Remote Workforce
2
Who we are
We are a team of proven experts in JD Edwards.
3
How We Will Help
Ensuring the right balance between maintenance and
innovation
Uncovering the hidden possibilities
in JDE to help organizations realize
their full potential
Creating the best path toward your business goals
OptimizedPlatform
We make EnterpriseOne work better for
people, and work harder for businesses.
Extend & Innovate
InformationClarity
OUR PEOPLE
Why work with us?
OUR VALUES
OUR FLEXIBILITY
9
Agenda
Challenges Facing a Remote Workforce
Regulations
Security Principles
Layers
10
Remote Workforce
• Satellite/Remote Office
• Work from Home (SOHO)
• Mobile / IOT
• BYOD
• Cloud Computing
• New interfacing methods; AIS/Orchestrator
• AI, Chatbot’s, Automation, Autonomy
• New Authentication
• LDAP, OATH, Biometrics
• B2B
11
Regulations
SOX, FDA, ITIL, ISO• Document your policy/process• Audit to ensure you are following your process
ITAR• Strict restrictions on information access• Auditing of information• Security and handling of sensitive information
HIPA, FCAC, GLBA
12
Mantra
Do what you say you’ll do• Create good policies and follow them• Password complexity and reset• Account provisioning and termination
Secure to the level you need to• Analyze your risk• Consider your key process (i.e.: credit card processing,
payroll/HR)
Audit, review, refresh policy regularly• Review your policies to ensure they are still relevant• Audit to ensure you are following your policies
13
Layers of Security
• Only as strong as your weakest link
• Consider each link in the chain
14
Perimeter
• Physical security
• Firewall
• Restrict port (typically HTTP for redirect and SSL port)
• DOS (Denial of Service)
• Brute Force Attack
• Geofencing, restrict geographic zones
• i.e.: North American IP addresses only
15
Perimeter
DMZ (demilitarized zone)
Reverse Proxy
• Isolate sensitive data
• Offload SSL security
• Load balancing
16
Network Security
ACL from your DMZ into your regular network • Only allow what is needed• Minimize what you put into the DMZ or you will need to open
more ports• Consider putting an AIS server in the DMZ so you can enforce a
route to a specific JAS instance
Network segments within your network • Routing of traffic• Trade Off: extra security vs extra maintenance
17
SSL – Secure Socket Layer
• Public/private key pair for encrypted connections
• Certificate is tied to a domain. IE – https://mobile.example.com
• Can purchase wild card certs - *.example.com
• Google boosts ranking for SSL sites
• Must use a Trusted Authority
• Should include non-production environments
• Must use RSA 2048bit as a minimum
• SSL certificates internally??
18
SSL – Secure Socket Layer
19
Device Management Security
MDM (Mobile Device Management)
• Software to help manage and secure mobile devices
20
Device Management Security
Key Features
• Provisioning and security policy
• VPN and WIFI setup
• Application distribution and configuration
• Containerization: ability to encrypt/encapsulate
corporate data
• Remote tracking, locking and wiping of data
21
VPN vs Remote Exposure
VPN Remote Exposure
• Most secure• Less backend setup
• Most convenient • Little setup for the users
• Extra setup for the users• Potentially less productive• No 3rd party/cloud connections• Complacency on security policies
• Added risk• More setup and management for
security
22
JAS Server Security
Allowed Host: Restrict what server can talk to that JAS instance
23
Application SecurityCreate a custom JDE environment to restrict application• Share pathcode, data sources and OCM’s
• IE – Copy JPD920 to RPD920
• Custom JDE security allowing only mobile/remote apps that
are required
• Restrict apps for remote (IE – No GL posts!)
• Lock a JAS instance to that environment
• Restrict a AIS server routing to specific JAS instance
• Ideal for portal instances as well
• Don’t give admin accounts access
24
Locking JAS Server to an Environment
25
Database Security
• JDE comes with 2 levels of security now jdeadmin and
jdeusers
• Still allows DB access to all tables via JDE security
• Setting up DB level security would require:
• New datasources for the external environment
• Custom user security mappings to new system
accounts
• Identifying and configuring table level security
• Consider locking down sensitive information