How Falcon Shield helps secure Workday
CrowdStrike Falcon® Shield enhances Workday’s built in protections through continuous security checks that identify configuration drifts that could expose personally identifiable information (PII) and financial data.
Limit overprivileged users
Map users’ roles to detect permission sprawl and identify over-privileged users:
- Group users by roles and permissions
- Identify users with access to multiple domains
- Identify unfunctional users with high permissions who are inactive
Enforce a strong access control policy
Prevent unauthorized users from accessing sensitive employee and financial data:
- Enforce MFA
- Implement a limited MFA grace period
- Enforce a 15-minute automated session timeout for inactive users
Silo Workday data effectively
Limit the number of domains granted to a security group:
- Identify security groups with access to an excessive number of domains
- Remove unnecessary domains from the security group
