Skip to main content
Verify the version tags to ensure you are consuming the intended content or, complete the latest version.

Understanding security basics

Pega Platform™ provides protection against a range of security risks, whether they occur accidentally or are the result of malicious intent. Use its features for authentication, authorization, encryption, and auditing to effectively secure and monitor your application.

Information technology organizations are increasingly concerned about the security of applications and data. Security breaches that affect an organization can have serious consequences, such as reputational damage, loss of customers, erosion of customer trust, and potential legal and financial repercussions.

The primary objective of security is to ensure availability, integrity, and confidentiality by implementing measures such as authentication, authorization, encryption, and auditing. Availability ensures that authorized users can access the systems and resources they require. Even brief disruptions in system availability can result in revenue loss, customer dissatisfaction, and harm to the organization's reputation. Malicious activities, such as denial-of-service (DoS) attacks and network intrusions, can jeopardize availability, leading to increased application downtime and restricted data access. When integrity is compromised, unauthorized individuals can alter systems or data. When confidentiality is breached, unauthorized individuals gain access to systems or data.

Application security levels in Pega Platform

Application security in Pega Platform is configured on three levels: 

  • Data in transit 
  • Data at rest 
  • Data on display 

Data in transit

Transport-level security secures data in transit for browser-based sessions, while authentication profiles secure data for connectors and services. Transport Layer Security (TLS), formerly known as Secure Socket Layer (SSL), provides point-to-point security by securing data only when it is in transit. To achieve end-to-end security, application-level security is necessary, which complements Transport Layer Security. The configuration of application-level security depends on the software used to build the application. For example, an XML signature can be used for user identity to access application data.  

Data at rest

Data at rest is secured using an encryption mechanism provided by the database vendors and providers. Pega Platform also supports encryption of individual database columns through its built-in encryption feature, using the Advanced Encryption Standard.  

Data on display

Data on display is secured through several methods. Role-Based Access Control (RBAC) restricts access to data pages based on user privileges. Attribute-Based Access Control (ABAC) allows for encryption of specific data properties and automatic decryption for selected read operations.

Check your knowledge with the following interaction:

This Topic is available in the following Module:
If you are having problems with your training, please review the Pega Academy Support FAQs.

Did you find this content helpful?

Yes
No

Want to help us improve this content?
Suggest an edit

We'd prefer it if you saw us at our best.

Pega Academy has detected you are using a browser which may prevent you from experiencing the site as intended. To improve your experience, please update your browser.

Close Deprecation Notice