Posts

Managing PeopleSoft Security

Managing PeopleSoft security is an important component of managing your system. We find that system security is oftentimes an afterthought, especially during an implementation or an upgrade. This can result in security being perceived as an obstacle by users rather than a positive system module. Read more

Security Matters

While many aspects of PeopleSoft security have not really changed much since I was first introduced to the product as a university student worker, there have actually been a lot of changes over the past 19 years, especially with Campus Solutions. From my early days as a student worker as a developer for a University HRMS/Financials implementation, every job I had started as a technical developer position but ended up with either teaching security or doing security.

At the time I started, PeopleSoft security was a new and somewhat foreign concept to functional and technical alike. Instead of the legacy system where IT pretty much told the functional users what they could have access to, we started asking them what pages they needed access to in order to do their jobs. From that first enablement of the functional teams taking control (and therefore responsibility) of their staff’s access we have continued to engage the functional teams in the design and implementation of the system security. Read more

The Cloud Authentication Challenge

Everyone “knows” that one of the largest issues holding back wider adoption of the Cloud is security. How can information that is stored in the Cloud be truly secure? The reason the Cloud is so challenging is that many people, both technical and non-technical, don’t fully understand what technologies they need to make it usable and secure at the same time. Authentication—determining that a user is a valid user—is key. Read more

Outpacing the Shift: What CEOs & CIOs should be thinking about now to prepare for cloud innovations to come

The software and services market is changing at a rapid pace. The question I get most often is ”what should CEOs & CIOs be thinking about now to prepare for and ideally outpace that shift?”

C level executives are going to be dealing with many of the same decisions and challenges they have faced for the last dozen years, but the context from which to make these decisions has changed. Their new vantage point will not only be located on campus but also above campus…in the cloud. And from above, everything looks different.

They will be dealing with:

  1. Risk – defined as operational capability and talent management
  2. Security – another risk-based topic, but much broader in scope when cloud or outsourced solutions enter the discussion,
  3. Budget – examining all angles of operational and capital cost models, and
  4. Governance – management and oversight of vendors, integrations, etc.

We’ll call the above a 4-legged stool, a very sturdy structure on which to build the future. Read more

Marketing Security through the KISS Principle

As we know from our own life experiences, at times we need to be sold the idea that we need or desire a product, hence the birth of marketing. For those of us that are security practitioners, we are constantly challenged with finding the right method to get our message out to our organization. Ironically, it’s somewhat of a marketing problem and not at all unlike our own life experiences. The irony, of course, being that the social interactions of marketing are typically considered to be at the opposite end of the spectrum from the rigorous technical security safe guards we find ourselves preaching to our user base. And those sharp contrasts make the selling of security to our users a poorly executed process. Read more

Yet Another “Good Password” Article

There are a myriad of articles on the web about picking good passwords; just go to Google and type in ‘how to choose a good password’ and you’ll get 127 million hits (seriously). Yet despite that, it amazes me that people still make poor choices when it comes to password strength or choose to use the same password at multiple websites. Is it that they don’t care about security, don’t understand how to be secure, or is their lack of security born of an ignorance that bad things can happen to them?

For those who aren’t familiar with the Gawker Media hack back in December of 2010 I’ll give you a quick recap; Read more

Events

Nothing Found

Sorry, no posts matched your criteria