Security, privacy, and compliance are at the core of our development ethos. Our intelligent automation platform was designed using the latest in security standards and protocols, and we continue to enhance our methods and processes to keep you safe from the latest threats.
We deliver security excellence through our Defence in depth approach. This means we focus on security at every layer - software, infrastructure, and applications. This approach is supported by the four Es: education, evaluation, elimination, and evolution
We embody these values in three main areas:
• Company-level Security – all employees undergo mandated information security training. We also implement controls to ensure data and systems are only accessed by those who need it
• Application Security – we aim to prevent security vulnerabilities by identifying them as early as possible in the development lifecycle.
• Cloud Operations Security – continuous scanning and monitoring helps us maintain security beyond deployment.
At SS&C Blue Prism, we build on secure foundations. We mitigate the risk of breaches by using the latest in data and information security tools and practices. Our policies and procedures are built on ISO270001 and Cyber Essentials guidelines.
To ensure our developers have the right level of expertise to build enterprise-grade solutions, we have introduced the “Secure Code Warrior” education platform. This program provides developers with a number of essential modules they need to pass before they can start building in production environments.
The content is aligned to industry standards and regulations such as NIST, OWASP, and PCI.
For many organisations, security is an afterthought, however early detection forms the foundation of our approach so we catch issues before they become problems. We do this by implementing static application security testing (SAST) earlier. This drastically reduces the number of bugs and vulnerabilities in our codebase and therefore we can deploy quicker with the confidence that critical issues won’t arise and cause code patches or redevelopment. Virtual gateways are an additional security measure, ensuring every new branch of code can only be pushed to production if it passes an automatic scan.
We also use Software Composition Analysis (SCA), which examines the components of our products that come from other sources. To make sure they are secure, our developers scan and cross-check new components with their dependencies against top vulnerability databases before using them. In order to safeguard our software and clients, we also keep an eye on third-party repositories, which serves as an early warning system.
In addition to SAST and SCA we partner with multiple award-winning security specialists. These organisations are trusted by the likes of Google, Facebook, and Salesforce and demonstrates our focus on using best-in-class tools and vendors. These partners support us with internal and 3rd party vulnerability identification and management.
We employ a comprehensive set of controls and monitors, which are implemented according to industry best practice, such as the NIST risk management framework. We continually evolve our controls to target vulnerabilities as part of our risk management and platform compliance governance activities.
The Cloud Operations Security team are responsible for continuously scanning and monitoring all code post-deployment and if any issues are identified, these can be remediated by Development before security updates are then issued.
We have identified a potential vulnerability in our product – click here for full details. We are working closely with a leading security organization on resolving this matter.
The risk of exploitation is significantly reduced when following our installation instructions, which adhere to industry best practice.
To prevent such issues from affecting your digital workforce, we recommend:
• Applying available patches and risk mitigations detailed here
• Taking a Defense in Depth approach. This approach prescribes customers have layers of security for their software, infrastructure, and applications. This involves monitoring and restricting traffic, and detecting unexpected behavior, and blocking and investigating the behavior when it occurs
You can also take additional steps to protect yourselves further by:
• Upgrading to the latest version of Blue Prism – download it now
• Migrating to our cloud offering where we host, secure, and maintain the service for you. Discover Blue Prism Cloud.
If your network blocks YouTube, you may not be able to view the video on this page. In this case, please use another device. Pressing play on the video will set third-party YouTube cookies. Please read our Cookies Policy for more information.