With 2020 nearly three months behind us and the rollout of COVID-19 vaccines picking up speed, organizations are looking hopefully to 2021 and beyond. Optimism aside, a hard truth about 2021 is that remote work and ERP access are here to stay. Organizations must put a mission-critical emphasis on ERP data privacy, security, and access governance policies. Here are some key strategies to consider as you strive to improve your ERP data privacy and compliance in 2021 and beyond.
The obvious first step to any kind of ERP data privacy is knowing exactly what data you have. Think of it this way: you can’t protect what you don’t know. This data inventory, if you will, should align with the basic data privacy guidelines set out by regulations like GDPR, CCPA, SOX, and a growing number of others. Companies should have an understanding of what sort of personal data is collected, how that data is accessed, where and how it is stored, what is it used for, if it is shared with another organization or group, and how long is it kept before being disposed of.
Now that you’ve identified and categorized your data, it’s time to establish who has access to it, when they can access it, from where, on what device, and how often. The problem is that legacy ERP applications like SAP (ECC and S/4HANA), Oracle PeopleSoft, and Oracle EBS use static role-based access controls (RBAC) to govern access. These roles have reached their limitations in a dynamic workplace because static roles do not leverage contextual attributes.
To create a more dynamic and robust cybersecurity and data privacy program, you can enable dynamic access controls (often called ABAC) to support your RBAC controls by incorporating additional contexts, such as geolocation, time of day, and transaction type. Combining ABAC and RBAC, you can establish rules that grant access to ERP applications and transactions only if the person meets certain contextual criteria. When defining risk through the lens of the context of a user’s access, dynamically enforcing governance is a crucial data privacy objective and investment.
Once dynamic governance policies are in place, organizations can enforce those policies by leveraging dynamic technology. Specifically, here’s how Pathlock can help you gain control and visibility of data access and usage without sacrificing productivity.
Avoid Unnecessary Data Exposure with Dynamic Data Masking An essential requirement of data privacy is ensuring that users accessing ERP applications, either in an authorized or unauthorized manner, do not have needless access to valuable data through various pages, reports, or queries. Pathlock can reduce the exposure of sensitive data with dynamic data masking for sensitive fields. You can also leverage click-to-view functionality to protect against unnecessary exposure while logging intentional access to sensitive information.
Add Stepped-Up Multi-Factor Authentication at the Transaction Level Adding multi-factor authentication at the transaction level, as well as at the perimeter, ensures that users are not only authorized to access and view the data but perform the actual transaction based on their current context of access. This should be applied to highly sensitive transactions like editing a direct deposit account number, accessing compensation data, or running a report containing employee PII.
Strengthen Data Loss Prevention Data exfiltration, whether malicious or accidental, typically originates from employees’ legitimate access to ERP applications and can be hard to prevent or detect with existing security capabilities. Using context-aware data loss prevention policies, Pathlock can prevent users from executing transactions that download ERP data in high-risk scenarios, such as: after business hours, from untrusted locations, networks, or devices.
Compliance mandates such as GDPR, CCPA, SOX, and others require organizations to maintain data access and usage details. Unfortunately, user behavior can be a mystery when relying on native ERP logging features to understand the “what, who, where, why, and how” around data access and usage. It’s a manual, time-consuming task. But not anymore.
Appsian360 provides granular, real-time visibility into user activity logging and analytics, delivering actionable insights to automate compliance audits. It allows organizations to continuously monitor data access and usage and proactively alerts security teams to anomalous activity, allowing them to quickly respond with full forensic information.
Pathlock can help companies ensure that their ERP data privacy, security, and access governance policies are aligned with today’s regulations and scalable to comply with future mandates. Contact us for a demonstration today.
Share