100% audit compliance: How a leading financial institution strengthened Workday security with Smart Shield
100%
30,000+
Granular
Enhanced
"With Smart Shield, we proved to our internal audit team that we now have the controls in place to prevent unauthorised access to compensation and personal data."
About the organisation
This leading financial institution serves hundreds of thousands of members with assets exceeding billions. As a prominent employer with branches across multiple regions, it is committed to operational excellence and community growth.
Addressing Workday security challenges in non-production environments
As part of its digital transformation, the organisation implemented Workday to enhance operational efficiency, financial decision-making, and workforce management. However, securing Workday’s lower environments — where HR teams conduct testing and updates — proved challenging.
The existing proxy access model required HR staff to have broad access during testing, which increased the risk of exposing sensitive employee data, such as compensation details. Internal audits flagged this as a compliance gap, prompting the need for a secure solution to restrict unauthorised data visibility. “With the ability to proxy in our lower environments, we knew we needed a stronger security layer to ensure sensitive data was protected,” said the organisation’s IT security lead.
Implementing Smart Shield for Workday compliance and data security
To meet audit requirements and bolster Workday data security, the organisation selected Smart Shield — a Workday-native data masking solution. Smart Shield provides granular access control, allowing HR teams to perform testing without exposing confidential HR and payroll data. “With Smart Shield, we proved to our internal audit team that we now have the controls in place to prevent unauthorised access to compensation and personal data,” the security lead explained.
Protecting 30,000+ sensitive fields in Workday environments
Smart Shield was deployed across the organisation’s Sandbox, Sandbox Preview, and Implementation tenants, masking over 30,000 sensitive fields. This ensures critical HR and financial data remains protected while enabling teams to carry out essential updates and testing.
Enhancing proxy access control for HR teams
The organisation needed to strike a balance between enabling proxy access and maintaining strict data controls. With Smart Shield’s role-based access capabilities, HR teams now view only the information relevant to their roles. “It was perfect for our performance enablement team. They need proxy access but don’t need to see compensation details. Now we can unmask only what’s necessary while keeping sensitive info secure.”
For users outside privileged access groups, Smart Shield automatically masks sensitive compensation data while maintaining access to non-confidential financial information. “We created a dedicated profile for those outside of privileged access groups. Sensitive data is masked by default, giving us complete control over data privacy,” the team noted.
Future-proofing Workday security and compliance
By implementing Smart Shield, the organisation has reinforced its Workday security posture, achieved full audit compliance, and strengthened HR data privacy. “We’ve significantly improved security and compliance across Workday, and Smart Shield continues to be a key part of this strategy.”
Looking ahead, the institution is committed to enhancing its Workday capabilities and proactively mitigating future data security risks.