Skip to main content



Suggest edit Updated on June 30, 2021

Pega Platform protects you against a wide variety of security risks, whether inadvertent or malicious. Use the platform features related to authentication, authorization, and auditing to protect and monitor the use of your application.

Security basics

Security failures can expose your organization to severe consequences, such as a negative perception of your organization’s reputation, customer loss, lack of customer trust, and potential legal and financial penalties.

Goal of security

The goal of security is to maintain availability, integrity and confidentiality. This goal is primarily accomplished by implementing authentication, authorization, and auditing. When confidentiality is compromised, unauthorized individuals gain access to systems or data. When integrity is compromised, unauthorized individuals can modify systems or data. When availability is compromised, unauthorized individuals can cause disruption of application or web availability, affecting access timing and uninterrupted access.

The combination of an evolving regulatory environment and threat landscape have put a burden on customer engagement and digital process automation teams. Critical business systems have become more interconnected and need to maintain increasingly sensitive data as regulations expand.

Pega Platform security features

Pega Platform provides powerful capabilities for implementing security in your applications, especially when you deploy guardrail-compliant applications. The Pega Platform model-driven architecture helps you to secure applications in most cases by configuring built-in features, and you do not need to rely on custom code built by developers who are not security experts.

Other Pega Platform security components

In addition to features that explicitly accomplish authentication, authorization, and auditing, other Pega Platform components represent important policies, assets, and safeguards to use with these features.

Certificate, key, and token management
The management of these important assets is critical to the secure functioning of other security features.
Confidentiality and encryption
The confidentiality of your sensitive data at rest, in transit, and in use is extremely important. Pega Platform uses state-of-the-art encryption features that allow you to secure sensitive information at any point in a business process.
Virus checking
Pega Platform allows your application to link to a third-party virus checking program before processing any email or attachment.
Content security policies (CSP)
Use CSP to lock down your application to mitigate the risk of content injection vulnerabilities (such as cross-site scripting) and reduce the privileges required to run your application. Pega Platform only sends these headers on dynamic content requests, not static content requests.
For more information, see:
Did you find this content helpful? YesNo

100% found this useful

Have a question? Get answers now.

Visit the Collaboration Center to ask questions, engage in discussions, share ideas, and help others.

Ready to crush complexity?

Experience the benefits of Pega Community when you log in.

We'd prefer it if you saw us at our best. is not optimized for Internet Explorer. For the optimal experience, please use:

Close Deprecation Notice
Contact us