Workday HCM manages your organization’s most critical data. Employees’ Service Performance Insight (SPI), Personally Identifiable Information (PII), Payroll-related information, Performance reviews, Time Tracking, and Recruiting are all critical to the core functionality of your company. How this data is protected is essential to your company’s overall security—and is your first priority when routinely testing your Workday HCM.

Shared Security Responsibility

Workday, like other cloud-based platforms, uses a shared security model. This means that Workday takes responsibility for certain major aspects of its own security:

  • Data isolation. Workday data is housed on multi-tenant servers that Workday owns and operates. It is Workday’s responsibility to ensure that every customer’s data is well-isolated and that there is no contamination from another customer’s data.
  • Data encryption. Workday encrypts all customer data so that, even in the event of a data breach, it is not easy to decrypt. There are two types of data encryption: data encryption at rest and data encryption in transit.
  • Login security. Workday supports multiple types of application logins on its platforms, including Single Sign-on (SSO), Lightweight Directory Access Protocol (LDAP), and Security Assertion Markup Language (SAML). How your applications and data are accessed is important to security, and Workday’s default requirements are inherently strong.

Other aspects of Workday security, however, fall within the customer’s domain of responsibility. Security testing can be a cumbersome task, with many opportunities for human error. With Genie, however, you can accomplish these same tasks, quickly and easily, in just five simple steps:

  1. Access Controls
    First, configure access controls for users by creating Workday Security Groups: role-based, user-based, and standard worker. Automated testing allows you to easily scale access levels to multiple users—unlike with manual testing, which requires review and assignment of access each time you run a test.

Genie assigns different levels of access so that only some users can create and manage tests, while others can only view tests. The testing process requires access to sensitive areas within the Workday database, so it’s important to follow the principle of least privilege and only give users the necessary access based on their job function to complete their key tasks. Genie provides reports on each security group or user’s access level, what they can see, and what tasks they can perform. These reports can be used for yearly internal audit purposes.

  1. Positive and Negative Testing
    The goal of positive and negative testing is to surface bugs, security vulnerabilities, and malfunctioning features across the application. To do this well, users should push the application to its limits by providing both valid and invalid data to determine whether the software behaves as expected and remains stable. Although it’s not possible to test every permutation and combination of how the application works, testers should be one step ahead of users in this aspect and attempt as many scenarios as possible. Genie comes standard with thousands of scenarios that can validate both positive and negative test scenarios.
  1. Integrations Testing
    Integrations are essential to Workday so it’s important to test these integrations to ensure that they are secure and are handling data as expected. Typically, an organization has multiple integrations with applications like Salesforce, ServiceNow, Cornerstone, SAP ERP, Oracle EBS, Atlassian Jira, and custom applications built in-house. The number of integrations can range from tens to hundreds that enable cross-department operations and complex workflows, as well as the automation of these workflows.

As Workday releases updates, and as the various applications that are integrated are updated, these integrations need to be regularly checked. Many security breaches occur when third-party applications misuse their access to an application or they handle data carelessly. Genie automated testing puts checks and balances in place to ensure that integrated third-party applications are monitored, valid, and compliant. Genie’s robust integrations testing can also validate file types and scenarios and can be scheduled to run on a periodic basis and during upgrade cycles.

  1. Auditing & Compliance
    Auditing and compliance validation should be done frequently as updates and changes to the Workday platform are ongoing. Genie automated testing can execute quick checks across the system to ensure that adequate steps were taken to secure data and allow only authorized access. Genie produces security audit reports that are 100% audit compliant and, as mentioned previously, can be a valuable tool during audit periods.
  1. Reporting on Security Events
    Genie automated testing surfaces security loopholes and reports on vulnerabilities before the application is released and the vulnerability has the opportunity to compromise data. The detailed reporting allows you to review test metrics for any potential security compromises so that you can spot and stop an issue from escalating.

Genie also enables real-time and detailed reporting that is easy to analyze and view at every level, be it a broad overview or in minute detail. It’s easily shared, providing each team with reports for their access-level. It also includes real-time alerts that immediately notify the appropriate person that action needs to be taken when an event has just occurred or is about to occur.

Genie test automation tool proactively supports security for your Workday HCM by checking user access controls (who should have access and to which level), enabling positive/negative testing, and surfacing bugs quickly and easily. Genie tests Workday integrations at scale and ensures that every part of the application is compliant and auditable. Genie also provides detailed reporting that provides both macro and micro views necessary for managing and operating Workday applications.

Genie is a robust testing tool that takes your Workday security to the next level by ensuring that all core security features are tested successfully to maintain high levels of security. Why waste time and resources on the manual security tasks of writing test scripts, generating reports, and reviewing test results? Let Genie free your resources, increase your testing accuracy, and support your yearly auditing and compliance by automating your Workday HCM security management—safely, securely, and efficiently.

Learn More About Genie Data Security