Scribd
Upload
74 views

Onbase: A Secure, Protected Environment: Critical Information Secure at Every Data State

Uploaded by

kingsoft
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
74 views

Onbase: A Secure, Protected Environment: Critical Information Secure at Every Data State

Uploaded by

kingsoft
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 3

Product Overview | Security

OnBase: a Secure,
Protected Environment
Critical information secure at every data state

Security functionality is standard, OnBase is designed to be one of the most secure enterprise information platforms
whether deployed on-premises on the market. Our dedication to security gives our customers peace of mind in
the confidentiality, integrity and availability of their data. 
or in the cloud
OnBase is developed with security in mind—from inception through release and
Administrators can easily beyond. Hyland employs a dedicated application security team that is tasked with
configure enhanced security carrying out advanced security practices on the software as well as training and
measures consulting company-wide on security-related matters.

Together, these practices ensure that customers’ critical information is secure at


Hyland has a dedicated application every data state: at rest, in transit and in use.
security team

1 2 3
INFORMATION IS NATIVELY SECURED AND CAN BE ENCRYPTED:

AT REST IN TRANSIT IN USE


While not actively in use Being transported Currently accessed by
between servers and authorized users
within the database

Authorized
Encrypted Encrypted User
Traffic Traffic

Web Application
Server Server
File Server Database

Unauthorized
User
No one can access private data outside
of OnBase.
Even if data is intercepted in transit, Only authorized users can access
Even if the network is broken into, there encryption ensures that the information information, as configured by the
are additional levels of protection. can’t be used. administrator.
HOW DOES THIS WORK?

1 2 3
AT REST IN TRANSIT IN USE
All data stored in the Transport Layer Security, Configurable session
system can be encrypted or TLS, is supported to timeouts prevent
with AES-256 or AES-128 protect communication unauthorized users from
(Advanced Encryption of data. OnBase always accessing any data on a
Standard, or AES). supports the latest user’s screen after a
version of TLS. specific amount of
Keyword values, used to classify time has passed (without signing
specific documents in the database, OnBase Distributed Disk Services, in using valid credentials and re-
can also be encrypted with AES-256 or DDS, uses an AES-128 encrypted authenticating OnBase).
or AES-128. Should the database be connection to ensure that if traffic is
accessed by an unauthorized user, the intercepted, data will be unreadable Keyword values may be masked,
keywords will be unreadable. and unusable. preventing unauthorized users from
viewing sensitive data.
Data exported to removable media, like
a CD or DVD, can also be encrypted.

Security Throughout Product Development


Hyland considers application security in every step of the product development
RESEARCH DEVELOPMENT
process, including research, development, design and support. Hyland’s development
process is informed by a security lifecycle program that was started by Microsoft,
influenced by best practices and customized for Hyland. It integrates security into
PRODUCT
DEVELOPMENT each development phase.

Throughout the development process, built-in ‘gates’ require the security team to
sign off on development before the next phase can begin. The last gate is directly
SUPPORT DESIGN
before launch.

Threat modeling and risk assessments are performed throughout the entire process,
allowing the team to proactively identify and address any potential issues.

Support Through Launch and Beyond


Hyland considers the post-launch phase to be an essential element of the product
lifecycle, and continues to provide support by proactively monitoring, identifying
and remediating any security concerns that may arise after OnBase is launched.

To continuously test for vulnerabilities, exploits, vectors and bugs, the team uses
various methods including:
• Secure development practices
• Automated security scanning
• Manual penetration testing

If a vulnerability or issue is identified, the Hyland security team is alerted.


The team reviews, prioritizes and fixes the issue, and then communicates with
OnBase customers so they can immediately remediate.
“OnBase has document level security, allowing you to restrict
down to the smallest minute detail what users could do, as far
as: can they view it, can they print it, can they email it? No one
else had that functionality.”
- Eric Olson, Director of Administration, Houston Police Officers’ Pension System

Dedicated Security Team


Hyland has a dedicated application security team that expertly monitors the
security of the OnBase product, continually searching for new ways to proactively
enhance security. The team provides extensive initial and ongoing training to
the entire R&D staff—including both developers and testers. They also render
security expertise and consultation to the company at large.

Built-In Security
Security functionality comes standard with OnBase, whether it is deployed
on-premises or in the cloud. These access controls include strict policies with
configurable complexity requirements; granular rights management that enables
admins to control access to every part of the system, to ensure that users can
only access data they are authorized to see; and security keywords that ensure
unauthorized users cannot see any data associated with a keyword they don’t
have clearance to access.

Enhanced Measures
Administrators can easily configure enhanced security measures in their OnBase
deployments. They can use encrypted disk groups and encrypted alphanumeric
keywords, both using AES-256 or AES-128 encryption. Distributed disk services can
also be used to protect data from being read if intercepted, using AES-128 encryption.
Digital signatures can be used to alert users to unauthorized content modification
after a document has been signed.

Seamless Integrations
OnBase integrates with other external security systems to create a seamless
experience for your users. Single sign-on (SSO) integrations include Active
Directory (AD), Active Directory Federation Services (ADFS), Security Assertion
Markup Language (SAML) and Lightweight Directory Access Protocol (LDAP).
Permissions in AD and LDAP solutions can also be replicated in OnBase.

Learn more at OnBase.com/Security »

©2017 Hyland Software, Inc. All rights reserved. 03012-01501

You might also like