Securing Remote Access to PeopleSoft

Dynamically control user privileges to mitigate remote access risks

A mobile workplace has become a fundamental demand – and self-service applications and the Fluid UI have made this possible in PeopleSoft. However, expanding access beyond a corporate network poses new threats that existing security controls are unable to address.

First, how do you secure authentication beyond a username/password model? Second, how do you minimize your attack surface? And third, how do you effectively secure your PeopleSoft environment without irritating users with additional security challenges?

Key Challenges

Single Authentication Single Authentication

Single Authentication

Static Access Controls Static Access Controls

Static Access Controls

Increased Attack Surface Increased Attack Surface

Increased Attack Surface

Risk of Data Leakage Risk of Data Leakage

Risk of Data Leakage

Forced Compromise Forced Compromise

Balancing Security and Productivity

PeopleSoft’s default authentication model is insufficient for remote access. A single set of credentials (i.e. ID and PW) is extremely vulnerable to phishing attacks. Multi-Factor Authentication is the logical upgrade, but MFA solutions can be challenging to integrate (out-of-the-box.)

PeopleSoft user privileges are static and do not differentiate between remote or in-network access. If a privileged account has access to high risk data/transactions, the account will have access anywhere in the world.

Remote access creates a larger threat surface, vulnerable to intrusion due to phishing, brute force, etc.

PeopleSoft does not offer dynamic controls that restrict access based on location – increasing the risk of unintentional data leakage or insider abuse.

The inability to dynamically restrict user privilege forces a compromise between security and productivity. If a user needs certain privileges to perform their day-job, these privileges are still available in remote access scenarios (for better or worse.)

Why Appsian?

Contextual Access Controls are Necessary in a Remote Environment
Appsian enables organizations to dynamically adjust user privileges based on contextual attributes (ex. device, location, IP address, etc.) Whether users are accessing PeopleSoft from a secure network or the open internet, organizations can decide what users can see and do. By aligning to the principle of least privilege, unnecessary access is reduced and PeopleSoft can remain secure in a mobile environment.

Key Features

Dynamic-Privilege-Management

Dynamic Privilege Management

Appsian enables customers to enhance their access policies with dynamic attributes. For example, user access can be restricted to only self-service transactions when being accessed from an unknown location, while access from the corporate network allows full privileges.

Location-Based Security

In addition to privilege management, Appsian can dynamically enforce additional (field-level) controls in the event of remote access. Data masking can be added for additional protection. “Click-to-view” can allow conditional access, requiring users to pass an MFA challenge to view specific data fields.

Adaptive-Multifactor-Authentication

Adaptive Multi-Factor Authentication

Appsian’s Adaptive MFA enables customers to dynamically enforce MFA challenges based on the context of access. For example, customers can require an MFA challenge when an employee is accessing PeopleSoft from a remote IP address, or after business hours vs. a secure, corporate network .

Location-Based Security – Solution Brief

Download Solution Brief

Appsian is Trusted By

Want to see what Appsian can do for your ERP systems?
Request a Demo
Appsian

© 2019 Appsian. All rights reserved. | Privacy Policy