Vigilance and Preparation are Key

Security is a top concern for every organization. It is vital to protect your data and have a plan for the possibility of a breach of security. Greg Kelly, Product Strategy Manager at Oracle, gave a presentation at RECONNECT 18 that started with the following quote; “When a crisis arrives, the time for preparation has passed.” This could not be more true for security.

Hacking is becoming an increasingly more prevalent problem. Email servers, IoT devices, phones, tablets and more are all susceptible to security breaches. It’s best to be proactive against these kinds of attacks and have a plan to protect your organization.

Tips and Best Practices

Here are a few tips and best practices that Greg highlighted from Oracle’s Security Red Paper:

• Have additional network protection like intrusion detection/prevention systems or web application firewalls
• Know how to disable configuration re-initialization and browser caching and how to enable TUXEDO Encryption
• Change the Access password and Connect password
• Review the single sign-on configuration
• Use strong node passwords or use certificates
• Limit access to Weblogic Console
• Review query security
• Enable SQL error message suppression
• Consider auditing

Oracle Security Enhancement Plans

While those are just a few of the things that you can do to protect your organization, Oracle has also made several security enhancements to both PeopleTools 8.55 and 8.56. There are also planned security enhancements on the roadmap for PeopleTools 8.57.

Roadmap features for PeopleTools 8.57 include:

• Adding AES to PSCipher routines for stronger encryption
• Improving the ability to mask output display to support data privacy requirements
• Reduce the requirement to use Root access to deploy DPKs
• Provide the ability to implement Access Control by PeopleCode to static resource files like images and HTML on the web server
• Offer guidance on the proper way to frame PeopleSoft application content for consumption within third-party portal products
• LCM-PTF: Support to import and export encrypted files
• LCM-PTF: The ability to add PeopleSoft security to PeopleSoft Test Framework to restrict visibility and access to specific actions at the folder level

To learn more about different hacking concerns, real-life cases, solutions to mitigate hacking concerns and ways to prevent PeopleSoft from becoming collateral damage, watch the full presentation:

Do you want to learn more about how you can protect your software from potential threats? Learn more about cybersecurity in this previous Quest blog post: Is Your Software Vulnerable To Cybercrime?