Security assets and the environment
Beyond authentication, authorization, and auditing, Pega Platform offers many other security features that you can configure, such as encryption, HTTP response headers, and Web Service Security profiles. Use these features to ensure that your system is as secure as possible.
- Encrypting data
To make your data more secure, you can select the type of encryption to use in your application to encrypt and decrypt passwords, properties, and BLOBs.
A keystore is a file that contains keys and certificates that you use for encryption, authentication, and serving content over HTTPS. In Pega Platform, you create a keystore data instance that points to a keystore file.
- Encrypting system data by using a custom key management service
You can encrypt system data by using an encryption key that is sourced from a custom key management service that is accessed from a data page. You source a key in this way when you use a key management service that is not one of the supported keystore platforms.
- Changing the default keystore caching settings
You can change the values of the KeyStoreCacheExpireTime and KeyStoreCacheSize settings to control how often the keystore cache is refreshed and to restrict cache size. The lower the values, the less memory is used, but processing power is reduced.
- Importing an X.509 certificate
You can import X.509 certificates that are defined in keystore instances of type JKS or PKCS12. They become active without your having to restart the server.
- Securing your application for mashup communication
If you use the mashup feature to embed Pega Platform content in an external application, define the external URLs that are allowed to access Pega Platform so that the host page can communicate with the mashup gadget page.
- Securing an Activity
You can better protect your application by limiting how an Activity can be executed and who may execute it by configuring Activity-specific access control.
Authentication in Pega Platform ensures that only users and systems whose identity has been verified can access your applications. Authentication in Pega Platform includes user logins, platform requests to external services, and external service requests to the platform. You can also authenticate by using an external identity provider.
Authorization in Pega Platform ensures that after users log in, they have access to only the platform features and data that they need for their work. Pega Platform offers three types of authorization: role-based access control, attribute-based access control, and client-based access control. You can use these authorization features together to provide the strictest level of control.
Pega Platform tracks many types of security events such as failed logins and password changes. You can optionally track many other types of security events, as well as changes to rules and data. By tracking these changes, you can understand how your system is functioning and be alerted of any potential problems.
- Preparing your application for secure deployment
Use the Application Security Checklist to prepare your application for deployment. By completing the tasks on this checklist, you can safeguard sensitive data and improve the security of your application.
- Security guidelines for test environments
As a best practice, configure the application server in your test environment to mirror a production environment configuration.
Pega Platform protects against a wide variety of security risks. Use the platform features related to authentication, authorization, and auditing to protect and monitor the use of your application. Pega Platform protects you against adverse security events, whether they be inadvertent or malicious.