Pega Platform protects you against a wide variety of security risks, whether inadvertent or malicious. Use the platform features related to authentication, authorization, and auditing to protect and monitor the use of your application.
Security failures can expose your organization to severe consequences, such as a negative perception of your organization’s reputation, customer loss, lack of customer trust, and potential legal and financial penalties.
Goal of security
The goal of security is to maintain availability, integrity and confidentiality. This goal is primarily accomplished by implementing authentication, authorization, and auditing. When confidentiality is compromised, unauthorized individuals gain access to systems or data. When integrity is compromised, unauthorized individuals can modify systems or data. When availability is compromised, unauthorized individuals can cause disruption of application or web availability, affecting access timing and uninterrupted access.
The combination of an evolving regulatory environment and threat landscape have put a burden on customer engagement and digital process automation teams. Critical business systems have become more interconnected and need to maintain increasingly sensitive data as regulations expand.
Pega Platform security features
Pega Platform provides powerful capabilities for implementing security in your applications, especially when you deploy guardrail-compliant applications. The Pega Platform model-driven architecture helps you to secure applications in most cases by configuring built-in features, and you do not need to rely on custom code built by developers who are not security experts.
Other Pega Platform security components
In addition to features that explicitly accomplish authentication, authorization, and auditing, other Pega Platform components represent important policies, assets, and safeguards to use with these features.
- Certificate, key, and token management
- The management of these important assets is critical to the secure functioning of other security features.
- Confidentiality and encryption
- The confidentiality of your sensitive data at rest, in transit, and in use is extremely important. Pega Platform uses state-of-the-art encryption features that allow you to secure sensitive information at any point in a business process.
- Virus checking
- Pega Platform allows your application to link to a third-party virus checking program before processing any email or attachment.
- Content security policies (CSP)
- Use CSP to lock down your application to mitigate the risk of content injection vulnerabilities (such as cross-site scripting) and reduce the privileges required to run your application. Pega Platform only sends these headers on dynamic content requests, not static content requests.
- For more information, see: