Don’t be reactive when it comes to securing your PeopleSoft assets from cybercime. Be proactive.

Kevin R. Brock, a leading cybersecurity expert and the FBI’s former Principal Deputy Director, National Counterterrorism Center and Assistant Director for Intelligence, in a recent Forbes article stated –

“The impacts of cyber intrusions and disruptions are much greater and often devastatingly public—bringing to bear significant risk to company reputation, shareholder value and creating an entire new set of liabilities. Historically, the management of this risk has been delegated down in the organization. Current studies still show that upper management in most companies is rarely briefed on cyber threats.”

Read more…

GreyHeller Appoints New Executive Director of Security Solutions

Today, GreyHeller announced the hiring of Greg Wendt as the Executive Director of Security Solutions to further develop GreyHeller’s security products suite and to work directly with Oracle’s PeopleSoft customers to protect their sensitive data from cybercrime. In his role, Wendt will assume oversight of the security platform and operations, with responsibility for product and customer solutions. “I believe Oracle’s PeopleSoft is the best ERP system on the planet. I’ve worked with the platform since 2009 and with GreyHeller since 2011 when we implemented GreyHeller’s mobile and security systems at TCU. GreyHeller is well positioned to help organizations extend their investment in PeopleSoft,” said Greg.

Read more…

Microsoft’s new mission statement

Satya Nardella’s recent memo to Microsoft employees totally nails why organizations are mobilizing and modernizing their ERP systems – productivity.

An excerpt from the memo:

At our core, Microsoft is the productivity and platform company for the mobile-first and cloud-first world. We will reinvent productivity to empower every person and every organization on the planet to do more and achieve more.

Read more…

Customer Success: General Electric Company

GreyHeller was brought into GE as an alternative to their internal, web services based development project focused on mobilizing their new Employee Portal. GreyHeller’s Responsive Design technology completely modernizes GE’s PeopleSoft pages and customizations across GE’s desktops and mobile devices. GE’s vision is Modern = Mobile = Desktop.

  • GE (NYSE: GE)
  • Employees: 300,000+; Revenue: $148 billion
Read more…

Responsive Design: what is it and why is it important to Oracle® PeopleSoft customers?

In our conversations with Oracle® PeopleSoft customers about modernizing and mobilizing their PeopleSoft pages and customizations, we always introduce the concept of Responsive Design.

What is Responsive design? According to Wikipedia:

Responsive web design (RWD) is a web design approach aimed at crafting sites to provide an optimal viewing experience—easy reading and navigation with a minimum of resizing, panning, and scrolling—across a wide range of devices (from mobile phones to desktop computer monitors).

Read more…

Click to Call for Two-Factor Authentication

Recently, one of our Higher Education customers – a highly regarded US university – implemented another option for Two-Factor Authentication using our ERP Firewall software product.

Click to Call allows 2FA pins to be delivered via a telephone voice call.

Click to Call is based on new PeopleCode packages and several Java JAR files that interact with a third party calling system. It is invoked when a PeopleSoft user triggers an event –accessing sensitive data that GreyHeller’s ERP Firewall systems has been configured to protect – that sends the message to the external voice call system. That system then retrieves data containing the requested credentials from PeopleSoft. The user then enters the 2FA pin on the challenge screen which completes the challenge.

iScripts, JAR files, custom application packages, third party integration – sounds complicated right? Wrong. ERP Firewall seamlessly integrates from the user’s page action to the delivery of the call in less than 3 seconds.

The message can be customized to contain important information in addition to just the 2FA pin. This information could be beneficial and timely.

Click to Call joins ERP Firewall’s other 2FA challenges methods:
o Text
o Email
o Time-based one time password (TOTP)
o Duo Security
o Instant Messaging
o Biometrics.

Read more…

How much does it cost to avoid a breach?

If organizations won’t spend what’s necessary to license technology that protects their sensitive data because of cost considerations,we believe class action lawsuits will be a sea change in that way of thinking.
Here’s a link to the PC Chang breach class action law suit.

Read more…

Customer Success: H-E-B

GreyHeller was brought into H-E-B to help compete against Workday who was leveraging internal user dissatisfaction with PeopleSoft.

  • Retail Grocery:  Texas and Mexico Our Story
  • 340 stores and 76,000 employees
  • Phase 1: Mobilize HCM 8.9 / PeopleTools 8.49
  • Phase 2: Mobilize HCM 9.2 /PeopleTools 8.54
Read more…

Lessons from the Code Spaces DDoS

Last week the website Code Spaces (link) was attacked by a distributed denial of service attack (DDoS). This is a pretty normal occurrence that gets handled by systems and normal access is back soon. What makes the Code Spaces attack interesting is that a person had gained access to the EC2 control panel for the company and wanted a ransom to stop the attack.

There are numerous details on the link above to find out what happened next.

What can be learned from an attack like this?

DDoS attacks are still active and happen frequently. Evernote was hit earlier this month with the attack causing at least four hours of outages. A video game company’s website was hit this week as well with traffic peaking at 110 gigabytes per second. Estimates are that DDoS attacks will be in the range of terabit sized attacks in the near future.

Many organizations believe that everything is safe in the cloud. Basic functions are handed off to the cloud vendor who must prioritize clients: entrusting backups, restores, disaster recovery. Best practices dictate that your organization’s business continuity plans take these risks and assumptions into consideration. Anytime you give up those controls, risk is added into the equation.

Another risk in moving mission critical functions to the cloud is Internet connectivity and lack of access to production systems if Internet is down.

We recommend:
• Testing backups to ensure restores work and expectations are met.
• Implement business continuity planning and determine how cloud providers play into those plans– test your disasters, be prepared.
• Determine connectivity issue frequency – build contingency plans to reach the cloud during outages.

Read more…

Another day another phishing attack

A single compromised website hosted 862 PHP scripts. Think about that for a minute – 1 server, with 862 scripts. These scripts targeted banking, webmail, PhotoBucket and many online dating sites. The attackers utilized the dating sites to eventually request money from the users. The time and energy invested in this attack is stunning. More information on the attack here.

From a PeopleSoft customer perspective, phishing attacks can be a daily event. Sophistication and success of these attacks varies greatly. End user training and support only goes so far in defense of the organization. Costs of remediation continue to soar. All it takes is one slip – one click – one password.

Compromised ERP solutions cost organizations time, money and lost credibility with constituents.

Is your organization going to continue to risk all of that on a single user id and password?

The attackers have all the time in the world, but you do not… The time is now for implementing Two-Factor Authentication (2FA) to help mitigate these attacks.

Read more…