Responding To Coronavirus (COVID-19): How To Enable PeopleSoft For Secure Telecommuting
With companies like Microsoft, Amazon, and Twitter encouraging workers to stay home, many wonder if this is the beginning of a “work-from-home revolution” with no end in sight. More organizations around the country are adopting remote work policies each day – with Congress being the latest addition. In fact, today, The House Administration Committee will launch a center to coordinate computers and phones into a telecommuting system.
As organizations rush to adjust to this new work culture, they must consider PeopleSoft from (2) perspectives: maintaining secure user authentication and maintaining data security. After all, telecommuting means perimeter firewalls and corporate networks are not leveraged as originally intended.
Is PeopleSoft only available on your network? Now what?!?
With many organizations opting not to expose PeopleSoft self-service transactions to the internet, a workforce thats now required to telecommute would bring business to a screeching halt. This can be devastating to operations when you consider the myriad of financial, HCM, and essential student/faculty/staff (for Campus Solutions customers) transactions taking place each day.
Halting transactions isn’t an option, so Pathlock recommends PeopleSoft customers consider these areas as they transition to a telecommuting work culture:
How are you authenticating user identity?
Are you leveraging your corporate Identity Provider to authenticate PeopleSoft users? If not, understand that PeopleSoft usernames and passwords are a major liability and hackers can crack them with ease. Also, brute force attacks are much more effective when the strength of passwords is not regulated by your IdP.
Are you using a single authentication step?
Is the username/password model your sole authentication strategy? Do you have the ability to force MFA challenges, especially if users are accessing from an unknown network or device? Implementing an MFA for PeopleSoft is not just recommended, but essential for preventing unauthorized access. Plus, it greatly mitigates the damage of phishing attacks.
What is your breach remediation strategy?
Logging and analyzing user behavior is critical for maintaining network security, but are you able to identify malicious behavior inside your PeopleSoft applications? If mobile access is enabled, the result is an extended threat surface. It is recommended to enhance how you log user activity.
Bottom line is we recommend you evaluate your strategies now and determine the best path for maintaining business continuity. There are key authentication challenges to consider and the experts at Pathlock are here to discuss your initiatives.