OnBase: Document Management Security
Know that Your Critical Document Information Is Secure in Every State
OnBase document management software is designed to be secure, from inception through release and beyond. Protecting your sensitive data and critical information is of paramount importance.
From design through post-launch support, security is a priority at every step of the OnBase lifecycle. Security highlights:
- Security functionality is standard, whether deployed on-premises or in the cloud
- Administrators can easily configure enhanced security measures
- Hyland has a dedicated application security team
Natively Secure Platform
Every OnBase developer and tester in the Hyland R&D department undergoes training in secure development and penetration testing practices. As new vulnerabilities are identified and new attack vectors are discovered, the dedicated security team provides additional training to make sure you’re always protected against the latest threats.
The security of each OnBase release is further ensured as the security team shepherds the product through our security-focused development process based on principles from Microsoft’s Secure Development Lifecycle (SDL) including:
- Mandatory security gates
- Threat modeling
- Code review
- Static and dynamic analysis scans
- Manual penetration testing (internal and external)
Protected Information in Every State
OnBase keeps your document security protected at all times, guarding it from unauthorized access while it isn’t actively being used; as it’s transported between servers; and as it’s used.
- At Rest: data, including keyword values, can be encrypted using strong, industry-tested algorithms (AES-128 or AES-256)
- In Transit: full Transport Layer Security (TLS) support protects communication of data between client and server, and an AES-128 encrypted connection can be used to render data unusable if intercepted as it’s being written to the file system
- In Use: session timeouts and masked keyword values keep your data safe from prying eyes even while it’s being accessed by legitimate users
Configurable Security Options
OnBase is pre-configured to be secure from the first time ISSI installs it for you. The security is inherent, whether it’s deployed on-premises or in the cloud. OnBase is also capable of integrating with other external security systems, including single sign on integrations like Active Directory (AD) and Lightweight Directory Access Protocol (LDAP).
Built-in security features include:
- Strict password policies with configurable complexity, rotation, and lockout requirements
- Granular rights management which limits users’ access exclusively to authorized data
- Security keywords that allow administrators to further restrict access based on document metadata
In addition to strong native security, there are numerous enhanced security measures that OnBase admins can configure in their solution. OnBase has the ability to provide:
- Encrypted disk groups and encrypted keywords to protect your data directly at the database and file system levels
- Distributed disk services that protect your data as it’s written to the file system and can act as a layer to aid in the protection against ransomware attacks
- Digital signatures to alert users to unauthorized content modification