Skip to main content
Verify the version tags to ensure you are consuming the intended content or, complete the latest version.

Understanding security basics

Pega Platform™ protects you against a wide variety of adverse security risks, whether accidental or malicious. Use the features that are related to authentication, authorization, and auditing to protect and monitor the use of your application.

Application and data security are major concerns for information technology organizations.

Security failures can expose your organization to severe consequences, such as a negative perception of your organization’s reputation, customer loss, lack of customer trust, and potential legal and financial penalties.

The goal of security is to maintain availability, integrity, and confidentiality. This goal is primarily accomplished by implementing authentication, authorization, and auditing. When confidentiality is compromised, unauthorized individuals gain access to systems or data. When integrity is compromised, unauthorized individuals can modify systems or data. Availability means that authorized users have access to the systems and the resources they need. Disruption of system availability for even a short time can lead to loss of revenue, customer dissatisfaction, and reputation damage. When availability is compromised, it causes more application downtime and lack of access to data due to malicious actions such as denial-of-service (DoS) attacks and network intrusions.

Application-level security versus Transport Layer Security

Secure Socket Layer (SSL), now known as Transport Layer Security (TLS), can provide point-to-point security. TLS provides security to the data only when it is in transit but not at all times. To obtain end-to-end security, you need application-level security. Application-level security compliments Transport Level Security.

Configuration of application-level security depends upon the software used to build that application (for example, using XML signature (user identity) to access the application data).

Application security levels in Pega Platform

Application security in Pega is configured at three levels:

  • Data in transit
  • Data at rest
  • Data at display

Data in transit is secured with transport-level encryption for browser-based sessions and authentication profiles for connectors and services.

Data at rest is secured with an encryption mechanism provided by the database vendors/providers. Pega supports encryption of individual database columns as well; Pega has in-built encryption capability to encrypt data using advanced encrypt standard.

Data at the display is secured by defining access control policies based on roles and attributes.

This Topic is available in the following Module:
If you are having problems with your training, please review the Pega Academy Support FAQs.

Did you find this content helpful?

Yes
No

100% found this content useful

Want to help us improve this content?
Suggest an edit

We'd prefer it if you saw us at our best.

Pega Academy has detected you are using a browser which may prevent you from experiencing the site as intended. To improve your experience, please update your browser.

Close Deprecation Notice