The Department of Information Technologies at Cornell University wanted to enhance the logging capability for PeopleSoft Campus Solutions. Their goal was to record user interaction with various transactions to improve security and compliance audits. Cornell University’s PeopleSoft Operations and Development team sought Appsian to gain visibility into user activity, and bridge the gaps within existing logs. With Appsian Security Platform (ASP), the customer was able to gather the missing information required to fulfill audit and reporting requirements. The enhanced logs successfully delivered data points needed to extract actionable insights for internal and external audits, risk assessment, and incident response.
Cornell University’s IT department set out to improve logging for PeopleSoft Campus Solutions. Their aim was to record user activity data that wasn’t captured by native authentication and database logs.
The PeopleSoft Development team’s initial approach was to undertake custom programming to build the desired capability. However, they quickly found the process to be extremely intensive with mediocre results and significant negative system performance ramifications.
PeopleSoft’s native logging capabilities were originally intended for troubleshooting and testing purposes – not capturing user activity data. The logs are bulky, unstructured, and provide limited information required for modern-day compliance reporting. Furthermore, the log data lacks any context around user activity. These limitations caused a gap in capabilities necessary for the University’s incident response, auditing and compliance efforts.
The University’s IT department utilized the Appsian Security Platform (ASP) to enhance PeopleSoft’s logging capability by recording user-centric data points such as the location of access, user id, field, and transaction-level interaction, IP addresses and more.
ASP’s user activity logging will allow internal audit teams to conduct periodic and on-demand audits efficiently. The logs generated by ASP will also help acquire necessary data for GDPR and FERPA compliance reports. Furthermore, the institution will be leveraging the newfound information to monitor for credential compromise and insider threats such as privilege misuse, data leakage, and more.
Using Appsian Security Platform, the IT and PeopleSoft teams at Cornell University are able to generate rich and comprehensive user activity logs. Equipped with granular details on the context of access, ASP’s logs can be readily used for faster reporting and data visualization.
The enhanced logging capability allows the University’s IT team to be prepared for incident response and fast-track compliance reporting requests. The user activity logs also enable the customer to maintain an efficient audit trail for internal governance and audit.
Cornell University is a private and statutory Ivy League research university in Ithaca, New York. Founded in 1865, the university continues to make contributions in all fields of knowledge – from the classics to the sciences, and from the theoretical to the applied. A PeopleSoft customer since 1995, the team at Cornell University continually uses, supports and actively invests in PeopleSoft Campus Solutions.
“The Appsian Security Platform has allowed Cornell to selectively address long-standing audit findings and concerns about a lack of comprehensive system and user action logging in PeopleSoft. The system does not provide this functionality off the shelf, and our efforts to custom code a solution were expensive, time consuming and ultimately insufficient. Appsian stepped up with an effective solution, a friendly and efficient implementation team and ongoing support that has exceeded our expectations.”