A mobile workplace has become a fundamental demand – and self-service applications and the Fluid UI have made this possible in PeopleSoft. However, expanding access beyond a corporate network poses new threats that existing security controls are unable to address.
PeopleSoft’s default authentication model is insufficient for remote access. A single set of credentials (i.e. ID and PW) is extremely vulnerable to phishing attacks. Multi-Factor Authentication is the logical upgrade, but MFA solutions can be challenging to integrate (out-of-the-box.)
PeopleSoft user privileges are static and do not differentiate between remote or in-network access. If a privileged account has access to high risk data/transactions, the account will have access anywhere in the world.
Remote access creates a larger threat surface, vulnerable to intrusion due to phishing, brute force, etc.
PeopleSoft does not offer dynamic controls that restrict access based on location – increasing the risk of unintentional data leakage or insider abuse.
The inability to dynamically restrict user privilege forces a compromise between security and productivity. If a user needs certain privileges to perform their day-job, these privileges are still available in remote access scenarios (for better or worse.)
Contextual Access Controls are Necessary in a Remote Environment
Appsian enables organizations to dynamically adjust user privileges based on contextual attributes (ex. device, location, IP address, etc.) Whether users are accessing PeopleSoft from a secure network or the open internet, organizations can decide what users can see and do. By aligning to the principle of least privilege, unnecessary access is reduced and PeopleSoft can remain secure in a mobile environment.
Appsian enables customers to enhance their access policies with dynamic attributes. For example, user access can be restricted to only self-service transactions when being accessed from an unknown location, while access from the corporate network allows full privileges.
In addition to privilege management, Appsian can dynamically enforce additional (field-level) controls in the event of remote access. Data masking can be added for additional protection. “Click-to-view” can allow conditional access, requiring users to pass an MFA challenge to view specific data fields.
Appsian’s Adaptive MFA enables customers to dynamically enforce MFA challenges based on the context of access. For example, customers can require an MFA challenge when an employee is accessing PeopleSoft from a remote IP address, or after business hours vs. a secure, corporate network .