Security design

Security is always a concern, no matter what application you work on or design. Whether on-premise or in a cloud environment, failing to secure your application exposes an organization to tremendous risk and can severely damage the organization's reputation. Take security design and implementation very seriously and start the security model design early.

Your organization likely has standards on how all applications authenticate users and what data can be accessed based on role. You may also be required to use third-party authentication tools when invoking web services or when another application calls Pega as a service. Ask the enterprise architecture team or technical resources at the organization for security standards to know what you need to account for in your design and implement in the application.

An organization's security policies are often the result of industry regulatory requirements. Many industries have specific regulations on sharing data outside of the organization as well as within the organization. For example, in the United States, healthcare organizations comply with HIPAA (Health Insurance Portability and Accountability Act). Educate yourself with industry and government regulations that apply to the application you are designing.

If the application resides in a cloud environment or is a hybrid cloud/on-premise deployment, acquaint yourself with the network architecture and security protocols in place. Learn who is performing what role in maintaining the security of the application. For example, Pega Cloud describes the architecture, security controls, compliance with government standards, and monitoring services Pega Cloud offers in the Pega Cloud Security Overview document. Work with the infrastructure teams at your organization to identify security contacts and what measures are in place to protect application data and customer privacy.