Sentinel Reinvents PeopleSoft Security

Published by Macy Sears on October 10, 2020

Sentinel Software is a bolt-on application that was engineered and developed by leading PeopleSoft security industry experts. Sentinel’s mission is to address and provide solutions for well-known challenges experienced by organizations running PeopleSoft.

Founded in 2016; Sentinel is a member of the Oracle Partner Network and has achieved Oracle Validated Integration. The company has also received Oracle Cloud Marketplace certifications for Security Administration, Access Request, Audit Reporting, and Data Masking modules.

The solution supports all PeopleTools versions 8.49 and upwards, and PeopleSoft versions up to 9.2.

PeopleSoft Security Architecture

The PeopleSoft security architecture consists of complex layers and system permissions that together grant and control user access to menus, pages, and overall data within the application. Implementing privileges on a large scale requires an efficient method of granting user access to properly maintain security measures. Understanding the PeopleSoft security definitions serve as the foundation of a robust and secure system. 

  • User Profile – Any individual that is set up to access the PeopleSoft system. Roles are attached to user profiles to provide access to Menus/Pages, Processes, and Data within PeopleSoft.
  • Role – Serve as the intermediate link to enable user access to business processes. Traditionally, a user is assigned multiple roles that provide access to designated Menus/Pages relating to their job qualifications. Application permissions cannot be directly attached to a role.
  • Permission List – Are the building blocks of PeopleSoft security administration. Pages, data sets, and application processes must first be attached to a permission list, then assigned to a role, in order for a user to gain access.

PeopleSoft Administrator Challenges

Roles and Permission Lists contain a combination of general and privileged access pages. It is common to see roles shared among several groups of users, cloned, updated with additional access levels, and then re-assigned onto another user as a way to save time. Changes to user permissions and the provisioning/deprovisioning of accounts are not only time-consuming, but it’s also very difficult to properly maintain.  

The PeopleSoft application does not provide the capability for an administrator to quickly drill-down to gain perspective into the makeup of a user’s authorization privileges. As a result, users accumulate excessive or unauthorized access over time that increases an organization’s risk and the chance of audit compliance violations. Identifying privileged access within the PeopleSoft application is time-consuming in itself, but then to also remove or edit the access results in additional steps for the security administrator. This also holds true for Sensitive Data (PII/PCI), resulting in a lapse of users with unauthorized access.

Sentinel's Solution

Although managing users and their permission lists continue to be one of the most rigorous PeopleSoft security administrative tasks, Sentinel eases this process by creating a quicker, easier, and more visual environment. While the software simplifies PeopleSoft security user administration, it is not an all-out replacement for Row Security and User Preferences. Its intent and design aim to provide administrators with user authorization insight, reduce time spent on unnecessary tasks, and apply manual changes quickly if/when necessary. 

  • See What They See – Enabling full visibility for both administrators and managers to see the Menus/Pages that users can view in their PeopleSoft profiles. This limits the gap of communication or guessing-game between front-end users and their back-end administrators.
  • Menu Based Security – Eliminates the need for managers and administrators to find components. Users, Roles, and Permission Lists can be updated using a PeopleSoft navigation menu or object definition list that includes Page Components, Web Libraries, Web Services, Process Groups, and Component Interfaces.
  • Central User Administration – Allows administrators to view all databases that a user has access to and simultaneously create or lock accounts across any environment from one centralized point. 

The Sentinel platform also includes ready-built modules for managing Access Requests, Data Masking, Audit Reviews, and an Upgrade Manager that compares multiple environments to identify differences between applications, and security permissions.

Cloud Security

The Sentinel Software solution is now available for the cloud network infrastructure. Sentinel’s cloud solution is hosted on Oracle’s Gen2 Cloud Infrastructure (OCI). Oracle’s Cloud is engineered with several enterprise security technologies, outlined in its security overview.

Oracle Cloud is optimized to most efficiently run the PeopleSoft applications and comes complete with the PeopleSoft Cloud Manager (PCM) tool, further assisting and automating various lifecycle management actions; including PUM Images, PeopleTools Patches, and PeopleSoft Change Management Tools.  

Sentinel supports the Oracle Cloud Infrastructure as Oracle’s commitment to heightened cloud security aligns with the company’s values and mission.

VPN Connection

The Virtual Private Network (VPN) connection uses industry-standard IPSec protocols. The Oracle service that provides this site-to-site connection is named VPN Connect.

VPN Connect offers site-to-site IPSec VPN between your on-premises network and your Virtual Cloud Network (VCN). The IPSec protocol suite encrypts IP traffic before the packets are transferred from the source to its destination and then decrypts the traffic when it arrives. 

The Virtual Cloud Network (VCN) provides customers with complete control over their network environment, which allows you to assign Private IP addresses, subnets, route tables, and configure stateful firewalls.

Data Encryption (At Rest / Transit)

  • At Rest – Any data customers stored with any of the OCI data services (Block Volumes including Boot Volumes, Object Storage, and Fire Storage) are protected by encryption keys. Oracle Transparent Data Encryption (TDE) is used for encrypting data in database data files and in backups.
  • In Transit – The security of data in transit is achieved through network encryption and the VPN Connect.

Data Privacy

Oracle’s Gen2 Cloud keeps customer code, data, and their information on a bare metal machine, while its cloud control code is housed on a separate computer under different architecture. This ensures Oracle does not have insight into the contents of customer data. 

Customer information also remains protected within Sentinel’s architecture. For your privacy, Sentinel Software does not store any PII/PCI data. Common PeopleTools security and navigation tables are compiled into Sentinel’s database for administration and auditing purposes.

High Availability

The Oracle Cloud Infrastructure is designed to provide its customers with maximum availability and uptime accessibility. An OCI region consists of a localized geographic area encompassing one or more availability domains, each composed of three fault domains. Oracle ensures high availability with the redundancy of fault domains within the availability domains. 

Their availability domains are separated, located in various regions, fault tolerant, and unlikely to fail simultaneously. As they do not share physical infrastructure; power, cooling, or the event of a natural disaster impacting one availability domain is unlikely to impact the others. Upon configuring your cloud services, if the services are specific to an availability domain, it is important to access and leverage multiple availability domains or fault domains to maximize availability and protect against failures.

Connectivity

If at any time the Sentinel connection becomes unavailable, PeopleSoft Users will not be affected in the traditional PeopleSoft application setting. Only users of Sentinel will lose access, but any use of PeopleSoft within the original application including security updates can be administered as normal. Sentinel will automatically update when connectivity is restored. 

Sentinel Software and PeopleSoft can co-exist and updates completed in either application are automatically synced over in real-time. All updates made in PeopleSoft automatically carry over into Sentinel and updates made within Sentinel transfer over to the Oracle database. Transaction logs are also stored within the Sentinel database, creating an audit history of Sentinel completed changes.   

  • Sentinel can be paused or discontinued without affecting the PeopleSoft security administration functionality. 
  • If the use of Sentinel is discontinued, all updates, including Users, Roles, and Permission Lists remain active in PeopleSoft.
  • PeopleSoft accounts and login authentication will always remain within your PeopleSoft application.

Related Articles