institutions (thanks to their participation in the federal student financial aid program). This is a significant development for our Higher Ed customers because it effectively mandates any Title IV participating institution to follow the updated guidelines.

Obligatory disclaimer: This article isn’t legal advice. Instead, it is a high-level look at new security regulations that affect our higher education customers. Therefore, we recommend that you seek guidance from your legal department and other relevant experts.

Key Security Elements of the Updated Safeguards Rule

While the amendments still allow some flexibility, they now include detailed criteria that higher education institutions must implement. This includes more detailed requirements for developing and establishing an information security program. Here’s a brief look at some of the security elements from the updated Safeguards Rule that higher education institutions should be aware of:

314.4(c) Implement and maintain technical and physical access controls on customer information to limit access to authorized users and limit those users’ access to the scope of their authorizations.
314.4(c) Implement measures to “monitor and log the activity of authorized users” and to detect when they have accessed, used, or tampered with customer information outside the scope of their authorization.
314.4(c) “Implement multi-factor authentication for any individual accessing any information system.”
314.4(d)(2)—Implement continuous monitoring of “information systems” (as defined in 314.2) or annual penetration testing with vulnerability assessments at least every six months.
314.4(f)(3)—Periodically assess the information security risks that your institution’s service providers present and the adequacy of the safeguards they deploy to ensure that they are following the provisions of the Rule.
314.4(f)(3)—Periodically assess the information security risks that your institution’s service providers present and the adequacy of the safeguards they deploy to ensure that they are following the provisions of the Rule.

Appsian can help organizations with these requirements. Here’s how:

Implementing fine-grained, dynamic (ABAC) controls while continuing to leverage the role-based controls that are already defined and in-use across the organization.
Implementing dynamic MFA, not just at the perimeter but also at the application, transaction, and data level (inline.)
Granular Activity Logging to provide visibility into data access and usage trends
Real-time user activity monitoring to ensure that security controls are properly enforced
Audit trail to aid investigation and remediation efforts

What Else is Included in the Updated Safeguards Rule

In addition to specific security controls, the amendments also include new requirements for risk assessments and new accountability and reporting requirements to boards of directors. We encourage you to review the revised regulations because some parts of the amendments may be more relevant to your institution’s needs than others. (pages 109–128 of this PDF document specifically cover the new rule)

Effective Date of the Updated Safeguards Rule

Due to the time required to implement many of the described provisions, the effective date of most above-described elements is December 9, 2022.

Next Steps

You don’t want to wait until the last minute to implement any of these security mandates. Contact us today to learn how we can help ensure that your information security program meets these new federal requirements.

Sources, References, and Further Reading:

“Policy Analysis: Revised, Highly Prescriptive FTC Safeguards Rule,” by Jarrett Cummings, EDUCAUSE
“FTC Updates to “Safeguards Rule” Has Impacts for Higher Education Institutions,” by Sarah Pheasant & Jonathan Tarnow Faegre, Drinker Biddle & Reath LLP
Standards for Safeguarding Customer Information (PDF) by The Federal Trade Commission

Put the Appsian Security Platform to the Test

Schedule Your Demonstration and see how the Appsian Security Platform can be tailored to your organization’s unique objectives

Request a Demo

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.

Necessary

Always Enabled

Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Functional

Performance

Analytics

Others

Platforms

Features

Register for an Upcoming Webinar

SAP

PeopleSoft

Appsian360

Review

Webinars

Persona

Register for an Upcoming Webinar

Customers

Video Testimonials

Featured Case Studies

Why Appsian

Management Team

Careers

Press Releases

Partners

Contact Us

Customers

Partners

Home / Blog / PeopleSoft Data Privacy: Detecting When Users View Co-Worker PII Data

PeopleSoft Data Privacy: Detecting When Users View Co-Worker PII Data

Related Articles.

Put the Appsian Security Platform to the Test

Home / Blog / Transform Your PeopleSoft Application from a Mysterious Black Box to an Actionable White Box

Transform Your PeopleSoft Application from a Mysterious Black Box to an Actionable White Box

Why PeopleSoft Application Logs Aren’t Enough For Actionable Insights

How Transaction Logging & Real-Time Analytics Transform The Black Box Into A White Box

Appsian Takes the Mystery Out of Your PeopleSoft Application

Related Articles.

Put the Appsian Security Platform to the Test

Home / Blog / 4 Steps That Enable You to Prevent Fraud in Oracle EBS

4 Steps That Enable You to Prevent Fraud in Oracle EBS

How To Prevent Internal Fraud in Oracle EBS

Identify Vulnerabilities In Your Oracle EBS Systems

Implement Segregation Of Duties

Streamline User Provisioning

Track And Audit Changes To Critical Data In Real-Time

Fraud Prevention in Oracle EBS with Appsian

Related Articles.

Put the Appsian Security Platform to the Test

Home / Blog / PeopleSoft Data Privacy: Accessing Executive or Co-Worker Compensation Data

PeopleSoft Data Privacy: Accessing Executive or Co-Worker Compensation Data

Related Articles.

Put the Appsian Security Platform to the Test

Home / Blog / Oracle EBS Segregation of Duties: Why Automation is the Answer

Oracle EBS Segregation of Duties: Why Automation is the Answer

Detecting SoD Conflicts Before They Happen

Automated SoD Analysis and Remediation

Real-Time Auditing and Conflict Resolution

Effortless Audit Reports

Automate Oracle EBS Segregation of Duties with Appsian

Related Articles.

Put the Appsian Security Platform to the Test

Home / Blog / How to Use PeopleSoft Data Masking and Logging to Detect Security Threats

How to Use PeopleSoft Data Masking and Logging to Detect Security Threats

Click-to-View Data Masking

Real-Time Analytics

Strengthen PeopleSoft Data Security and Privacy with Appsian

Related Articles.

Put the Appsian Security Platform to the Test

Home / Blog / 6 Warning Signs of PeopleSoft Privileged Account Misuse

6 Warning Signs of PeopleSoft Privileged Account Misuse

Why Compromised Account Activity Is Difficult To Detect In PeopleSoft

6 Warning Signs Of Privileged Account Misuse

How to Detect and Prevent Privileged Account Misuse in PeopleSoft

Related Articles.

Put the Appsian Security Platform to the Test

Home / Blog / How Automation of Oracle EBS Access Review Helps You Save Time and Cost

How Automation of Oracle EBS Access Review Helps You Save Time and Cost

Why Access Reviews Are Tedious

Streamline Oracle EBS Access Reviews with Automation

Benefits of User Access Review Automation

Automate Oracle EBS Periodic User Access Reviews with Appsian

Related Articles.

Put the Appsian Security Platform to the Test

Home / Blog / How FTC Updates to “Safeguards Rule” Impact Higher Education Institutions

How FTC Updates to “Safeguards Rule” Impact Higher Education Institutions

Key Security Elements of the Updated Safeguards Rule

Register
for an Upcoming
Webinar

Register
for an Upcoming
Webinar