In everyday life, we all like to feel safe. The same naturally applies to the applications we build. Security and privacy are therefore topics to which Pega gives high priority. They do this by means of an Integrated Application Security Checklist, among other things. In this blog, Arun Singh talks about what this means and what else Pega does to ensure the security of your Pega application.
Application and data security are often the topic of conversation in large organisations these days. Poor or faulty security can prevent certain applications from being implemented. The model-driven architecture of the Pega Platform allows users to secure applications through built-in features. This eliminates the need to rely on custom code built by developers who are not security experts.
“With changing regulations and the threat landscape, it is extremely important for organisations today to keep their applications secure. Securing applications against attacks is critical to avoid negative customer perception and possible regulatory penalties,” Arun said.
Purpose of security
The first goal of security is to prevent loss of confidentiality. Unauthorised persons must be prevented from accessing data or systems. It is also important to protect integrity. This means that systems and data cannot be modified by unauthorised persons. Finally, availability should be considered. This means that there should be no unacceptable delays in accessing data and systems.
Arun: “Confidentiality, integrity and availability are part of a model designed to guide information security policies in an application. These three elements are inputs to define the policies, standards and procedures of the Pega security framework. This is then realised through the implementation of access control, availability control and audit management.
- Access control: Preventing unauthorised access to systems and data
- Availability control: Preventing attacks on systems that affect the confidentiality, integrity or availability of Pega environments
- Audit management: avoiding costly and time-consuming audits to determine the source or impact of a security event.”
The Pega security Checklist
The Pega Security Checklist is the key feature of the Pega Platform that helps customers strengthen their applications and systems. The security checklist contains Pega’s best practices for securely deploying applications. It also indicates when each task should be performed; at the start of development, on an ongoing basis or just before deployment.
Arun: “Pega’s Security Checklist also helps protect the confidentiality, integrity and availability of the application throughout the process. It also ensures that expensive rework is avoided by indicating in time when a task needs to be performed during development.”
Pega takes system and application security extremely seriously. Besides the Pega Security Checklist, it always shows the overall completion of tasks concerning security on the Dev Studio home page and has built-in ways to track the status of each task. In this way, Pega supports users in tracking the completion of tasks in the Security Checklist. Still, customers and application administrators also have responsibilities that are essential for implementing secure applications, according to Arun:
“During application development, system architects should pay special attention to keeping application security compliant and regularly checking security alert logs. In addition, the focus should be on securing access to services and defining appropriate roles and privileges. This can limit access to parts of the application.”