Security

Basic Security

Basic Blue Prism security can be achieved by implementing the following configuration. Please note, this is not an exhaustive list and there is additional configuration to further harden your Blue Prism environment.

  • Use Windows Authentication rather than Mixed Mode Authentication on your MSSQL Database

  • Host Encryption Keys on your Application Server(s), not the Database.

  • Use SSO Authentication over Blue Prism Native Authentication. (The distinct either\or concept is deprecated as of Blue Prism Version 7.1).

  • When using Windows Authentication any Service accounts used should have the least privilege required.

  • Configure Authentication for your Digital Workers and disable 'Allow anonymous public Runtime Resources'.

  • Use one of the ‘Secure’ Connection Modes.

  • Install a Firewall around your Blue Prism environment. Ensure only the necessary users and applications have access through the firewall.

  • Ensure your Logical Access Model is controlled and fit for purpose.

  • Ensure any Blue Prism credentials created are granted the minimum viable access rights

  • Encrypt Work Queues.

  • Host all components in the same VLAN and Data Centre​.

  • Overall, ensure the Blue Prism environment is secure, with only authorized users allowed to access the hardware and application.

 

Database Security 

Basic database security can be achieved by employing the following two simple practices. 

Data In transit

Ensure the Application Server to Database connection is secured. This can be done in one of three ways:

  • Configure the Blue Prism database connection to specify that the connection should be encrypted and that server certificates can be trusted without further verification which allows a self-signed certificate on the SQL Server to be leveraged. This can be done by simply adding the following into the 'Additional SQL Connection Parameters': encrypt=true; trustservercertificate=true

  • Install a verifiable server certificate on the SQL Server and configure the SQL instance to force encryption for all connections.

  • Install a verifiable server certificate on the SQL Server and configure the Blue Prism database connection to specify that the connection should be encrypted.

Data at rest

Transparent Data Encryption. TDE can be easily implemented on a SQL database and ensures that pages are encrypted before they are written to your Blue Prism database. 

 

Encryption Keys

When creating a new Encryption Key there are three choices for the encryption method:

  • AES 256 AesCryptoService​ (Recommended)

  • AES 256 RijndaelManaged​

  • Triple DES (192 bit) (Deprecated)

Related Documentation

Blue Prism 6.7 - Securing Blue Prism Network Connectivity