PeopleSoft Security Best Practices - Smart Panda€¦ · PeopleSoft Security Best Practices 7...

Courtesy of The Smart Panda Phone: 1-855-79-PANDA Website: www.thesmartpanda.com Email: [email protected]

PeopleSoft Security Best Practices 2

PEOPLESOFT SECURITY BEST PRACTICES

TABLE OF CONTENTS

Background ............................................................................................................................................ 3

Summary ................................................................................................................................................ 3

Technical Details ................................................................................................................................... 4

Identification and Passwords ................................................................................................................ 4

Account and User Identity ................................................................................................................ 5

Role Change Processes ...................................................................................................................... 5

Password Controls ............................................................................................................................. 8

Added Authentication ....................................................................................................................... 9

Protecting Data .................................................................................................................................... 10

Self-Service User ............................................................................................................................... 10

Functional Administrator ................................................................................................................ 10

Support for Users .............................................................................................................................. 11

Developer and Tester ....................................................................................................................... 11

Database Administrator ................................................................................................................... 12

Managing Access .................................................................................................................................. 12

Functional Administrator & End-User Support .............................................................................. 12

Developer/Tester .............................................................................................................................. 13

Database Administrator Access ....................................................................................................... 14

Incident Management .......................................................................................................................... 15

Logging and Auditing .......................................................................................................................... 15

Logging within PeopleSoft ............................................................................................................... 15

Conclusion ............................................................................................................................................ 17

About SmartPanda ............................................................................................................................... 17

http://www.thesmartpanda.com/

mailto:[email protected]



Background

Many organizations are encountering an increase in the number of security breaches to their I.T.

systems. These breaches not only cost organizations in terms of expenditures on additional security and

review, but also in lost trust and business by end users

Recent breaches include:

In June 2012 a third-party software breach caused the exposure of financial

information (in the form of credit card numbers) of University of Southern California

students and faculty. The breach occurred from May 21 to June 21.

In May 2012 a student hacker breached the PeopleSoft student database and may

have had access to sensitive personal information, including social security numbers.

Close to 21,000 students had their financial information exposed.

A malware download at Housatonic Community College in April 2012 (via email virus)

may have caused the exposure of nearly 90,000 student records and cost the college as

much as $500,000.1

The average cost per record, according to the Ponemon Institute, is about $112, although privately

many customers respond that the actual cost is much higher.

PWC reports that “the number of significant hacking attacks or large organizations [sic]

has doubled over the past two year,” with the most serious breaches caused by a

combination of issues with people, technology, and processes.2

In order to assist companies and entities with ensuring the overall safety and security of their Oracle

PeopleSoft systems, The Smart Panda has put together this document to address the following areas of

potential risk:

Technical infrastructure

Identifying and authenticating users

Protecting data

Controlling access

Incident response

Information logging and auditing

Smart Panda offers common issues and best practices to ensure optimal PeopleSoft security for your

infrastructure to minimize risk of security breaches in the future.

SUMMARY 1 http://www.pwc.co.uk/audit-assurance/publications/uk-information-security-breaches-survey-results-2012.jhtml

2 http://www.pwc.co.uk/audit-assurance/publications/uk-information-security-breaches-survey-results-2012.jhtml




http://www.pwc.co.uk/audit-assurance/publications/uk-information-security-breaches-survey-results-2012.jhtml

http://www.pwc.co.uk/audit-assurance/publications/uk-information-security-breaches-survey-results-2012.jhtml



The Smart Panda has focused in this document on common security issues associated with PeopleSoft

software, when administered both on location and off site (such as in a hosted environment). This

document deals with the following areas:

Identification and passwords

Security of data

Security of processes

Response to security incidents

Information logging and analysis

In many cases, companies have well-documented policies and procedures when it comes to the key

areas of security and PeopleSoft; however, although they choose to automate many processes, some of

these processes are still left to be managed manually. By automating more processes companies can

eliminate error and improve overall security.

Common areas in need of improvement include:

Protecting sensitive data

Secure authentication

Logging and auditing of data

Automated processes and change management

Note that in many cases addressing these security solutions may involve additional development or the

implementation of external solutions.

TECHNICAL DETAILS

This paper address both on site, managed PeopleSoft environments as well as those which are hosted.

Successfully implementing a hosted environment involves additional definition of duties to ensure

proper separation and protection between the company’s data and the host.

Additionally, companies need to maintain separate environments for development, production, and

testing in order to avoid an overlap of access between PeopleSoft databases.

IDENTIFICATION AND PASSWORDS

Having control over the identification and authentication of users, as well as access to this information

by different levels of administration, is key to ensuring appropriate access to the software, as well as

identifying and preventing possible security breaches or information leaks. Without these controls in

place, User IDs and passwords could be leaked, or users could have access to areas where they should

not.

There are four areas to address with identification:






Account and user identity

Role change processes

Trust levels and re-authentication

Password management

ACCOUNT AND USER IDENTITY

In this section we will address both centralizing the authentication process, as well as having a single

identity for system access across different platforms.

Best Practice: Centralization

The key to successful account and user identity include the centralization of all user

information, including:

- Credentials

- Passwords

- Authentication

By centralizing this information the company can focus on protecting this single area, as

well as providing the user with a single ID for sign on over all systems within the

company. All changes and password management is controlled in a single location.

Best Practice: Single Sign On Across Multiple Platforms

By implementing a single sign on across all platforms the company can mitigate the risk

of lost passwords or forgotten credentials and avoid the need for manual changes to

multiple accounts. Additionally, single sign on credentials improve the ease of the

auditing process and reduce the workload of technical support persons.

Implementing this best practice involves ensuring that users cannot have more than one

account, or the ability to create additional accounts. However, users that are authorized

to run batch processes in PeopleSoft will still require separate access to run processes

vs. accessing online data to ensure that access is restricted to only the running of batch

processes to avoid confusion.

ROLE CHANGE PROCESSES

As users’ access and privileges change it becomes vital to ensure that policies and procedures are

documented to ensure appropriate action is taken and changes are updated in a timely manner.

Common actions with user identity include new accounts, existing account termination, transfers to a

new department, or the granting of additional access to take on more responsibilities. The highest-risk





area is where a termination requires any access to be revoked immediately; automation can help to

ensure that all procedures are followed.

The following policies should be outlined for best practices management of user access:

When users are given access to their area of the program

What needs to be met for users to have increased permissions

The identification of audit procedures

Regular review and revision of policies

Changes can occur throughout the company, so practices needed to be thoroughly documented and

enforced.

Best Practice: Automating Common Activities

Automating common changes in the assignment, change, or cancellation of PeopleSoft

access privileges can help ensure that changes are made accurately within a reasonable

time frame, as well as leaving a clearly defined audit trail.

The following actions within the PeopleSoft Program are recommended for automation:

1. Creation of new ID (i.e. new hire)

2. Cancellation of access (termination)

3. Change in duties (due to promotion, transfer, or additional responsibilities)

Automating the termination process is the most vital of all as it represents the single

largest security threat in the role change process.

There are five key areas where automation can be applied:

New hires: After completion of paperwork the user is created and basic access is granted when

the user creates their account. The initial access information is sent to an off-site (non-company)

email which requires the user to answer additional security information to access their account

and reset their password.

Managing access to administrative functions: Users can request additional access to

administrative functions via PeopleSoft application which is then granted by the appropriate

supervisor through the creation of automatic tickets.

Transfers: Notification of transfer is sent to the account management team and generates a

report of access changes that need to be made.

Employee termination: Upon notification of termination the user’s access is immediately

restricted to self-service functions (such as tax information). Manual confirmation follows to

ensure termination is carried out.

Revoking terminal services access: The hosting provider is sent a ticket to revoke user access –

for employees the standard termination procedure (above) is followed as well to ensure no

access to functions, while this procedure removes remote desktop access.





Recommendations:

1. Improve automation levels by analyzing processes and deciding which jobs/roles can be

automated, as well as those that may require an additional level of review.

2. Offer self-service access for hiring and role transfers by allowing managers to request

access/changes when requesting HR changes.

3. Ensure there are no security risks with access to terminal services for terminated employees

who have had their primary access revoked, but still have terminal services access.

Best Practice: Stewardship over Privilege Assignment

Ensuring that the person or persons responsible for establishing and maintaining policies

have clearly-defined procedures ensures optimal functionality and security of PeopleSoft

systems. The responsible parties should have clearly-defined tasks including:

- Establishing when users are to be given access to system permissions

- Outlining the criteria users must meet prior to access to particular permissions

- Documenting auditing policies and procedures

- Updating policies to ensure they cover all areas and evolve with system or organizational changes

The Steward, or data trustee, reviews all requests for data, access granted, and

establishes procedures for access assignment. Best practices include a continuation of

the stewardship process, as well as regular auditing to ensure the process is efficient and

secure.

Best Practice: Process for Additional Privileges

Although ideally all requests for privileges and assignment would be automated, it

cannot always be the case. To ensure a quick, efficient, and secure assignment of

privileges, clear and concise policies and procedures must be outlined, including the

auditing process.

An ideal method is to establish a system to identify the privileges that are able to be

requested, record each request, and then send these request an appropriate “approval”

party, then grants the privileges automatically once they are approved. By automating

processes there is less room for error and a more efficient and secure system is created.

Best Practice: Review of Privileges

Not all situations are suitable for the automation of assigning or removing privileges,

since responsibilities and rules can change over time. Here are some scenarios to

consider:

- Employee requires access to additional privileges due to special project





- Employee requires access to additional privileges outside their job group

- Job information for employee (such as role or tenure) is dated

- Privilege assignment changes after access is granted

In order to easily review the privileges that are granted a process needs to be in place to

capture requests, as well as to record steward and supervisor activity.

Recommendations: Privilege or permission changes to be reviewed annually by supervisors or data

trustees. Improve the application by providing work lists for reviewers and guides to help reviewers

through the process.

PASSWORD CONTROLS

End-users must be encouraged to choose passwords that are not easily broken and cannot be quickly

cracked (birthdates, names of kids or spouses, etc.). Password controls help to ensure that a secure

password is chosen, as well as preventing the re-use of passwords that may no longer be secure.

Additionally, managing password data needs to ensure access by developers or system administrators

but must simultaneously be safe from theft.

Best Practice: Increase Password Strength

Although a completely randomized password is considered the most secure, its inability

to be easily memorized by many can result in compromise (i.e. by writing it down).

Rather, it’s important to ensure that the password control system helps users choose a

secure, yet memorable password. A few suggestions include:

1. Ensure passwords of 8 characters or more

2. Prevent use of dictionary words

3. No sequences (i.e. ABCDEFG or 12345678)

4. Inclusion of uppercase, lowercase, numbers, or symbols

5. Preventing the use of previous passwords

Additionally, having passwords that “expire” (become invalid) on a regular basis helps to

limit the length and breadth of attacks on the system. Passwords should ideally expire a

minimum of three times per year.

Best Practice: Auditing of Logins and Attempts

Auditing log-in activity can help organization’s identify and analyze suspicious activity by

offering account information as well as the source and target of potential attacks. In

order to do so the audit process needs to capture the following information:

- Account (UserID) and password (or password attempt)

- Date and time of attempt/login





- Result (successful/unsuccessful)

- Source information (IP address)

This auditing information can be included as part of a larger audit to include information

accessed, changes made, etc.

Best Practice: Resetting Passwords

Password reset procedures need to cover multiple scenarios, such as when a user

forgets their password, or when a password is suspected of compromise. Best practices

for password resets include ensuring that the process is quick and easy, and that the

user has the ability to regain access to their account easily.

Standard procedure includes asking the user for their email and sending the new

password information via email; however, this can become an issue if an attacker has

gained access to the user’s email account. Thus, it is advisable to ensure that passwords

can be delivered through a method other than email, as well as challenging the user to

provide additional security information.

Best Practice: Storing and Encryption

Having a centralized process for authentication across multiple platforms helps to create

a more efficient system, but also requires the centralization of password storage and

encryption to ensure security of data.

Users who have the ability to access password data may also be able to access the

source code for encryption (allowing them to decrypt passwords in the future); the

system should be designed to prevent access to all passwords at one time.

Today’s computers have enough processing power to crack just about any password, it

just takes time.

Techniques that can be used to increase security include adding a unique salt per user/ a

fixed salt to all passwords and hashing the password, or utilizing a hashing algorithm to

create a unique salt. The third solution (algorithm) takes the most time to “crack” and

therefore is an advisable security measure. It is also advisable to store and encrypt

passwords external to PeopleSoft to avoid potential security breaches of both

PeopleSoft data and passwords simultaneously.

ADDED AUTHENTICATION

Adding tokens for authentication can augment or replace the traditional ID and password process, which

can help to mitigate the security risk of a potentially weak password, or can prevent breaches of

information through compromised access data.





Tokens can include fingerprint verification, USB drives, smart cards (these are considered “connected”

tokens) or emails, SMS, IVR or mobile apps (disconnected tokens).

Best Practice: Added Authentication

It is advisable to implement authentication tokens for an added layer of security in the

case of accounts that have access to privileged information or sensitive data. Connected

(physical) tokens offer the highest level of security and ease of use.

PROTECTING DATA

In order to protect the data stored within PeopleSoft databases, control needs to be maintained over

how data is stored, accessed, and moved. There are several tiers of users who are able to access some of

these functions, so we’ll discuss each separately.

SELF-SERVICE USER

This type of user accesses their own personal data with limited risk of exposure of additional data should

it be compromised. It is recommended that users with access to their own data have that data masked if

locally saving or printing is attempted.

FUNCTIONAL ADMINISTRATOR

These administrators have broader access to sensitive information and may also be responsible for

managing data of other users. Risk for this type of access depends on the roles assigned and permissions

given within the platform.

Best Practice: Masking Data

It is vital that organizations take the time to identify sensitive areas of information and

mask this data or take the additional step of moving this data out of standard tables;

however, this would involve temporarily transferring the data back to the tables when

batch processing is performed.

Best Practice: Externalizing Sensitive Data

Transferring sensitive data outside of PeopleSoft is the best method for maintaining

security of relevant data. Tables can be created to store and encrypt sensitive data with

alternate ID’s. This would prevent any unauthorized access of sensitive data.

Best Practice: Exporting and Storing Data

External systems require access to data stored in PeopleSoft on a regular basis, so it is

vital to have established policies regarding this procedure to ensure a secure transfer of

data and to define how this data is stored.





The first step is to decide who will have stewardship of the data required – and that only

data required is transferred. How the data is stored and accessed needs to be clearly

defined and strictly enforced to ensure security.

Any sensitive data should only be stored in “real-time” to ensure a single point of

storage and to reduce the risk of unauthorized access. Finally do not allow external

systems to access PeopleSoft data tables directly; this provides too much of a security

risk.

Best Practice: Query Access

Although a powerful tool for accessing information, Query also introduces security risks

to the system that should be considered.

Query access runs separately from page access, so permissions management policies

must reflect both types of access. Since results can be saved locally there must be

clearly-defined, enforced policies about saving data. Also, organizations may want to

consider implementing object security to prevent the modification of queries by users.

SUPPORT FOR USERS

Those who support end users may require access to the user’s data to resolve issues, in which case

masking sensitive data is recommended.

DEVELOPER AND TESTER

Efficient organizations use a testing and release process that requires a mirrored database that is

separate from production – meaning that sensitive data is prevented from copying over to non-

production databases, as well as tightly controlling the access to this information in production database

when access is required.

Best Practice: Scripts for Database Refreshing

Development and test environments need regular refreshment of information to ensure

an accurate database; however, they do not need sensitive data. This type of data

should be removed and replaced with “dummy” information prior to export, as long as

the removal of this data does not impact development and testing.

Best Practice: Use of Production Data

Occasionally an environment with sensitive data removed will not be sufficient for

testing or development. In this case clear policies need to best set up for requesting

access, determining where data can be stored, tracking access, and enforcing deletion of

data at the end of testing or development.





DATABASE ADMINISTRATOR

These users need production access to deal with issues including creation of backup data, managing

physical storage, updating structures, performance enhancement, and troubleshooting. These

responsibilities do not require access to sensitive data.

Best Practice: Externalize Data

Moving sensitive data out of the database into an external location improves security at

several levels; including function administrator access [discussed next section].

However, applying data encryption in addition to externalization can offer enhanced

security.

Best Practice: Separate SYSADM Accounts

If sensitive data is stored within PeopleSoft tables then it can be beneficial to create two

levels of SYSADM access; one with access to sensitive information and one without.

Access to these accounts should be tightly monitored.

MANAGING ACCESS

While managing user access and protecting sensitive data is key to ensuring the security of any

PeopleSoft system, it is also vital to ensure that users are prevented from performing unauthorized

actions, such as protecting users with access to valid accounts, or those who are unauthorized from

taking unauthorized action. It is also important to ensure that system changes do not inadvertently give

users additional privileges.

In this section we will cover the different user types and how access to PeopleSoft can be managed for

each type.

FUNCTIONAL ADMINISTRATOR & END-USER SUPPORT

Both of these user types require access to the web application (unless reports are required), meaning

the risk is primarily limited to compromised credentials.

Best Practice: Dual Authentication

Although this may require the installation of a firewall solution, two- or three-factor

authentication can dramatically increase security. The first level of authentication is the

password, while the second is something the user is in possession of (data or a physical

object) such as phone or email data, a USB or smart card, or a token. For optimal

security, biometric (fingerprint) authentication can be added as the third factor.

Best Practice: Access Levels Based on Trust





Depending on where access is being performed from, the device used, and the history of

access, PeopleSoft can assign different levels of access permissions. For example, onsite

vs. remote access or wired vs. wireless. For device access trust levels can differ whether

it is owned by the organization, shared between multiple users, or whether the device’s

operating system and virus/malware protection is up to date. Employees who have been

with the company longer or have more training can also be provided with additional

levels of trust, as well of those who have had fewer historical password resets.

Best Practice: Time Limits to High-Risk Operations

It is recommended that access to high-risk operations within PeopleSoft be given strict

limitations, including temporary access via two-factor authentication or via a

supervisor’s permission. In addition these functions should be strictly monitored and

logged.

Best Practice: Policies Regarding Training

All policies regarding usage of the PeopleSoft system for administrative tasks need to be

clearly defined and regularly updated. Annual security training sessions are

recommended to ensure employees are aware of current policies and procedure.

Best Practice: Configuration Settings Regarding Releases

Rather than make configuration changes directly in an organization’s production

environment (including trees, queries or application setup), administrators can make

changes in a staging environment in order to test and review changes before

transferring to production.

DEVELOPER/TESTER

Developers require access to the production environment in order to make changes, while testers

ensure that developer’s changes are displaying the correct behaviour. However, there is risk involved

with developers or testers making unforeseen or unauthorized changes, as well as the risk of allowing

access via credential compromise.

Best Practice: Limitations to Access

Prior to making production changes there should be strict policies in place to ensure

changes are first made in development or verification environments, which should

remove the need for developers or testers to access production data. However, read-

only access to the production environment may be necessary to verify changes. As an

added layer of security production networks should be segregated from development

and verification networks.

Best Practice: Policies for Change Management





In order to implement good change management policies, the organization needs to

establish ownership of such changes, as well as creating a review and approval process

so changes can be scrutinized prior to implementation in a production environment.

These changes allow a full review to prevent production issues. Ideally, the majority of

change management processes are automated.

Best Practice: Separation of Duties Concerning Automatic Migration

Allowing developer access to production environments is a security risk; by separating

access between development and production environments, as well as implementing an

automatic migration of changes from development to production can significantly

reduce these security risks.

Best Practice: Auditing Development and Testing Environments

Although developers and testers need near-universal access in development and testing

environments, the same cannot (and should not) be said of an organization’s production

environment. Controls need to be in place to monitor and prevent the transfer of access

across these environments to ensure there is no “leakage” of access from

development/testing into production.

To this end, organizations should consider 1) verifying that transfers of data from

development into production do not affect access controls for developers/testers, and

2) audit reports are created to ensure that production access for these users remains

unchanged.

Best Practices: Testing Automatic Processes

It is important to regularly test security settings through an automated process. This

testing should confirm that end-users do not have access to administrative tasks and

testing that administrators cannot access PeopleSoft functions outside their areas of

focus. Ideally these tests would be performed on a copy of production environments

with sensitive data masked to ensure no leakage of information or security risk while the

testing is being performed.

DATABASE ADMINISTRATOR ACCESS

A delicate balance must be struck between allowing the DBA enough access to production environments

to ensure they can do their job effectively, while simultaneously ensuring security and preventing

unauthorized access to or use of sensitive information.

Best Practice: Test Scripts

Automating steps when SQL scripts are run in production and capturing the results, as

well as ensuring appropriate testing for desired results ensures that change control

process are consistently met and all changes are captured for review.





INCIDENT MANAGEMENT

No matter how rigorous the controls, or how enthusiastic the processes, security incidents still happen,

which is why policies and procedures need to be put into place to manage these occurrences.

Some types of incidents can include:

- Information offered by security organizations

- Publication of historical breaches that could affect the organization

- Discovery of potential breaches

- Account-level issues (password reset requests)

A company’s strategy for management of security-related incidents should include the election of

incident response teams, communication plans, and procedures that define roles and responsibilities as

well as the automation of tasks when available.

Best Practice: Response Teams

Responding to incidents, whether minor or major, in a timely manner is vital to ensuring

that risk is minimized and that solutions are quickly implemented to reduce exposure.

This type of response requires an organized response team with clearly-defined roles

and responsibilities. Teams are generally made up of a variety of members, including

information security officers, PeopleSoft and infrastructure managers, PR

representatives, and law enforcement.

Best Practice: Communication Structures

Incident management plans should define types of communications and the processes

used, including communications within the response team, within the organization, and

externally. Plans should include how communications are transmitted and when, as well

as who is responsible in the case of communications outside of the response team.

These plans and policies should be regularly reviewed and updated.

LOGGING AND AUDITING

Effectively managing the security of a PeopleSoft system includes the ability to capture and analyze

information. Logging and auditing can help to prevent security breaches, reducing the impact of

breaches, assist with defining the scope of attacks, and capturing information for security audits.

LOGGING WITHIN PEOPLESOFT

There are several tools that come with PeopleSoft that can log information right out of the box to track

levels of activity at each tier.





At the web server tier, logs can show traffic to track web activity. However, logging here does not

include IP addresses, session information, or content accessed.

The application server tier provides a more detailed view of activity, including date and time, results,

userID, and authentication attempts. The information that is not tracked includes IP addresses, web

server used, or content accessed.

At the database server tier two different audit methods exist, the PSACCESSLOG table and PeopleSoft

auditing. The PSACCESSLOG tracks information including user identification, date and time of each

access attempt, but does not include the location, failed logins, or data accessed. Within the PeopleSoft

auditing tracking can be set up to record usernames, date and time, before and after results, and update

details. PSACCESSLOG auditing can be set up for each transaction.

It is recommended that organizations using PeopleSoft at the very least make use of the internal

auditing tools offered in order to gain insight into changes that are made and activity within the system,

as well as to provide auditing capabilities.

Best Practice: Expanding the Logging Process

The PeopleSoft logging tools are not all-inclusive; they leave a lot to be desired.

Specifically, logging can miss important pieces of information resulting in an incomplete

picture of the activity. Additionally, the data can be mixed with unrelated information,

making extraction and auditing difficult.

To solve these issues it is recommended to capture additional information, include

specific views of identified risk areas, and to warehouse data to allow easier access for

detailed analysis.

Additional information to capture: IP address/location, web server, UserId, pages

accessed, indicators of data accessed, and actions performed.

Best Practice: Heuristic Tagging & Segmented Logs

Logs can include tagged sessions that are based on applicable processing rules, including

elevated access, probationary users, users approaching termination, or sessions that are

accessed from a suspicious location.

Additionally, logging data can be separated or organized to target specific activities, such

as password resets, access from high-risk locations or personnel, or access to sensitive

data.

Best Practice: Data Warehouse Storage and Access

Access and activity data needs to be easily accessible in order to audit and analyze. It is

recommended that access/activity data be kept in a structured format and is transferred

to a data warehouse for easy querying. This can be accomplished by utilizing programs





that provide structure, or to generate these files in a structured format. The key is to

help organizations understand:

1. How data is accessed (on-site, remote, wirelessly, etc.) 2. What data is accessed or altered 3. Where data is accessed from (IP address, location) 4. When data is accessed 5. What access credentials are used (UserID, authentication, password)

By committing to a structured, auditable and accessible auditing and logging process, organizations are

better positioned to ensure that data is accessed in an appropriate manner and can be alerted more

quickly to potential security breaches, or to tighten up security process where there are areas of

vulnerability.

CONCLUSION

Protecting sensitive information is key to maintaining the public and end user’s trust in an organization.

Not only does increasing security processes in PeopleSoft ensure trust is maintained, it can also reduce

costs associated with breaches. By implementing some (or all) of these recommendations with the help

of a certified PeopleSoft security consultant, organizations can save money and ensure the continued

protection of sensitive data.

ABOUT SMARTPANDA

With over 25 years of technical expertise implementing ERP solutions for a diverse range of clients, The

Smart Panda a great choice when your organization needs on or off site expertise for installations,

upgrades, maintenance, development, testing, design, architecture, security, or complex interface

integration. By utilizing The Smart Panda’s professional knowledge and skills your organization can get

the most out of your ERP investment, while simultaneously making your company operate more

efficiently.

Toll-free - 1.855.79.PANDA (1.855.79.72632)

Fax - 1.866.579.6673

Email: [email protected]






PeopleSoft Security Best Practices - Smart Panda€¦ · PeopleSoft Security Best Practices 7...

Documents

Transcript of PeopleSoft Security Best Practices - Smart Panda€¦ · PeopleSoft Security Best Practices 7...