Security

Basic Security

Basic Blue Prism security can be achieved by implementing the following configuration. Please note, this is not an exhaustive list and there is additional configuration to further harden your Blue Prism environment.

  • Use Windows Authentication rather than Mixed Mode Authentication on your MSSQL Database

  • Host Encryption Keys on your Application Server(s), not the Database.

  • Use Active Directory Authentication over Blue Prism Native Authentication.

  • Configure Authentication for your Digital Workers

  • Use one of the ‘Secure’ Connection Modes.

  • Install a Firewall around your Blue Prism environment.

  • Ensure your Logical Access Model is controlled and fit for purpose.

  • Encrypt Work Queues.

  • Host all components in the same VLAN and Data Centre​

  • Ensure only the required users have access to the relevant components

 

Database Security 

Basic database security can be achieved by employing the following two simple practices. 

Data In transit

Ensure the Application Server to Database connection is secured. This can be done in one of three ways:

  • Configure the Blue Prism database connection to specify that the connection should be encrypted and that server certificates can be trusted without further verification which allows a self-signed certificate on the SQL Server to be leveraged. This can be done by simply adding the following into the 'Additional SQL Connection Parameters': encrypt=true; trustservercertificate=true

  • Install a verifiable server certificate on the SQL Server and configure the SQL instance to force encryption for all connections.

  • Install a verifiable server certificate on the SQL Server and configure the Blue Prism database connection to specify that the connection should be encrypted.

Data at rest

Transparent Data Encryption. TDE can be easily implemented on a SQL database and ensures that pages are encrypted before they are written to your Blue Prism database. 

 

Encryption Keys

When creating a new Encryption Key there are three choices for the encryption method:

  • AES 256 AesCryptoService​ (Recommended)

  • AES 256 RijndaelManaged​

  • Triple DES (192 bit) (Deprecated)