Encrypting the storage stream (BLOB)
In Pega Platform, you can encrypt the storage stream (BLOB) by using a platform or custom cipher.
Choose and apply the type of cipher for your implementation of Pega Platform.
- Platform cipher
- Custom cipher
For more information, see Encrypting data and the Pega Community article Creating a custom cipher in Pega Platform.
Update the class forms. Perform the following actions:
Open each class form that is to hold instances that have encrypted Storage Stream values and select the Encrypt BLOB check box on the General tab.
Save the class form.
Repeat steps (a) and (b) for all affected classes.
- Storage stream encryption of selected classes
You can optionally enable encryption of the Storage Stream or BLOB ( pzPVStream ) column for rows in the Pega Platform database that correspond to specific classes.
- Organizing rules into classes
For more efficient management of your applications, organize rules into classes. A class describes a collection of rules or other objects, such as properties, activities, and HTML forms, that are available to other, child classes, or to instances of the class. Pega Platform organizes classes into a hierarchy, in which the system searches from the current class upwards when looking for a rule to apply.
- Encrypting data
To make your data more secure, you can select the type of encryption to use in your application to encrypt and decrypt passwords, properties, and BLOBs.
- Implementing and using the TextEncrypted property type
Single Value, Value List, and Value Group properties can be encrypted by using the Password and TextEncrypted encryption types. Both types produce encrypted or hashed values for the property value within the PegaRULES database, and both types offer some degree of security within the user interface. Another encryption type, PropertyEncrypt, can be used for all properties when your implementation uses attribute-based access control.
- Creating an access control policy
In the access control policy rule form, you define a policy that grants access to an object by evaluating selected conditions. For each rule, you can set one level of access, such as read, update, or delete, and the condition that defines whether the access is granted.