×
[searchandfilter taxonomies="search"]
Home / Blog / How Native SAML/SSO Integration Enhances Oracle EBS Security

How Native SAML/SSO Integration Enhances Oracle EBS Security

By Shiv Sujir • March 11, 2022

Oracle EBS provides a suite of applications that perform several sensitive transactions like payroll processing, order processing, and financial reporting. This makes it crucial for security teams to protect and control access to these applications. However, one major hurdle in securing Oracle EBS is the lack of native SAML/SSO integration.

Enterprises today are facing challenges that are synonymous with modernization and digital transformation, especially when it comes to legacy applications like Oracle EBS. As the number of remote users increases, there is a significant rise in access risk. Without the necessary internal application controls, security teams also have to worry about data exposure and compliance requirements. One of the simplest ways to minimize this risk is by regulating application access through a Single Sign On solution – which can be done easily when your applications support SAML.

Unfortunately, the lack of native SAML/SSO support in Oracle EBS means that enterprises need to either custom-develop access control solutions or invest in additional Oracle products. In both cases, there is a significant increase in costs, complexity, and operational overheads.

Customization Creates More Problems Than Solutions

For large enterprises with sizeable development teams, creating a customized solution to manage Oracle EBS identity and access seems logical. However, customization brings a whole set of challenges that go well beyond the initial coding.

To begin with, customizing code for a third-party application needs specialized knowledge, which means you need a team with specific coding skills. Such projects often require additional hardware and web servers to be set up within the application environment. Once complete, maintaining the custom solution with regular product updates and testing these updates to ensure business continuity increases the workload of the application management and development teams. And finally, without a standardized support model, you will need to keep a support team on the ready.

Considering these technical challenges, the resource requirements, and the cost overheads, customizing a solution for Oracle EBS access management is just not a feasible option in the long run.

Security Benefits of Oracle EBS Native SAML/SSO Integration

Most enterprise security teams strive to provide access to applications using a Single Sign On (SSO) solution enabled by SAML. However, the lack of native SAML support in Oracle EBS can mean losing out on some key security benefits. From the user’s perspective, SSO creates a seamless login experience, reduces password fatigue, and increases productivity. But from a security point of view, there are three main reasons why you should be integrating SAML into Oracle EBS. They include:

Single Point of Authentication

Integrating SAML allows you to bring all your Oracle EBS users under a single Identity Provider (IdP). Coupled with an SSO solution, this creates a single point of authentication that eliminates the need for maintaining, synchronizing, and updating multiple user directories. It also improves ease of access and enhances the user experience.

A Centralized System for User Provisioning

ERP admin teams deal with thousands of access requests. Granting users access separately for Oracle EBS not only complicates the process but also could lead to over-provisioning, segregation of duties conflicts, and compliance violations. A centralized system makes it simpler to manage user access rights by allowing security and admin teams to provision and de-provision Oracle EBS users along with other applications.

Better Password Management

Since there is only one point of access, security teams can enforce password formats that are more resistant to brute-force attacks and stealing. Users can also be forced to change passwords regularly to enhance access security. A side benefit of having a single point of access is that users are more likely to remember their password rather than write it down.

Native SAML Integration with Appsian

To enable SSO, Oracle EBS customers typically have to make additional investments in Oracle Access Manager (OAM), Oracle Internet Directory (OID), and Oracle Unified Directory (OUD). Appsian is an Oracle-certified partner that offers a simple zero code SAML solution that natively integrates with Oracle EBS. It provides a plugin/extension with no coding, no alteration to existing EBS functionalities, no maintenance, and no additional product licenses.

With Appsian, enterprises can execute a robust identity policy across all users, devices, and Oracle ERP applications. Admins can quickly provision and de-provision users across all enterprise applications while maintaining strict password management policies enforced by your IdP. By delivering the SAML integration layer, Appsian connects Oracle EBS to your identity management solution and your enterprise SSO (ex. OKTA, AD, etc.) without complexity and operational overheads.

Schedule a demo with our ERP experts to learn how you can secure access to your Oracle EBS applications with Appsian.

Related Articles.

How Often Should You Perform PeopleSoft User Access Reviews And Why
How Often Should You Perform PeopleSoft User Access Reviews And Why
PeopleSoft teams often face threats caused by excess privilege, malicious insiders, and access misuse. Most of these can be mitigated…...
May 27, 2022
Learn More
How to Detect PeopleSoft Security Threats with Real-Time Analytics
How to Detect PeopleSoft Security Threats with Real-Time Analytics
PeopleSoft applications process and store vast amounts of customer, employee, and financial data that are constantly accessed by an increasing…...
April 12, 2022
Learn More
PeopleSoft Data Exfiltration: Be Alerted to the Violation of Data Security & Privacy Policies
PeopleSoft Data Exfiltration: Be Alerted to the Violation of Data Security & Privacy Policies
The financial, reputational, and regulatory impact of a data breach can be catastrophic. Data exfiltration, whether malicious or accidental, typically…...
April 8, 2022
Learn More

Put the Appsian Security Platform to the Test

Schedule Your Demonstration and see how the Appsian Security Platform can be tailored to your organization’s unique objectives

Home / Blog / MFA Is A “Critical Security Baseline” for Your Zero Trust Strategy

MFA Is A “Critical Security Baseline” for Your Zero Trust Strategy

By Michael Cunningham • March 3, 2022

Following up on last year’s Executive Order to help improve the nation’s cybersecurity posture, the White House released a 30-page zero trust strategy document outlining several measures federal agencies must enact to secure systems and limits the risk of security incidents. 

The White House noted that the growing threat of sophisticated cyberattacks (for example, SolarWinds, ransomware, and Log4j vulnerability) underscores that the Federal Government “can no longer depend on conventional perimeter-based defenses to protect critical systems and data.” 

And neither should you. 

Instead, the Federal Government will focus on multifactor authentication as a critical part of its security baseline. In fact, strong authentication, as provided by a strong and dynamic MFA, is a necessary component of any zero trust strategy.  

What’s Good for the Feds is Good for the States 

If you’re a state or local government, I recommend that you review the White House’s zero trust strategy document. You won’t be bound by their mandated timelines, but the document is full of best practices and sound advice. Briefly, the security goals are based on the maturity model developed by the Cybersecurity and Infrastructure Security Agency. CISA’s zero trust model describes five complementary areas of effort (Image Source: White House):  

CISA Five Pillars for Zero Trust Strategy

Again, all good advice. I want to point out two key actions mandated by CISA related to multifactor authentication: 

  1. Federal Agencies “must employ centralized identity management systems for agency users that can be integrated into applications and common platforms.”
  2. MFA must be enforced at the application layer instead of the network layer.

Unfortunately, the majority of our clients in the government sector use ERP applications like PeopleSoft, SAP ECC, and Oracle EBS whose native architecture does not allow for the seamless integration of MFA solutions that can be A) integrated at the field/transaction levels of workflows or B) deployed dynamically with each unique context of access.  

These traditional ERP applications use static security controls to govern access. These controls fail to provide protection beyond the traditional perimeter-based security because they do not leverage contextual attributes. Put another way, these ERP systems do not allow a seamless integration of MFA solutions and make it challenging to achieve strong authentication for zero trust. 

Centrally Managed MFA to Enable Zero Trust Security with Appsian 

Fortunately, requiring dynamic MFA that is integrated inside ERP applications is one of the most common use cases our Appsian Security Platform solves.  

The platform can enforce zero trust security policies that can dynamically secure data and regulate access based on contextual attributes (e.g., IP address, time of day, location, user security clearance, data classification, device used, max dollar amounts, etc.). Additionally, Appsian can help bring your zero trust strategy to life with: 

  • Context-Aware Access Controls (with ABAC) – Fine-grained controls help you set dynamic access permissions for users down to the transaction and field level 
  • Step-Up Authentication – Integrate enterprise MFA at field level for re-authentication when a user requests access to sensitive data 
  • Transaction Monitoring & Control – Monitor high-risk transactions and automatically remove privileged access rights to stop potentially high-risk user activity
  • Data Masking – Enforce full, partial, or click-to-view data masking to obscure sensitive data and protect against unnecessary data exposure
  • Logging & Analytics – Capture detailed logs to get real-time visibility and insights into user access, IP address of frequent transactions, asset inventory, and other vital data.

Contact Appsian today for a demo to learn how we develop native integrations between Oracle and SAP ERP applications and some of the top MFA providers in the market. 

Related Articles.

How Often Should You Perform PeopleSoft User Access Reviews And Why
How Often Should You Perform PeopleSoft User Access Reviews And Why
PeopleSoft teams often face threats caused by excess privilege, malicious insiders, and access misuse. Most of these can be mitigated…...
May 27, 2022
Learn More
How to Detect PeopleSoft Security Threats with Real-Time Analytics
How to Detect PeopleSoft Security Threats with Real-Time Analytics
PeopleSoft applications process and store vast amounts of customer, employee, and financial data that are constantly accessed by an increasing…...
April 12, 2022
Learn More
PeopleSoft Data Exfiltration: Be Alerted to the Violation of Data Security & Privacy Policies
PeopleSoft Data Exfiltration: Be Alerted to the Violation of Data Security & Privacy Policies
The financial, reputational, and regulatory impact of a data breach can be catastrophic. Data exfiltration, whether malicious or accidental, typically…...
April 8, 2022
Learn More

Put the Appsian Security Platform to the Test

Schedule Your Demonstration and see how the Appsian Security Platform can be tailored to your organization’s unique objectives

Home / Blog / [Customer Story] How Appsian Solved University of Nebraska’s Unique SAML Authentication & IdP Configuration

[Customer Story] How Appsian Solved University of Nebraska’s Unique SAML Authentication & IdP Configuration

By Esha Panda • March 3, 2022

The University of Nebraska uses PeopleSoft Campus Solutions for its student information system and wanted to streamline authentication for students, faculty, and staff across eight separate campus locations. So, they turned to a single sign-on integration solution from Appsian that enhanced security practices but was flexible enough to allow the eight campuses to retain the Identity Provider (IdP) of their choice.

Centralized SAML Authentication & Scalability: The Missing Pieces

When the University approached Appsian for a SAML SSO, they were currently using a custom, home-grown solution. This solution was not scalable in the long term and created a significant amount of complexity.

Our team realized that the University of Nebraska was struggling with three key challenges –

  • The University uses two instances of PeopleSoft – One for the University System (five campuses) and one for the State College System (three campuses).
  • Each campus has its own PeopleSoft Internet Architecture (PIA) within its designated instance of PeopleSoft.
  • The University utilizes eight different Identity Providers (IdPs) across all locations.

To streamline the SAML authentication process and improve the user experience across multiple applications, the University had to reduce the overall number of authentications by centralizing authentication management from a common platform. The University’s IT security leadership was impressed with Appsian’s ability to provide continuous support and offer creative and sustainable alternatives to offer the best solution for SAML integration.

Solving the University’s Unique IdP Configuration

The University’s security team was looking for PeopleSoft SAML integration to deliver a single sign-on solution that met their unique configuration requirements. Appsian’s solution was attractive to them since it was native to PeopleSoft. It enabled all eight campuses to retain the IdP of their choice. In addition, they could map to any one of the eight PIA instances.

“Instead of viewing our unique configuration as “the client’s problem,” Appsian looks for creative and sustainable alternatives to provide the best solution,” said William Barrera Fuentes, Director of the Nebraska Student Information Systems.

We enabled some unusual configurations that ensured all eight campus locations (and PIAs) could keep using their IdPs without sacrificing security or flexibility. Their team was happy that the cost of ownership did not increase by deploying additional infrastructure to support SSO and SAML authentication.

Native SAML Compatibility for PeopleSoft & Secure SSO With Appsian

Appsian’s PeopleSoft customer base includes multiple organizations in the education sector like the University of Nebraska looking for a configurable SSO solution with no custom development. With Appsian’s PeopleSoft SSO Connector, organizations can:

  • Leverage existing investment in SSO solutions to authenticate PeopleSoft sessions via SAML-based Identity Providers
  • Access PeopleSoft via deep link navigation (sent by email or other communication channels)
  • Support multiple IdPs concurrently for consolidated systems with separate user groups
  • Deploy your multiple IdP’s SSO in PeopleSoft as quick as 7 days with no additional hardware or custom coding

Schedule a demo with our experts to learn how Appsian integrates native SAML functionality in PeopleSoft to deliver a seamless Single Sign-On.

Customer Profile:

The University of Nebraska is the state’s only public university system, consisting of five campuses, each with a distinct role and mission. Together the campuses enroll 51,000 students and employ 16,000 faculty and staff who serve the state and world through education, research, and outreach.

Related Reading: University of Nebraska Case Study 

Related Articles.

How Often Should You Perform PeopleSoft User Access Reviews And Why
How Often Should You Perform PeopleSoft User Access Reviews And Why
PeopleSoft teams often face threats caused by excess privilege, malicious insiders, and access misuse. Most of these can be mitigated…...
May 27, 2022
Learn More
7 Benefits Of Automating User Access Reviews In PeopleSoft
7 Benefits Of Automating User Access Reviews In PeopleSoft
When PeopleSoft users transition to different roles or offboard, their previous roles and accounts in the system often remain intact.…...
May 6, 2022
Learn More
8 Critical Success Factors For Achieving Audit-Readiness In PeopleSoft
8 Critical Success Factors For Achieving Audit-Readiness In PeopleSoft
Maintaining a state of audit readiness has become more critical than ever for organizations using PeopleSoft and other ERP systems…...
May 2, 2022
Learn More

Put the Appsian Security Platform to the Test

Schedule Your Demonstration and see how the Appsian Security Platform can be tailored to your organization’s unique objectives

Home / Blog / [Podcast] Automated Controls for Compliance – How and Why

[Podcast] Automated Controls for Compliance – How and Why

By Michael Cunningham • March 2, 2022

Appsian’s Vice President of Product Strategy & Customer Experience, David Vincent, appears in the latest episode of Brilliance Security Magazine Podcast. The focus of the conversation between David and host Steven Bowcut is automated controls for compliance. 

Their wide-ranging conversation also includes the challenges associated with manually maintaining compliance, how automated controls can affect compliance, some leading practices for effective data security & privacy compliance, and more.

Listen to the full episode here:

 

Episode Highlights

Organizations still face challenges associated with manually maintaining compliance. David first explained how automated controls can reduce and alleviate the amount of manual effort involved with compliance. Next, David took a deep dive into some of the leading practices that organizations are using to implement and establish effective data security & privacy compliance programs, including:

  • Establish effective security and data privacy policies as part of the compliance program.
  • Centralize your effort to manage Security, Risk & Compliance across all your business application to realize greater efficiency, productivity, transparency, and cost savings.
  • Enable defense-in-depth by maintaining effective control at the three most important levels of an application – Access to application, access to the transactions, and access.
  • Enable policy enforcement and dynamic controls at the access, transaction, and data level with the Attribute-Based Access Control security model.
  • Ensure you have an appropriate balance of effective detective, preventative, responsive, and recovery controls capabilities to manage threats.
  • Constantly understand your compliance risk exposure with a fully automated Continuous Risk Assessment process.
  • Constantly understand your compliance control effectiveness with a fully automated Continuous Control Assessment process that test 100% of your transaction populations 24/7/365.
  • Perform Control Rationalization across all your business applications to reduce redundant controls that lead to excessive costs.
  • Perform Control Optimizations to replace manual controls with automated controls.
  • Enable a common control framework across your business applications for all of your compliance programs to realize greater efficiency and cost savings.
  • Monitor the two most important key performance indicators for risk and compliance: residual risk levels compared to your risk appetite levels to determine if you need to improve the operating effectiveness of your controls
  • Enable effective Vulnerability Management to quickly identify and resolve your vulnerabilities to avoid threats, and
  • Conduct independent assessments of your Risk, Control, and Vulnerability Assessments to continuously improve your capabilities.

Appsian is helping organizations achieve their audit risks, compliance program objectives. Appsian provides automated controls for compliance and helps organizations achieve their audit, risks, and compliance program objectives. We provide automation, analytics, and standardization to help organizations improve their efficiency and lower their costs to achieve those objectives.

Contact us for a demonstration today.

Related Articles.

How Often Should You Perform PeopleSoft User Access Reviews And Why
How Often Should You Perform PeopleSoft User Access Reviews And Why
PeopleSoft teams often face threats caused by excess privilege, malicious insiders, and access misuse. Most of these can be mitigated…...
May 27, 2022
Learn More
How to Detect PeopleSoft Security Threats with Real-Time Analytics
How to Detect PeopleSoft Security Threats with Real-Time Analytics
PeopleSoft applications process and store vast amounts of customer, employee, and financial data that are constantly accessed by an increasing…...
April 12, 2022
Learn More
PeopleSoft Data Exfiltration: Be Alerted to the Violation of Data Security & Privacy Policies
PeopleSoft Data Exfiltration: Be Alerted to the Violation of Data Security & Privacy Policies
The financial, reputational, and regulatory impact of a data breach can be catastrophic. Data exfiltration, whether malicious or accidental, typically…...
April 8, 2022
Learn More

Put the Appsian Security Platform to the Test

Schedule Your Demonstration and see how the Appsian Security Platform can be tailored to your organization’s unique objectives

Home / Blog / Internal SOX Controls: A Quick Overview

Internal SOX Controls: A Quick Overview

By Shiv Sujir • January 31, 2022

What is Internal SOX Controls?

The Sarbanes-Oxley (SOX) Act of 2002 was established as federal law to ensure accurate financial reporting by public companies and protect the intended users, such as lenders, investors, and government organizations, from financial statement errors and fraud and malpractice.

The Act includes 11 sections, out of which sections 302 and 404 are the most relevant to internal SOX controls. SOX section 302 defines the corporate responsibility for certifying the financial reports. Section 404, known as Management Assessment of Internal Controls, specifies requirements for maintaining and monitoring internal controls related to the company’s financial reports.

What is An External SOX Audit?

Section 404 requires businesses to have an annual audit of internal SOX controls performed by an independent external auditor. The purpose of the external audit is to enhance the degree of confidence of the intended users in the accuracy and completeness of the company’s financial reports, including balance sheets, income statements, cash flow statements, and statements of shareholders’ equity.

4 Key SOX Compliance Requirements

Any company that needs to comply with SOX must meet the following requirements annually. While each organization may establish its own compliance best practices, the ultimate goal is to meet four key requirements.

Management Responsibility:

SOX requires a company’s CEO and CFO to personally certify that all records are complete and accurate. Specifically, they must confirm that they accept personal responsibility for all internal controls and have reviewed these controls in the past 90 days. Failure to do so can result in heavy fines of millions of dollars and imprisonment.

Internal Controls:

The SOX act stipulates that public companies need to file a report that demonstrates the existence and efficacy of internal controls pertaining to financial records. Once again, SOX puts the burden of implementing these controls on the CEO and CFO to ensure the integrity and accuracy of financial information.

Data Security Policies:

Organizations that fall under the SOX act must create and implement data security policies that are designed to protect the storage and use of financial information. These policies should be communicated across the organization and enforced consistently to prevent financial inaccuracy or misinformation.

Proof of Compliance:

Companies are required to maintain and provide documentation that proves that all compliance requirements are being met. Also, all controls pertaining to SOX must be continuously monitored, tested, and recertified to measure SOX compliance objectives.

Impact of Internal SOX Controls on ERP Systems

Layered Internal Controls

The consistent implementation of internal controls mandated by SOX means that organizations must ensure adequate controls within all applications, including ERP systems. However, the role-based access controls provided by most ERP vendors are not fine-grained enough to demonstrate internal SOX controls.

To implement and demonstrate controls, organizations need to be able to implement layered access controls, often called defense-in-depth, that go beyond the initial point of access. Security teams must be able to monitor who is accessing what, when, and from where. This requires controls to be implemented at the access, transaction, and data field levels.

Even if you succeed in implementing these controls, SOX demands that these controls be continuously tested and monitored, making control recertification an integral part of your ERP SOX compliance process. And finally, your internal audit teams must be able to pull reports and logs that can undeniably verify the existence and efficiency of these controls.

Segregation of Duties Management

Segregation of Duties (SoD) is another aspect of SOX that affects ERP applications. Detecting and preventing SoD violations is vital to managing risk and fraud. When ERP admins need to manage thousands of roles and authorizations requests, there is a real risk of user over-provisioning and role conflicts that could lead to financial fraud. However, manually tracking each role and the resulting conflicts between roles is practically impossible.

To counter this challenge, automated SoD management solutions can be implemented across your applications. Automated cross-application SoD capabilities help you monitor role conflicts and SoD violations in real-time. They also manage your overall application risk from a single platform.

How Appsian Enables Internal SOX Controls in ERP

The Appsian Security Platform provides organizations with a range of controls and monitoring solutions that enable your security and compliance teams to not only implement internal SOX controls but also demonstrate their effectiveness at multiple levels.

Attribute-Based Access Controls

With Appsian’s ABAC capabilities, organizations can enhance their existing role-based access controls by taking contextual risk into account. For example, when users log into ERP applications, ABAC allows you to implement granular policies based on attributes like time, device, IP address, locations, etc. This information enables you to allow or deny access to sensitive information based on the context of access and significantly reduce data exposure in high-risk scenarios.

Adaptive Internal Controls

SOX requires companies to implement controls on access to and modification of data that affects financial reporting. Appsian enables internal controls at the ERP data field and transaction levels with tools like data masking and step-up multi-factor authentication for sensitive transactions. Coupled with Appsian’s ABAC capabilities, these layered controls can be activated based on contextual risk while allowing users full access when the risk is acceptable.

Automated SoD Management

Manually managing thousands of roles and authorizations while ensuring there are no SoD conflicts is a challenge for most organizations. Appsian automates SoD management by monitoring user activity and role usage in real-time. It pinpoints any current SoD violations of users and roles and prevents potential conflicts by testing roles in advance. Appsian’s cross-application capability also allows you to manage ERP risk with a single platform and implement SOX compliance consistently in all your ERP systems.

Learn how Appsian enables SOX compliance across your ERP applications with cross-application risk management, continuous controls monitoring, and adaptive internal controls. Schedule a demo with our ERP compliance experts.

Related Articles.

8 Critical Success Factors For Achieving Audit-Readiness In PeopleSoft
8 Critical Success Factors For Achieving Audit-Readiness In PeopleSoft
Maintaining a state of audit readiness has become more critical than ever for organizations using PeopleSoft and other ERP systems…...
May 2, 2022
Learn More
JD Edwards Security Audit: 7 Questions To Ask Before Choosing An Audit Solution
JD Edwards Security Audit: 7 Questions To Ask Before Choosing An Audit Solution
Auditing an ERP system like JD Edwards (JDE) for security risks is a complex, time-consuming, and tedious process. Security teams…...
April 11, 2022
Learn More
[Podcast] Automated Controls for Compliance – How and Why
Appsian’s Vice President of Product Strategy & Customer Experience, David Vincent, appears in the latest episode of Brilliance Security Magazine…...
March 2, 2022
Learn More

Put the Appsian Security Platform to the Test

Schedule Your Demonstration and see how the Appsian Security Platform can be tailored to your organization’s unique objectives

Home / Blog / How Appsian Enhances SAP GRC with Cross-Application SoD & Risk Management

How Appsian Enhances SAP GRC with Cross-Application SoD & Risk Management

By Shiv Sujir • December 31, 2021

What is SAP GRC?

SAP Governance, Risk, and Compliance (SAP GRC) is a set of SAP solutions that enable organizations to meet data security and compliance standards. These solutions also provide control mechanisms to manage and mitigate risk. SAP GRC consists of four major components and multiple modules that manage risks, controls, identities, cyberthreats, and international trade across the SAP ecosystem.

What are the Components of SAP GRC?

SAP GRC features four major components that unify enterprise risk and control activities on a single technology platform. Each component has a set of modules that serve a specific function. As a whole, SAP GRC solutions give decision-makers the insights needed to adjust strategies and objectives while enabling them to predict, detect, and respond to business threats and opportunities. The four core components include:

Enterprise Risk and Compliance
Modules: SAP Risk Management, SAP Process Control, SAP Financial Compliance Management, SAP Business Integrity Screening

Cybersecurity, Data Protection, and Privacy
Modules: SAP Enterprise Threat Detection, SAP Privacy Governance, SAP Data Custodian

Identity and Access Governance
Modules: SAP Access Control, SAP Cloud Identity Access Governance, SAP Identity Management, SAP Single Sign-On

International Trade Management
Modules: SAP Watch List Screening, SAP Global Trade Services

Enhancing Your SAP GRC Capabilities with Appsian

While SAP GRC is a good tool to implement GRC across your SAP systems, it has certain noteworthy limitations. Appsian’s GRC solution goes beyond the SAP ecosystem to provide unprecedented visibility of real-time authorization usage and implement fine-grained, adaptive controls across applications. This significantly improves security while reducing fraud, risk, and exposure to sensitive data at an enterprise level. In addition, Appsian can be deployed as a stand-alone solution or combined with your existing SAP GRC solution to enhance security and risk management.

Here are some of the ways Appsian can enhance your GRC capabilities.

Cross Application Connectivity

Most companies utilize multiple ERP platforms for their business operations. Though SAP GRC offers a range of modules and controls, it can be deployed only within other SAP applications. Appsian integrates with several business applications like Salesforce, Workday, Oracle, Microsoft, Infor, or industry-related applications without any third-party connectors. Appsian GRC seamlessly connects all your applications to a centralized system for unified GRC management.

Attribute-Based Access Controls

Many ERP applications, including SAP, offer only role-based access controls. While role-based access works well when the user connects through a secure network like the office, today’s workplace demands a more adaptive approach to access controls. Appsian utilizes contextual attributes like location, device, time, IP address, and more to determine access risk and allows security teams to implement policies based on these attributes. Additionally, unlike role-based authorizations that are granted at access, Appsian’s fine-grained controls go beyond the point of access down to the data field and transaction level to deliver layered security, enhanced compliance, and improved user governance across multiple applications using a single control platform.

Authorization Management

As new users are added, and existing users are granted more roles, it becomes increasingly difficult to track and manage user authorizations, especially when dealing with multiple ERP applications. The result is user overprovisioning that creates greater data exposure, SoD conflicts, and overall risk. Appsian tracks authorization usage to recommend the elimination of unused and underused authorizations and access rights, making the monitored applications safer and simpler.

User Monitoring

While SAP GRC allows you to monitor and manage identities and control who has access to information, it provides little insight into what authorized users are doing within the applications. Appsian enables you to know what your users are doing, what tables they are accessing, what changes are being made, and by whom. It provides a detailed report of user activity data and allows you to set up alerts when sensitive information or tables are accessed.

Identification of Irregularities

The ability to continuously monitor user activity across applications also allows Appsian to track each user to identify and compare authorizations within each department or business unit for any discrepancies. The solution sends a notification to the management team of any suspicious activity that needs further investigation. However, the lack of user monitoring in SAP GRC means that such irregularities go unnoticed.

Impact on Licensing Costs

It is well-known that SAP licenses do not come cheap. Additionally, SAP does not provide a clear view of user roles and licenses. This makes it difficult to understand the cost impact of granting new roles/licenses to users. Appsian’s GRC solution considers licensing costs when recommending the best role to grant users by attaching costs to authorized roles and suggesting a less costly role when available. This allows you to manage your SAP license costs better and avoid overprovisioning.

Appsian’s enhanced approach overcomes the limitations of traditional SAP GRC, enabling you to manage identities, access, authorizations, and risk across multiple ERP platforms. Schedule a demo with our ERP GRC specialists to learn more about our GRC capabilities.

Related Articles.

How To Handle Expiring SAP User Role Assignments
How To Handle Expiring SAP User Role Assignments
There are many reasons why SAP customers need to provide temporary access to their applications. These include short-term contractors or…...
December 16, 2021
Learn More
Appsian How-To: Enforce Transaction Level Policy Controls in SAP
The typical business application’s role-based access control (RBAC) security model provides poor dynamic transaction level policy control enforcement. In this…...
November 24, 2021
Learn More
Resolve user-level SoD Violations in Oracle EBS
Appsian How-To: Easily Identify & Explore User-level SoD Violations in Oracle EBS
Automation is simplifying Segregation of Duties. In this video demonstration, you can see how Appsian can identify, explore, and resolve…...
November 9, 2021
Learn More

Put the Appsian Security Platform to the Test

Schedule Your Demonstration and see how the Appsian Security Platform can be tailored to your organization’s unique objectives

Home / Blog / Remote Access Security: How to Replicate the 9 to 5 Workday

Remote Access Security: How to Replicate the 9 to 5 Workday

By Esha Panda • December 23, 2021

Over the last two years, organizations had to move employees out of a secure office environment and provide them with access to corporate ERP applications from multiple remote locations — effectively creating an extensive remote and hybrid workforce. A recent report by Gartner predicts that 47% of knowledge workers will work remotely in 2022, compared to pre-pandemic levels of 27%. With this rise in hybrid working and network connections originating from outside the firewall, organizations are understandably prioritizing remote access security.

In this remote/hybrid work landscape, workers and organizations often struggle to replicate that 9 to 5 experience. An experience where employees commute to an office, sit at a desk, and securely access ERP systems behind the office firewall. The reality is that organizations end up facing the challenge of balancing securing ERP systems and critical data with the access demands of the hybrid workforce.

Let’s be clear about something: workers may work 9 to 5, but they have 24/7 access to your ERP applications. And just like you wouldn’t let employees have access to certain areas of a physical office (if it’s a big office space) at all times of the day and night, you shouldn’t grant them remote access to all areas of the ERP system any time they want. 

There isn’t a single technology that will secure remote access. Instead, organizations should leverage a variety of technologies that together provide the necessary remote access security when users are working “9 to 5” from home or other remote locations.

Implement Dynamic Access Controls 

Remote access security begins by giving users access to only the applications, transactions, and data needed to perform their jobs during the “9 to 5” workday. These dynamic access controls consider the different contexts of user access (i.e., location of access, time of request, device used, IP address, and others) to govern who can use specific applications, the types of transactions they can process, and when. For example, if you wouldn’t allow Ted from payroll to enter the office building at 1:00 AM to access employee bank account data when no one is around, why let him do it from home?  

Reauthenticate Users at the Data and Transaction Level

As we continue to follow Ted around his 9 to 5 workday in-office, he uses his security badge to access the accounting area. An area off-limits to most other employees. Essentially, Ted had to reauthenticate his identity before reaching his desk and executing a payroll run. Now that Ted is part of the hybrid workforce, it makes sense that he should reauthenticate his access with dynamic multifactor authentication (MFA) before changing sensitive data, like employee bank accounts, or running critical transactions, like payroll. Enforcing dynamic MFA allows organizations to implement challenges based on contextual attributes. For example, attributes like location, IP address, time, device type, etc. 

Gain Full Control of Data Access Using Dynamic Data Masking 

Controlling what information an employee can see is critical regardless of office location (on-premise or remote). For example, suppose Ted’s manager accesses his employee record to review his information or department settings. In that case, typically, his date of birth and social security number are on display. Data his manager doesn’t need to see to do their 9 to 5 job. Dynamic data masking leverages contextual access controls to ensure that sensitive data is only accessible by the people that need to see it to accomplish their job. Additional controls can ensure full or partial data masking. At the same time, click-to-view and MFA can create a record of data access for use in an audit. Dynamic Data Masking also means a hacker with compromised credentials will be unable to access or view sensitive data fields.   

Increase Visibility through User Activity Monitoring 

Even with remote access security in place, it’s vital that organizations understand who is accessing what, from where, and for what purpose. For example, a hacker compromises Ted’s credentials and starts accessing ERP applications outside of Ted’s regular 9 to 5 activity. With continuous monitoring of user behavior around data access and usage at a granular level, an organization can detect “Ted’s” suspicious activities and quickly apply an appropriate threat response. 

Appsian’s Approach to Remote Access Security  

As more employees take their 9 to 5 workday outside the confines of the corporate firewall and access ERP applications and data from nearly any location, Appsian can help organizations take a dynamic approach to remote access security. 

Contact Appsian today to learn how our context-aware access controls can anchor your remote access security policies and improve ERP data security for your remote teams. 

Related Articles.

How Often Should You Perform PeopleSoft User Access Reviews And Why
How Often Should You Perform PeopleSoft User Access Reviews And Why
PeopleSoft teams often face threats caused by excess privilege, malicious insiders, and access misuse. Most of these can be mitigated…...
May 27, 2022
Learn More
How to Detect PeopleSoft Security Threats with Real-Time Analytics
How to Detect PeopleSoft Security Threats with Real-Time Analytics
PeopleSoft applications process and store vast amounts of customer, employee, and financial data that are constantly accessed by an increasing…...
April 12, 2022
Learn More
PeopleSoft Data Exfiltration: Be Alerted to the Violation of Data Security & Privacy Policies
PeopleSoft Data Exfiltration: Be Alerted to the Violation of Data Security & Privacy Policies
The financial, reputational, and regulatory impact of a data breach can be catastrophic. Data exfiltration, whether malicious or accidental, typically…...
April 8, 2022
Learn More

Put the Appsian Security Platform to the Test

Schedule Your Demonstration and see how the Appsian Security Platform can be tailored to your organization’s unique objectives

Home / Blog / [Customer Story] How Appsian Implemented Dynamic Data Masking to Help The State of Kansas Secure Sensitive PeopleSoft Data

[Customer Story] How Appsian Implemented Dynamic Data Masking to Help The State of Kansas Secure Sensitive PeopleSoft Data

By Esha Panda • December 22, 2021

Like most state governments, the State of Kansas wanted employees and non-employees to access PeopleSoft self-service within and outside the corporate network. They encountered a common challenge: How do they roll out PeopleSoft self-service to a massive audience while still protecting their data and addressing compliance risks. To fortify their PeopleSoft environment and secure remote access and their data, the State approached Appsian for their dynamic data masking tools.  

Requirements for Dynamic Data Masking

Over a two-year period, the State expanded access to PeopleSoft from 12,000 to all 50,000 state employees, including contractors, truck drivers, police officers, and state police medical contractors who would be using iPads and various mobile and remote workstations.  

However, they did not have any third-party data masking tool for their production or non-production environment. Additionally, the masking capability in their existing PeopleSoft environment presented the following challenges –  

  • Masking was incomplete  
  • It offered no flexibility  
  • The feature only worked on select delivered pages  

The native masking functionality was not working sufficiently for their HCM and FSCM power users. In addition, as their roles were getting more complex, access control became a critical requirement that out-of-the-box PeopleSoft features could not fulfill. 

The State Of Kansas Enhanced PeopleSoft Security With Dynamic Data Masking 

The State deployed MFA capabilities, contextual data masking, and dynamic access controls to fill the security gaps in access control and usage. The State also used the Appsian Security Platform to improve remote access control, manage risk exposure, and increase the visibility of user activity in their FSCM and HCM pillars.  

Following the implementation of Appsian’s Dynamic Data Masking tools and capabilities, the State of Kansas is now able to achieve the following –  

  • Leverage existing static data masking to challenge users to reconfirm identity at a page level  
  • Location-based security to protect access to certain pages for users outside the State’s network  
  • Better visibility into the activities of privileged users while allowing them to access sensitive data to perform their roles efficiently  

Appsian is a Key Enabler For PeopleSoft Data Security & Compliance    

Appsian’s PeopleSoft customer base includes multiple organizations in the government sector like the State of Kansas looking for a single platform to strengthen remote access management, data security, and compliance, including:   

  • Native SAML/ADFS Compatibility And PeopleSoft MFA Integration: Integrating single sign-on and multi-factor authentication natively with PeopleSoft and your identity provider improves security and convenience. Integrated MFA also enables step-up authentication, so users can be forced to re-authenticate when accessing highly sensitive transactions.   
  • Contextual Access Control For Greater Security: Reduce the attack surface with dynamic data masking tools that take into account the contextual variables of a user’s access and define privileges in real-time. Implement least privilege to limit access to modules/transactions, dynamically mask sensitive data, enforce step-up MFA, and more.   
  • Real-Time Analytics For Improved Response Times: Enhanced PeopleSoft logging capabilities capture all user activity at the field, page, and component levels and combine them with contextual user data. Real-time visualized dashboards allow you to quickly spot suspicious activity and drill down to root out issues.   

Contact Appsian’s PeopleSoft experts today to learn how the Appsian Security Platform can help you establish a dynamic data masking solution. 

Customer Profile: 

The State of Kansas administrative office comprises over 100 state agencies to provide exceptional community, family, health, education, security, transportation, and more services to the citizens of Kansas.  

 

Related Reading: State of Kansas Case Study 

Related Articles.

How Often Should You Perform PeopleSoft User Access Reviews And Why
How Often Should You Perform PeopleSoft User Access Reviews And Why
PeopleSoft teams often face threats caused by excess privilege, malicious insiders, and access misuse. Most of these can be mitigated…...
May 27, 2022
Learn More
7 Benefits Of Automating User Access Reviews In PeopleSoft
7 Benefits Of Automating User Access Reviews In PeopleSoft
When PeopleSoft users transition to different roles or offboard, their previous roles and accounts in the system often remain intact.…...
May 6, 2022
Learn More
8 Critical Success Factors For Achieving Audit-Readiness In PeopleSoft
8 Critical Success Factors For Achieving Audit-Readiness In PeopleSoft
Maintaining a state of audit readiness has become more critical than ever for organizations using PeopleSoft and other ERP systems…...
May 2, 2022
Learn More

Put the Appsian Security Platform to the Test

Schedule Your Demonstration and see how the Appsian Security Platform can be tailored to your organization’s unique objectives

Home / Blog / How To Handle Expiring SAP User Role Assignments

How To Handle Expiring SAP User Role Assignments

By Esha Panda • December 16, 2021

There are many reasons why SAP customers need to provide temporary access to their applications. These include short-term contractors or consultants, backup access when an employee is on vacation or suffering a long-term illness or disability, and emergency access scenarios. Regardless of the reason, organizations often encounter a common challenge: temporary SAP user role assignments expire without alerting the users. This lack of notification could potentially leave users locked out of applications or without the ability to perform their assigned tasks.  

One of our clients, a leading multinational company based in Sweden, brought this to our attention and asked us to create an automated process for handling these expiring temporary SAP user roles.   

The Challenges of Managing Expiring SAP User Roles with a Manual Process  

Having to manually search through hundreds of thousands of profiles to find which roles have expired is time-consuming. In addition, it may lead to human errors and frustrated users. An automated role management solution effectively checks if a user still needs a particular role and automatically extends a required role or removes any unused roles.  

For example, let’s consider an SAP user, Sarah. She has a role assignment expiring for her user ID in three days. She would not know that her ID expired until she logs in to the system on the third day and receives an error message. Next, Sarah must contact the helpdesk or her manager to request an extension. The approval process for this request could take 1-2 business days or more. The entire workflow would entail a series of manual processes and approvals. This would affect her ability to perform her daily tasks and negatively impact her productivity.   

Use Automation to Prevent Temporary Roles from Expiring    

Working with our client, Appsian Security created a process that automates how temporary SAP user role assignments are handled. It helps keep the users in control and accountable for their roles and authorizations while allowing them to extend roles if needed. In addition, the process ensures that users are not left without their roles, allowing them to continue performing their regular tasks. This helps improve the user experience and productivity for our SAP customers.   

In a nutshell, Appsian’s automated role management and authorization solution helps SAP customers with the following:    

  • Fewer inquiries: Automating the SAP user role management and authorization process leads to fewer requests placed with the IT department and improves the turnaround time.   
  • Limited glitches: Users would no longer lose the ability to perform their usual duties due to the sudden expiry of temporary role assignments.   
  • Time management: Authorization managers no longer need to waste their time manually adding or removing roles.       
  • Automation: IT teams are relieved of manual approvals and processes.   
  • Resource management: Teams freed from time-consuming manual processes are better utilized for other functions.   
  • Documentation: All processes are now documented, making the workflow more efficient and audit-ready.   
  • Better user experience: With minimal glitches and less time spent on manual processes, there is a significant improvement in user experience.   

Contact us today for a full demonstration of how to automate role management and authorizations in your SAP applications.   

Related Articles.

3 Major Benefits of Implementing Automated User Provisioning For JD Edwards
3 Major Benefits of Implementing Automated User Provisioning For JD Edwards 
Increased compliance regulations and the rising number of internal threats have forced organizations to tighten application access and adopt the…...
April 29, 2022
Learn More
Oracle EBS User Access Review
How Automation of Oracle EBS Access Review Helps You Save Time and Cost 
Oracle EBS applications may have hundreds or even thousands of users logging in daily to access data, generate reports, and…...
March 18, 2022
Learn More
Go beyond traditional SAP GRC capabilities with Appsian
How Appsian Enhances SAP GRC with Cross-Application SoD & Risk Management
What is SAP GRC? SAP Governance, Risk, and Compliance (SAP GRC) is a set of SAP solutions that enable organizations…...
December 31, 2021
Learn More

Put the Appsian Security Platform to the Test

Schedule Your Demonstration and see how the Appsian Security Platform can be tailored to your organization’s unique objectives

  1. Pages:
  3. 1
  4. 2
  5. 3
  6. 4
  7. 5
  8. 6
  9. 7
  10. ...
  11. 34
Request a Demo

Start your free demo

"Learn how you can reduce risk with rapid threat protection, audit response and access control. All from a single, comprehensive platform"

Trusted by hundreds of leading brands