×

Remote Access to PeopleSoft Poses Security Risks

Secure Critical ERP Functions and Mitigate Risks While Users Are Accessing Remotely

Can your organization maintain strict data security policies when access to PeopleSoft is available outside your corporate network?

A strategic step towards upgrading the PeopleSoft user experience is by making transactions mobile-friendly. Companies are prioritizing remote access to self-service modules like benefits enrollment, time entry, approvals, and student self-service so that users can complete tasks on their own time and often on their own devices. Despite the benefits of mobilizing and opening applications for PeopleSoft remote access, security ramifications are a major concern. Expansion of access to sensitive data beyond a secure network perimeter increases the risk of threats and more successful breaches. Also, the proliferation of user-centric threats adds to the risk, as hackers increasingly target individual users and devices – leveraging the human-error factor to their advantage. 

Key Challenges

PeopleSoft applications lack native SAML support. As a result, PeopleSoft applications cannot connect with SAML supporting ID providers and are likely to be alienated from other enterprise applications. Most off-the-shelf SSO providers are unaware of this limitation and suggest custom development, which is costly, time-consuming, and often requires the purchase of additional hardware. 
PeopleSoft allows organizations to implement role-based access controls (RBAC) based on static rules. With increased remote access from outside a secure network, organizations need more flexibility to control what users can access based on contextual information. RBAC cannot use dynamic information such as project ID, company code, IP address, location, device type, and more to authorize access. 
PeopleSoft’s primary security model of username & password authentication is limited to an application’s login – a limitation that still exists with third party MFA add-ons. After a user passes login, you have no way of protecting the data across your PeopleSoft applications. This gap in security control means that a malicious insider with access to high privileged credentials could pass login and then have access to your PeopleSoft systems and data. 
Out-of-the-box, PeopleSoft offers high-level logging designed primarily for debugging and troubleshooting. These logs do not provide information on what data was accessed or any details on the context of access, such as who obtained it, when, or from where. Additionally, PeopleSoft lacks the capability to monitor, track, and record user activity on a granular level, along with the context of activity. 
PeopleSoft’s existing data masking functionality is limited and depends on static, role-based rules. That means users who have the privilege to access sensitive data can view it all, no matter where they are accessing the application. As a result, sensitive data fields are vulnerable to exposure if privilege user credentials are stolen or when privileged users download data on personal/home computers using queries. 

Why Appsian

Your ERP investment provides significant ROI over its lifetime. To maximize your investment, expanding remote access and enabling mobile transactions is the best method for ensuring your users remain productive. Appsian helps organizations protect their ERP data with a sophisticated suite of access controls and fine-grained security features. We understand that an expanded threat surface can be daunting, but Appsian can help you meet those challenges head-on.

Appsian is the only solution that natively installs into your PeopleSoft application server and provides contextual access controls, enhanced logging, and analytics:

Key Features

SAML Integration For Single Sign-On

Enable PeopleSoft SAML 2.0 support to integrate with your existing Identity Provider and deliver the convenience of PeopleSoft SSO to any user, on any device. Plus, Appsian gives you the ability to switch Identity Providers (or use multiple) with ease vs. a customized solution.

Learn More
SAML Integration for Single Sign-On

Key Features

Multi-Factor Authentication

With Appsian, you can dynamically deploy MFA challenges (down to data field level) based on the context of access. For example, customers can require an MFA challenge when a user is accessing PeopleSoft from a remote IP address or after business hours. This flexibility can reduce the disruption of MFA, as the level of risk can be aligned to the security challenge.

Learn More
Multi-Factor Authentication

Key Features

Location-Based Security

Security best practices begin with employing least privilege. Appsian allows you to leverage the context of access and apply permissions accordingly. Whether a user is accessing from a secure network or the open internet, you can decide exactly what they can view and what transactions they can execute.

Learn More
Location-Based Security

Key Features

Logging & Analytics

The Appsian Security Platform (ASP) enables granular logging and user activity monitoring for PeopleSoft. ASP allows customers to capture user activity data paired with contextual user information such as device, location, IP address, etc. The transaction-level data is recorded in a structured format that can highlight malicious events, provide actionable data for incident response, and offers ready-to-use audit and compliance reports. 

Learn More
Logging & Analytics

Key Features

SAML Integration For Single Sign-On

Enable PeopleSoft SAML 2.0 support to integrate with your existing Identity Provider and deliver the convenience of PeopleSoft SSO to any user, on any device. Plus, Appsian gives you the ability to switch Identity Providers (or use multiple) with ease vs. a customized solution.

Learn More

Multi-Factor Authentication

With Appsian, you can dynamically deploy MFA challenges (down to data field level) based on the context of access. For example, customers can require an MFA challenge when a user is accessing PeopleSoft from a remote IP address or after business hours. This flexibility can reduce the disruption of MFA, as the level of risk can be aligned to the security challenge

Learn More

Location-Based Security

Security best practices begin with employing least privilege. Appsian allows you to leverage the context of access and apply permissions accordingly. Whether a user is accessing from a secure network or the open internet, you can decide exactly what they can view and what transactions they can execute.

Learn More

Logging & Analytics

The Appsian Security Platform (ASP) enables granular logging and user activity monitoring for PeopleSoft. ASP allows customers to capture user activity data paired with contextual user information such as device, location, IP address, etc. The transaction-level data is recorded in a structured format that can highlight malicious events, provide actionable data for incident response, and offers ready-to-use audit and compliance reports. 

Learn More

Additional Resources

Looking for more in-depth information? Review our resources on data security, compliance, threat protection and more.

Data Sheet

Secure High Value Transactions During Remote Access

Learn More
Data Sheet

Monitor High Privilege Users During Remote Access

Learn More

Appsian is Trusted by

Request a Demo