Skip to main content

Security and data protection

Suggest edit Updated on December 1, 2021

Pega Cloud services provides a secure and robust environment that includes your environment infrastructure and the Pega software that you requested Pega to install in your environment for you.

Every Pega Cloud services environment offers a high level of security and data integrity, including the following:

  • Host-based virus protection services, scans, and signature updates
  • Protection against DDOS attacks
  • Usage of known IP address reputation lists to block access from bad IP addresses
  • Host-based Intrusion Prevention System (IPS) and File Integrity Monitoring
  • Continuous security monitoring of Pega Cloud services environments
  • Pega Cloud services client-specific data-at-rest encryption and data-in-transit encryption
  • Dedicated security team that manages compliance, security monitoring, and security event response
  • Vulnerability and security management of Pega Cloud services environments

Pega Cloud services client vulnerability testing requests and other security reviews can be accommodated following the vulnerability testing policy.

Pega Cloud services clients are responsible for following application-design best practices and principles in building, maintaining, and securing the configured elements of their applications.

  • Data-at-rest encryption in Pega Cloud

    Pega Cloud services uses data-at-rest encryption (DARE) in all Pega Cloud services to help you secure your application data, as well as to help you comply with industry-standard security requirements. "Data at rest" refers to any content that is saved the cloud service.

  • Data-in-transit encryption in Pega Cloud

    Pega Cloud services maintains policies to implement data-in-transit encryption for all Pega Cloud services sandbox and production environments.

  • Vulnerability testing policy for applications on Pega Cloud

    Pegasystems permits Pega Cloud services clients and Pega Cloud for Government clients (hereinafter referred to as "Pega Cloud" clients) to conduct security assessments for applications on Pega Cloud as needed, when such assessments are preauthorized and performed within the guidelines described in this article.

Did you find this content helpful? YesNo

Have a question? Get answers now.

Visit the Collaboration Center to ask questions, engage in discussions, share ideas, and help others.

Ready to crush complexity?

Experience the benefits of Pega Community when you log in.

We'd prefer it if you saw us at our best. is not optimized for Internet Explorer. For the optimal experience, please use:

Close Deprecation Notice
Contact us