OnBase is designed to be secure—from inception through release and beyond. Protecting your sensitive data and critical information is of paramount importance, and it’s a job we take seriously.
From design through post-launch support, security is a priority at every step of the OnBase lifecycle.
Natively Secure Platform
At Hyland, every developer and tester in the R&D department undergoes training in secure development and penetration testing practices during onboarding. As new vulnerabilities are identified and new attack vectors are discovered, their dedicated security team provides additional training to make sure you’re always protected against the latest threats.
The security of each OnBase release is further ensured as the security team shepherds the product through our security-focused development process – based on principles from Microsoft’s Secure Development Lifecycle (SDL) including:
- Mandatory security gates
- Threat modeling
- Code review
- Static and dynamic analysis scans
- Manual penetration testing (internal and external)
Protected at Every Data State
OnBase keeps your information secure at all times, protecting it from unauthorised access while it isn’t actively being used; as it’s transported between servers; and as it’s used.
- At rest: Data, including keyword values, can be encrypted using strong, industry-tested algorithms (AES-128 or AES-256).
- In transit: Full Transport Layer Security (TLS) support protects communication of data between client and server, and an AES-128 encrypted connection can be used to render data unusable if intercepted as it’s being written to the file system.
- In use: Session timeouts and masked keyword values keep your data safe from prying eyes even while it’s being accessed by legitimate users.
Configurable Security Options
OnBase is pre-configured to be secure—the first time you install it, right out of the box. The security is inherent, whether it’s deployed on-premises or in the cloud. OnBase is also capable of integrating with other external security systems, including single sign on integrations like Active Directory (AD) and Lightweight Directory Access Protocol (LDAP).
Built-in security features include:
- Strict password policies with configurable complexity, rotation, and lockout requirements
- Granular rights management which limits users’ access exclusively to authorised data
- Security keywords that allow administrators to further restrict access based on document metadata.
In addition to strong native security, there are numerous enhanced security measures that OnBase admins can configure in their solution. OnBase has the ability to provide:
- Encrypted disk groups and encrypted keywords to protect your data directly at the database and file system levels
- Distributed disk services that protect your data as it’s written to the file system and can act as a layer to aid in the protection against ransomware attacks.
- Digital signatures to alert users to unauthorised content modification