Blue Prism
Security

A digital workforce as secure as it is robust

Security, privacy, and compliance are at the core of our development ethos. Our intelligent automation platform was designed using the latest in security standards and protocols, and we continue to enhance our methods and processes to keep you safe from the latest threats.

Security 550x500px 01

SS&C Blue Prism - Delivering Security Excellence

We deliver security excellence through our Defence in depth approach. This means we focus on security at every layer - software, infrastructure, and applications. This approach is supported by the four Es: education, evaluation, elimination, and evolution

We embody these values in three main areas:

• Company-level Security – all employees undergo mandated information security training. We also implement controls to ensure data and systems are only accessed by those who need it
• Application Security – we aim to prevent security vulnerabilities by identifying them as early as possible in the development lifecycle.
• Cloud Operations Security – continuous scanning and monitoring helps us maintain security beyond deployment.

At a glance

Over 60,000 SCA scans in the last 30 days

100% coverage across the Blue Prism-developed product portfolio

Accreditations

Security Strategy

Company-level security

At SS&C Blue Prism, we build on secure foundations. We mitigate the risk of breaches by using the latest in data and information security tools and practices. Our policies and procedures are built on ISO270001 and Cyber Essentials guidelines.

Application Security

People

To ensure our developers have the right level of expertise to build enterprise-grade solutions, we have introduced the “Secure Code Warrior” education platform. This program provides developers with a number of essential modules they need to pass before they can start building in production environments.

The content is aligned to industry standards and regulations such as NIST, OWASP, and PCI.

Process

For many organisations, security is an afterthought, however early detection forms the foundation of our approach so we catch issues before they become problems. We do this by implementing static application security testing (SAST) earlier. This drastically reduces the number of bugs and vulnerabilities in our codebase and therefore we can deploy quicker with the confidence that critical issues won’t arise and cause code patches or redevelopment. Virtual gateways are an additional security measure, ensuring every new branch of code can only be pushed to production if it passes an automatic scan.

We also use Software Composition Analysis (SCA), which examines the components of our products that come from other sources. To make sure they are secure, our developers scan and cross-check new components with their dependencies against top vulnerability databases before using them. In order to safeguard our software and clients, we also keep an eye on third-party repositories, which serves as an early warning system.

Technology

In addition to SAST and SCA we partner with multiple award-winning security specialists. These organisations are trusted by the likes of Google, Facebook, and Salesforce and demonstrates our focus on using best-in-class tools and vendors. These partners support us with internal and 3rd party vulnerability identification and management.

Cloud Operations Security

We employ a comprehensive set of controls and monitors, which are implemented according to industry best practice, such as the NIST risk management framework. We continually evolve our controls to target vulnerabilities as part of our risk management and platform compliance governance activities.

The Cloud Operations Security team are responsible for continuously scanning and monitoring all code post-deployment and if any issues are identified, these can be remediated by Development before security updates are then issued.

Guarding against vulnerabilities

We have identified a potential vulnerability in our product – click here for full details. We are working closely with a leading security organization on resolving this matter.

The risk of exploitation is significantly reduced when following our installation instructions, which adhere to industry best practice.

To prevent such issues from affecting your digital workforce, we recommend:
• Applying available patches and risk mitigations detailed here
• Taking a Defense in Depth approach. This approach prescribes customers have layers of security for their software, infrastructure, and applications. This involves monitoring and restricting traffic, and detecting unexpected behavior, and blocking and investigating the behavior when it occurs

You can also take additional steps to protect yourselves further by:
• Upgrading to the latest version of Blue Prism – download it now
• Migrating to our cloud offering where we host, secure, and maintain the service for you. Discover Blue Prism Cloud.

ALM Features Feature 300x225 88

SS&C Blue Prism's Secure Development Process

This describes the methodologies and best practices undertaken by SS&C Blue Prism during software development and maintenance.

Learn more
Illustration of Digital Exchange on a laptop

ROM security guidelines

Read our best practice guidelines to help increase security.

Learn more