San Joaquin County Improves Peoplesoft Security To Provide Mobile Access

EXECUTIVE SUMMARY

The Information Systems Division (ISD) of San Joaquin provides information processing services, support, and coordination to all county departments. Since 2002, the County has been using PeopleSoft Finance (9.2), HCM (9.2) and, PeopleTools (8.55.27) modules. The ISD wanted to mobilize PeopleSoft to allow county employees to be able to access PeopleSoft Self-Service outside the corporate network on their mobile devices or home computers. Realizing that opening PeopleSoft applications to the public internet could pose significant security concerns, the County administration sought Appsian to fortify their PeopleSoft environment. Appsian Security Platform (ASP) fulfilled the security gaps, and the ISD was successful in delivering secure self-service transactions to county employees.

CHALLENGES

The San Joaquin County’s ISD set out to roll out PeopleSoft to the public internet so that employees could perform self-service transactions (such as viewing paychecks) – anywhere, anytime, from the ease of their home computers or mobile devices. The ISD’s primary concern was to protect sensitive data from unnecessary exposure when accessed remotely.

Native security capabilities within PeopleSoft posed certain limitations. Out-of-the-box, features like data masking and access controls within PeopleSoft are governed by static, role-based rules. As a result, users can either view all the sensitive data or nothing at all.

SOLUTION

The San Joaquin County administration utilized the Appsian Security Platform (ASP) to secure their PeopleSoft self-service transactions for remote/mobile access. Using ASP, the county ISD was able to integrate DUO’s 2FA on field-level, challenging users to reconfirm identity while accessing a sensitive data record. Least privilege access was implemented so that even privileged users could only use low-risk self-service transactions while accessing the applications remotely. ASP allowed the customer to implement access controls based on the context of user activity. For self-service transactions containing PII or sensitive corporate data, dynamic masking was used to protect them from unnecessary exposure. The County also used Appsian’s Single-Sign-On solution to build SAML support for PeopleSoft applications. Lastly, the county deployed user-activity logging to record detailed activity data, including granular information (such as who is accessing the transaction, from where, when, user actions and device details and more).

RESULTS

Using ASP, San Joaquin County was able to securely deliver PeopleSoft self-service transactions to their employees anywhere on any device. Since ASP could be deployed without requiring any additional hardware or custom development, it helped save associated costs and efforts. Equipped with native SAML compatibility in PeopleSoft, the San Joaquin ISD was able to quickly integrate SSO and MFA solutions to simplify user authentication and secure remote access. Field-level MFA also allowed the customer to secure access without compromising usability and allowed users to access sensitive data if needed. The detailed logging facilitated by ASP ensured that all activity is recorded granularly and could be referred to monitor and track suspicious activity in case of security incidents. Contextual access controls allowed the county to minimize the risk associated with remote access, high-privilege accounts, and more.