Material Weakness Series Part 2: Ineffective Data Field Level Controls
In the first article of our material weakness series, we addressed what a material weakness is and how an ineffective access control weakness can be resolved. This article will look at another critical control weakness that can occur at the data field level.
What Are Data Field Level Controls?
Field-level security settings, or field permissions, are intended to control whether a user can see, edit, and delete the value for a particular field on an object. These are the ERP data security capabilities that allow organizations to protect sensitive fields such as a candidate’s social security number without having to hide the candidate object. However, when these field-level controls are not configured correctly, users may be able to see sensitive personally identifiable information required by compliance regulations like CCPA and GDPR to be safeguarded.
How To Resolve Data Field Control Weaknesses
Protecting data at the field level is crucial from a data integrity and data privacy point of view. Here are six steps you can take to enhance field-level controls within your ERP applications:
- Implement the Zero-Trust security model that enforces the principle of never trust, always validate.
- Effectively using Multi-Factor Authentication (MFA) and enforcing MFA at various layers – login, critical transaction level, and critical data field level to enable layers of security.
- Implement layered security, also known as defense in depth (DiD), in overlapping layers of controls that typically provide the three control capabilities needed to secure assets: prevention, detection, and response. While no individual security control is guaranteed to stop 100% of the cyber threats, layered security provides mitigations against a wide variety of threats while incorporating redundancy or compensating controls in the event of a control failure.
- Transition from static security found in Role-Based Access Control (RBAC) security models to a dynamic security model like Attribute-Based Assess Control (ABAC) that enables the enforcement of policy requirements into the access controls at the transaction and data level.
- Design dynamic security controls capabilities to improve their ability to identify, detect, prevent, and respond to anomalies and threats.
- Perform periodic control assessments to validate the effectiveness of the existing controls.
Protecting Data Fields With Pathlock
The Pathlock Security Platform has been designed specifically to address security and governance challenges that companies face within their ERP ecosystem. Pathlock offers a range of solutions that enable you to implement Zero Trust security. From multifactor authentication at the login level to masking of sensitive data fields with the ability to reveal data only after authentication, Pathlock provides complete control over data access and data exposure that goes beyond the initial access.
Pathlock’s attribute-based access control also ensures that authorizations are not absolute. It considers the context of access when allowing or restricting data access even at the field level. For example, the click-to-view feature provides access to data while also maintaining a log of what sensitive data was accessed when and by whom. The Pathlock Security Platform takes a layered approach to security within your ERP ecosystem to enable field-level controls that prevent, restrict, and monitor access and modification of any field data.
Take a first-hand look at how Pathlock can enable field-level controls in your ERP applications without disrupting business operations. Schedule a demo with our ERP experts.
Next in the Series: Ineffective Transaction Level Controls