Securing Access to PeopleSoft ERP with Duo Security and GreyHeller

Grey Heller, Proprietary and Confidential

Presenters Larry Grey President, GreyHeller

Brian Kelly Principal Product Marketing Manager

GreyHeller + Duo Security


Agenda n  GreyHeller & Duo Security Overview n  Today’s Security Challenges n  Solving with Two-Factor Authentication n  ERP Firewall and Duo Integration n  Implementation and Administration


GreyHeller §  Nearly 200 years of PeopleSoft engineering

experience §  ~100 customers §  Oracle PeopleSoft Customer Advisory Board §  PeopleSoft beta test partner: PeopleTools 8.54

Key Commercial Customers

GreyHeller, Proprietary & Confiden4al

Key Education Customers

Grey Heller, Proprietary & Confiden4al

Better Security, Not Just More.

Brian Kelly Principal Product Marketing Manager Duo Security

Duo Security – Two-Factor Authentication Made Easy

☁-. ,

!Easy to Manage Easy To Deploy

Easy to Use

✓

Thousands Of Customers Protected By Duo

duosecurity.com/success-stories

100% OF BREACHES involve stolen credentials

— Mandiant

Source: mandiant.com/threat-landscape and M-Trends annual reports

‣ Phished

‣ Guessed

‣ Keylogged

‣ Sniffed

‣ Cracked

‣ Reused

‣ Bypassed

Credentials Are Easily Stolen

Solution: Two-Factor Authentication


Today’s Security Challenges n  Phishing and targeted spear phishing n  Access anywhere anytime n  Complex support environments n  Security policy enforcement n  Non-technical users that receive little training


Two Factor Use Cases n  Protecting Self Service use n  Protection by location n  Super User / Admin protection

¨ Functional and technical privileged users

n  Sharing credentials, policy violations n  Protects untrained users


Solving with Two Factor Authentication


Solving with Two Factor Authentication n  Where should the challenge occur?

¨ Log in ¨ Only when accessing Sensitive Transactions ¨ Unlocking Masked Data

n  One Size does not fit All ¨ Self Service versus Admin Use ¨ Privileged versus General Users ¨ Trusted versus Untrusted Locations ¨ HR versus CS versus FS

Grey Heller, Proprietary and Confidential DEMO


Integration


Integration n  ERP Firewall

¨ Provides the mechanism to enforce a Duo Challenge ¨ Allows mixing and matching of enforcement rules

n  Duo Security ¨ Generates a second factor challenge to the user and

evaluates the result ¨ Supports multiple channels for challenging users


ERP Firewall n  Delivers the ability to:

¨ Control access based on location, user, role, content, state, or any header and data attribute

¨ Flexible and configurable logging ¨  Implement 2nd factor challenges for content you wish

to secure more strongly ¨ Display your own system messages to your users ¨ Restrict access when system is under maintenance


Access Control Made Easy Restrict access when

Down for Admin

Display System Message

Allow access to Self Service Pages

Challenge External access to vendor pages

Block all other external internet access

Log Access by at Risk employees


ERP Firewall Flow PeopleSoft App Server

PeopleSoft Application Database

PeopleS

oft Application

Perm

issions

Display P

age B

usiness Logic

PeopleSoft Web Server

PeopleS

oft S

ervlet Response

Request

Load Configuration

Config Cache

Evaluate Data Rule

Activity Log

Log

Block

GreyH

eller ER

P Firewall P

lug-in

Allow Allow

Redirect


Powerful Logging n  Gathers a complete picture of access

¨ Userid / IP Address / Result / Browser / Date / Time ¨  Login Page / Portal Content / PeopleSoft Page / iScript ¨ EMPLID / Search Criteria / Actions taken

n  Allows creation of targeted logs ¨  Failed login activity ¨ Activity for specific content ¨ Activity for types of users ¨  2-factor activity

Duo Security – Two-Factor Authentication Made Easy

☁-. ,

!Easy to Manage Easy To Deploy

Easy to Use

✓

Easy To Use – Your Phone Is Your Key

‣ One-tap to authenticate

‣ Reduce 2FA interruptions

‣ Help users help themselves

‣ Support every phone (and token)

Easy To Manage – For Help Desk, IT, and Security Staff

‣ Flexible user enrollment

‣ Support end users quickly

‣ Customize security policy, by group

‣ Get real-time authentication information

‣ Fully extensible with Admin API


Configuration n  When the user is challenged n  What types of users should be challenged n  Portal rules n  Field masking n  Location rules n  Event logging n  Duo server rules


Configuration n  Provisioning users in Duo

ü Self-Enrollment

ü Active Directory Sync

ü Bulk Import

ü Manual

ü API


Lifecycle Management n  PeopleSoft General Maintenance

¨ Application Upgrades and Bundles ¨ PeopleTools Upgrades and Patches ¨ Customizations

n  ERP Firewall ¨ Rules Engine means existing configuration is resilient to

upgrades ¨ Understands differences between PeopleSoft releases

n  Duo ¨ ERP Firewall isolates Duo from PeopleSoft impact


Duo Implementation Methodology Functional Steps n  2 Factor Challenge

¨  Identify Pages ¨  Configure Firewall based on

content

n  Functional Testing ¨  Initial Testing using temporary 2

Factor infrastructure

n  Logging ¨  Determine log conditions ¨  Determine log content

Infrastructure Steps n  PeopleSoft/Duo Environments

¨  Development / Test / Production

n  Product Installation

n  2 Factor Infrastructure ¨  Configure DUO Server/ERP

Firewall Integration ¨  Define Duo User Provisioning

Rules

n  Move to Production


Thank you For more information on GreyHeller or to schedule a private demonstration, please email:

Kelly Jones Vice-President, Marketing [email protected]

Securing Access to PeopleSoft ERP with Duo Security and GreyHeller

Technology

Transcript of Securing Access to PeopleSoft ERP with Duo Security and GreyHeller