Best Practices for Developing Your JD Edwards Security Strategy
We all know how critical security is to an organization’s success. With the average cost of a data breach in the US now at $8.19 million, no one wants to make a multi-million-dollar mistake. At the same time, a system that’s locked down like Fort Knox doesn’t exactly make it easy for your users to access the applications they need to do their jobs.
If it’s been a while since you implemented JD Edwards (or security wasn’t a strategic priority during a recent implementation), you’ve come to the right place for advice on how to balance between those two extremes. Read on to learn where to focus your efforts first.
Why Revamp Your Security?
With compliance mandates and audit requirements to keep in mind—not to mention the specter of incredibly expensive security breaches—there’s never been a more important time to review your company’s JD Edwards security setup. Here are some questions to think about with your current security process:
- Are duties clearly defined?
- Are your roles aligned with current business processes?
- Is an open access policy right for your business?
- Are people getting access to more than what their job requires?
- What are the defined controls for assigning and delegating security?
If you have trouble answering those questions—or didn’t even know they were something you needed to think about—it’s time to make some changes.
Basic Requirements of JD Edwards Security
To strategically and successfully revamp your security, take a good hard look at your current company culture, compliance, regulatory requirements, and corporate structure. Additionally, make sure to outline these basic JDE Security requirements:
- All users get access to what they need
- Sensitive information is constantly protected
- Your application, action code, and data live in a secure environment with an “All Doors Closed” policy
- Appropriate controls are established using segregation of duties
- Security tables are kept small
JD Edwards Security Best Practices
First, keep in mind that the place to manage your JD Edwards security is the Security Workbench. The Security Workbench helps you secure your data, application, and functionality, all in one place, as well as providing you with user-based, role-based, and system-wide access control.
Another critical requirement is securing your company’s sensitive information with data encryption. JD Edwards has the latest encryption tools and it’s strongly suggested for users to take advantage of them. These features are enabled by default for cloud users. You need to manually turn it on if you’re an on-prem user.
The easiest way for hackers to get access to your data is by gaining access through passwords. Therefore, creating expanded user IDs and passwords is another step to help mitigate a million-dollar mistake. Passwords in JD Edwards have been extended to 40 characters (previously they were 10 characters) and are case sensitive. It’s also a best practice for companies to enforce complex password requirements (special characters, numbers, etc.) for employees.
Speaking of employees, it’s important to remember that your security takes into account external and internal threats. Whether it’s an accidental error or a deliberate action, someone with access to important data can wreak havoc in a system with wide-open settings. Lace things up tight, however, and you can nip those potential problems in the bud.
Implementing Your JD Edwards Security Strategy
Security should always be a top priority for any business. Our senior-level JD Edwards consultants can make sure you have the appropriate configurations and plans in place to help reduce your vulnerability to attacks. Let our consultants partner with you to make sure you’re striking the right balance between tighter security features and giving your stakeholders the smooth, functional user experience they expect.