28% of cyber attacks are perpetrated by bad actors inside the organization. In addition, many insider breaches occur simply by insiders unintentionally misusing data. These threats are particularly difficult as there is no way for an ERP system to decipher if users are leveraging their privilege to access sensitive information for legitimate or malicious purposes.
PeopleSoft does not directly support multi-factor authorization (MFA.) MFA is only possible by leveraging a 3rd party vendor, and even with a vendor, MFA functionality is only possible at the application login screen.
Personally Identifiable Information (PII) is displayed on hundreds of pages in PeopleSoft, thus increasing the scope of a data loss incident.
Running reports and queries in ERP systems is designed to be simple and seamless, thus making the ability to quickly compromise a large volume of data easier.
Expanding current data masking functionality in ERP systems requires additional scripts and customizations applied by role to each page with sensitive data.
Internal auditors cannot determine PII access – who, when, and where. The best alternative is manual triangulation of reports that could take months to reveal actionable insights.
Appsian partners with multiple MFA providers to embed MFA functionality within the PeopleSoft system at the field/page/component level. Appsian’s MFA solution leverages a robust rules engine that contextually determines when an additional authentication challenge is required
Apply full or partial data masking at the page/component/field level and execute controls based on a rules engine
Apply an additional logging step that identifies the user requesting access to a specific data field, thus making audits more effective and efficient