Understanding security basics
Pega Platform™ protects against various security risks, whether accidental or malicious. Use its authentication, authorization, encryption, and auditing features to secure and monitor your application.
Information technology organizations are highly concerned about application and data security. Security failures that expose an organization can have severe consequences, including damage to reputation, loss of customers, lack of customer trust, and potential legal and financial penalties.
The goal of security is to maintain availability, integrity, and confidentiality by implementing authentication, authorization, encryption and auditing. Availability means that authorized users have access to the systems and resources they need. Even a short disruption of system availability can lead to revenue loss, customer dissatisfaction, and reputational damage. Malicious actions such as denial-of-service (DoS) attacks and network intrusions can compromise availability, causing more application downtime and lack of access to data. When integrity is compromised, unauthorized individuals modify systems or data. When confidentiality is compromised, unauthorized individuals gain access to systems or data.
Application security levels in Pega Platform
Application security in Pega Platform is configured on three levels:
- Data in transit
- Data at rest
- Data on display
Data in transit
Transport-level security secures data in transit for browser-based sessions, while authentication profiles secure data for connectors and services. Transport Layer Security (TLS), formerly known as Secure Socket Layer (SSL), provides point-to-point security by securing data only when it is in transit, To achieve end-to-end security, application-level security is necessary, which complements Transport Layer Security. The configuration of application-level security depends on the software used to build the application. For example, an XML signature can be used for user identity to access application data.
Data at rest
Data at rest is secured using an encryption mechanism provided by the database vendors/providers. Pega Platform also supports encryption of individual database columns through its built-in encryption feature, using the Advanced Encryption Standard.
Data on display
Data on display is secured through several methods. Role-Based Access Control (RBAC) restricts access to data pages based on user privileges. Attribute-Based Access Control (ABAC) allows for encryption of specific data properties and automatic decryption for selected read operations.
Check your knowledge with the following interaction:
This Topic is available in the following Module:
Want to help us improve this content?