Security

Pega Platform protects you against a wide variety of adverse security risks, whether inadvertent or malicious. Use the platform features related to authentication, authorization, and auditing to protect and monitor the use of your application.

Application and data security are major concerns of information technology organizations today.

Security basics

Security failures can expose your organization to severe consequences, such as a negative perception of your organization’s reputation, customer loss, lack of customer trust, and potential legal and financial penalties.

Goal of Security

The goal of security is to maintain availability, integrity and confidentiality. This goal is primarily accomplished by implementing authentication, authorization, and auditing. When confidentiality is compromised, unauthorized individuals gain access to systems or data. When integrity is compromised, unauthorized individuals can modify systems or data. When availability is compromised, unauthorized individuals can disruption of application or web availability, affecting access timing and uninterrupted access.

Pega Platform security features

Pega Platform provides powerful capabilities for implementing security in your applications, especially when you deploy guardrail-compliant applications. The Pega Platform model-driven architecture helps you to secure applications in most cases by configuring built-in features, and you do not need to rely on custom code built by developers who are not security experts.

Other Pega Platform security components

In addition to features that explicitly accomplish authentication, authorization, and auditing, other Pega Platform components represent important policies, assets, and safeguards to use with these features.

Certificate, key, and token management: The management of these important assets is critical to the secure functioning of other security features.
Confidentiality and encryption: The confidentiality of your sensitive data at rest, in transit, and in use is extremely important. Pega Platformuses state-of-the-art encryption features that allow you to secure sensitive information at any point in a business process.

Virus checking: Pega Platform allows your application to link to a third-party virus checking program before processing any email or attachment.
Content security policies (CSP): Use CSP to lock down your application to mitigate the risk of content injection vulnerabilities (such as cross-site scripting) and reduce the privileges required to run your application.