As organizations transition to modern, cloud-centric enviro...
‘What Are Users Doing in PeopleSoft?’ How Critical Risk Analysis Is Revolutionizing PeopleSoft Security
PeopleSoft is an extremely powerful system for HCM, Financial, and Campus operations – but notoriously, PeopleSoft is also seen as a black box when it comes to understanding user behaviour. With native logging that was designed for troubleshooting system issues, to limited access control via role-based controls – PeopleSoft systems fundamentally lack the granular visibility into user activity that is required to align to today’s evolving regulator landscape. This can have a serious impact on PeopleSoft security and compliance.
Considering the current threat landscape (phishing, hacking, insider threats, regulatory penalties, etc.), understanding risk exposure and being able to align user identity to specific user activity is not only a best practice, but also a requirement. Let’s examine what this means and how businesses can deal with it successfully.
Understanding Authentic Risk in PeopleSoft
Inside a PeopleSoft environment, understanding risk entails identifying high value pages and transactions, monitoring user activity, isolating exact instances of access, and aligning that activity to individual users. This comprehensive process is designed to go beyond course-grained governance at the role level, and dig into risk at the transaction level. Finally answering the question, ‘what is happening in my PeopleSoft systems?’
Privileged Sessions Are the Main Driver of Risk in PeopleSoft
It’s been well documented that high privilege users are the leading source of risk, given these users account for *74% of breaches. Between internal employees and third parties, there are a myriad of sessions happening each day that would be considered high privilege. That said, between users with multiple credentials and shared admin credentials across a team, aligning activity to identity is a fundamental challenge inside PeopleSoft systems.
Pathlock Cloud Delivers the Visibility and Control Required to Combat Access Risk
Pathlock Cloud tackles access risk from end-to-end. From helping you identify and configure reporting to align to your risk profile, to fine-grained transaction monitoring – Pathlock Cloud helps you manage four components of risk management:
1. Determine ‘High Risk’ Pages and Transactions: Pathlock catalogues all of the PeopleSoft pages/components/transactions that can introduce risk.
2. Monitor User Activity: Pathlock monitors 100% of user activity to understand exactly how users are interacting with specific pages and transactions
3. Isolate Authentic Risk: Pathlock identifies instances of access that violates existing security polices and documents and presents the occurrence with our business-friendly User Interface
4. Streamlines Access Certification Audits: Also known as a User Access Review, Pathlock provides your audit partners with the holistic picture of how users are accessing PeopleSoft and leveraging their entitlements. Audits are fast and streamlined without the use of desperate data sources.
Conclusion
Today’s regulatory environment (SOX, GDPR, CCPA, ITAR, etc) has ushered in requirements around understanding business application risk that is completely unprecedented. On-premise applications like PeopleSoft can present as a ‘black box’, making is extremely difficult to get a clear scope of your risk exposure. This is where Pathlock Cloud can help!
We invite you to see for yourself and request a customized demonstration of Access Risk Analysis for PeopleSoft today!