STATE OF NORTH DAKOTA IMPROVES PEOPLESOFT VISIBILITY & ACCESS CONTROLS

With Appsian’s Application Security Platform

Following a strategic decision to strengthen data security, IT leaders at the State of North Dakota set out to upgrade their PeopleSoft infrastructure. The goal was to equip HCM, Financials, and Enterprise Learning Management applications with advanced features that improved access controls, managed risk exposure, and increased visibility of user activity. Using Appsian’s Application Security Platform, the State deployed MFA capabilities, contextual data masking, location-based access rules, and enhanced logging to achieve their desired results.

INDUSTRY

  • Public Sector

EMPLOYEES

  • 15,000

PROFILE

The State of North Dakota administrative office comprises of over 70 state agencies to provide exceptional community, family, health, education, security, transportation and more services to the citizens of North Dakota.

  • SafeNet MFA
  • Dynamic Masking & Click-to-View
  • Location-Based Security
  • PeopleSoft Logging

HIGHLIGHTS

  • Enabled multi-factor authentication with SafeNet
  • Implemented role-based, field-level masking
  • Improved remote access security with location-based access controls and dynamic MFA challenges
  • Enhanced logging with filtered activity logs

CHALLENGE

The State of North Dakota wanted to:

  • Reduce the unwanted exposure of sensitive data by redacting/masking personally identifiable information of employees and third-party associates, which wasn’t possible with PeopleSoft’s out-of-the-box capabilities.
  • Improve visibility into user activity across applications on a granular, transactional-level but the native logs provided information on login and logout instances only.
  • Limit access to sensitive transactions to their secure corporate network – functionality that is not a part of the application’s delivered security.

SOLUTION

Using Appsian’s Application Security Platform, the State of North Dakota implemented field-level masking of sensitive data across their PeopleSoft HCM, FSCM and ELM applications. While sensitive data was masked for most users, certain high privileged roles were allowed access through a ‘click-to-view’ feature that logs the deliberate user interaction and exposure of sensitive data fields. Location-Based Security was also implemented to protect access to bank account pages from outside of State of North Dakota’s network, where self-service users had to pass a multi-factor authentication challenge to perform a transaction. Field-level logging was implemented to monitor user activity and the logs were separated by recruiter access, admin roles, payroll admin roles, and other filters to simplify auditing.

RESULTS

Following ASP’s implementation, the State of North Dakota leveraged their existing 2FA provider, SafeNet, to challenge users to reconfirm identity at page/component level, specifically while performing self-service tasks remotely. The secured remote access for banking transactions improved the security of employees’ payroll data and aided defense against payroll diversion. The click-to-view functionality allowed the State to increase visibility into privileged users’ activity while still allowing them to access sensitive data to perform their day-to-day jobs. Furthermore, the enhanced logs recorded every user transaction which could be referenced to notice, investigate and remediate suspicious activity. The solution resulted in improved security not just for employees of the state but for 3rd party suppliers as well.

“Cybersecurity is a priority for the State, and Appsian’s solution allowed us to enhance our security posture to provide even stronger safeguards of our critical systems and personnel data, while providing greater visibility for administrators into transaction-level detail.” Jeff Larshus, Director of State Financial Services, North Dakota Management and Budget

Want to see what Appsian can do for your ERP systems?

Request a Demo
Appsian

© 2019 Appsian. All rights reserved. | Privacy Policy