Cornell University is a private and statutory Ivy League research university in Ithaca, New York. Founded in 1865, the university continues to make contributions in all fields of knowledge – from the classics to the sciences, and from the theoretical to the applied. A PeopleSoft customer since 1995, the team at Cornell University continually uses, supports and actively invests in PeopleSoft Campus Solutions.
Cornell University’s IT department set out to improve logging for PeopleSoft Campus Solutions. Their aim was to record user activity data that wasn’t captured by native authentication and database logs.
The PeopleSoft Development team’s initial approach was to undertake custom programming to build the desired capability. However, they quickly found the process to be extremely intensive with mediocre results and significant negative system performance ramifications.
PeopleSoft’s native logging capabilities were originally intended for troubleshooting and testing purposes – not capturing user activity data. The logs are bulky, unstructured, and provide limited information required for modern-day compliance reporting. Furthermore, the log data lacks any context around user activity. These limitations caused a gap in capabilities necessary for the University’s incident response, auditing and compliance efforts.
The University’s IT department utilized the Appsian Security Platform (ASP) to enhance PeopleSoft’s logging capability by recording user-centric data points such as the location of access, user id, field, and transaction-level interaction, IP addresses and more.
ASP’s user activity logging will allow internal audit teams to conduct periodic and on-demand audits efficiently. The logs generated by ASP will also help acquire necessary data for GDPR and FERPA compliance reports. Furthermore, the institution will be leveraging the newfound information to monitor for credential compromise and insider threats such as privilege misuse, data leakage, and more.
Using Appsian Security Platform, the IT and PeopleSoft teams at Cornell University are able to generate rich and comprehensive user activity logs. Equipped with granular details on the context of access, ASP’s logs can be readily used for faster reporting and data visualization.
The enhanced logging capability allows the University’s IT team to be prepared for incident response and fast-track compliance reporting requests. The user activity logs also enable the customer to maintain an efficient audit trail for internal governance and audit.