Are you confident in your Workday security setup?
Discover what could be creating data governance gaps in your organisation and see why you should address them.
When the topic of security for HR comes up, many leaders’ minds jump to the high-profile security breaches that make dramatic headlines. These often lead to employee data being stolen, including banking details, security numbers, birth dates and even home addresses.
There’s no doubt that these threats are an important concern for any HR leader – as cybercriminals continue to find new methods of attack, organisations will need to adapt to defend themselves. But many organisations don’t realise they’re also leaving themselves exposed internally.
It’s easy to leave your business – and your employees – at risk by making crucial mistakes in the configuration of your Workday security. But there are some steps you can take to ensure you’re protected.
Here’s a look at why Workday security is so important, where you might be vulnerable, and what you should be thinking about.
About Preos
At Preos, we help our clients get the most out of Workday. We ensure your organisation is using the platform to its full potential and getting the best possible return on your investment.
We address any inherited issues, increase user adoption, offer Workday support and introduce processes to ensure Workday meets – and continues to meet – the needs of your business in the long term.
learn moreThe risk of losing your employee’s trust.
While external data breaches can quickly reduce the trust of your customers, internal security flaws risk damaging the trust of your employees by threatening the privacy of their personal information.
Any enterprise management system will have a wealth of personal information about employees. But in a system like Workday, which combines financial, people and operational data all in one place, there’s even more at risk. In many cases, this will include highly sensitive data that covers everything from employees’ disabilities and gender to their home addresses and bank account details.
If any of this information is seen by colleagues who shouldn’t have access to it – or even worse, leaked outside the organisation – it can be incredibly damaging to your employees’ personal lives and their trust towards your company.
In extreme cases, this could happen because of malicious intentions – a disgruntled employee might look to create damage in the organisation. But often, it’s down to a poor Workday configuration.
The common challenge of data governance in Workday.
Ensuring every part of your Workday setup is airtight is no easy task, but one of the most common faults in security setups we see is poor data governance configuration.
If data governance is poorly configured, people in your organisation might be able to see more types of data than they should or have access to more colleagues’ data in Workday than what’s necessary for their role.
For example, your line managers might need to see the compensation of employees in their team, but they likely won’t need to see their banking details. Similarly, they won’t need access to the data of employees outside their team.
In cases where governance measures fail, it can quickly lead to distrust among colleagues, and between employees and the business. But the consequences can be more than just damaged employee trust.
The UK’s Data Protection Act – and equivalent regulations such as the EU’s Privacy and Electronic Communications Directive – don’t just define data breaches as unauthorised attempts to access organisations’ systems. The term also covers instances where the confidentiality, availability and integrity of data have been compromised.
That means poor data governance within Workday could put you at risk of breaking compliance. And if you get audited, it could be a major issue for your organisation.
But how do these data vulnerabilities occur?
Where you might be creating vulnerabilities in Workday.
Data vulnerabilities can form at any point when using Workday. And it’s often down to the management of security roles.
Security roles in Workday define which people can access which data sets. But after their initial setup, organisations can create more roles whenever they need, which can quickly lead to huge complexity. These roles may be created when people move around within the organisation, or the organisation expands and creates new positions.
Whatever the case, if the person who creates these roles leaves the business, it can be difficult to understand who has access to what. And even if data privacy officers do remain in the business, it’s easy for the number of security roles to grow out of control.
In other instances, vulnerabilities can be created from the moment you implement Workday. If you don’t follow Workday’s philosophy from the very beginning, and instead try to make it work like your legacy system by using additional security rules, managing data governance will only get more difficult.
Also, if you don’t set your security rules up for scalability, you’ll quickly encounter more data governance challenges as your organisation grows and may even be forced to redesign your entire setup.
This is something we often see in acquisitions. When the acquired company isn’t properly consolidated into the organisation, data governance gaps are easily created. This might be because the acquisition follows the security rules of the company being acquired rather than the parent company, which might include different job profiles, role privileges and compensation grades.
Get in touch to discuss your Workday setup
Your Workday security model will be determined by the structure of your organisation. A large organisation will likely require you to make additional exceptions to Workday’s security roles, which will add to the complexity.
However, regardless of your size, you should configure your security in a way that allows for global design, scalability, and flexibility. You should also regularly review your data governance setups if you make significant changes.
As a Workday partner, we have experience helping organisations optimise their Workday setups to ensure they’re protecting their people and their operations, and remaining compliant.
Get in touch today if you have any concerns about your Workday security setup, and see how we can help.