Application data encryption Risk

MAX0716 · July 2, 2024, 8:05am

We are planning to implement an application data encryption mechanism in the Pega cloud environment. We are currently evaluating whether it is suitable to proceed with the Pega platform/KMS or to create a custom cipher. Do you have any suggestions for this?

Additionally, we are concerned that if something were to happen to the encryption key, it would not be possible to decrypt the data. Is it possible for scenarios like this to occur? Are there any other potential risks associated with this?

Thank You

MarijeSchillern · July 19, 2024, 4:42pm

@MAX0716

Pega Platform provides robust data encryption capabilities. It is recommended to use the platform cipher with a key management service (KMS) like AWS KMS, Microsoft Azure Key Vault, HashiCorp Vault, or Google Cloud KMS. This approach provides an additional layer of security and makes it easier to comply with privacy policies, regulatory requirements, and contractual obligations for handling private data.

Creating a custom cipher is complex and requires careful testing and assistance from Global Customer Support staff. It also makes it difficult to support best practices such as key rotation. Therefore, it is recommended to use a custom cipher only when your organization’s security standards require the use of a cipher that is different from the Pega Platform cipher.

Regarding your concern about the encryption key, it is indeed a critical aspect. If the key is lost or compromised, it could lead to data loss as the data cannot be decrypted. Therefore, it is crucial to manage and protect encryption keys effectively.

Potential risks include the unavailability of the customer master key in some situations and data loss when switching between cipher types. Therefore, it is important to activate the new keystore before deleting or disabling the active Customer Master Key and not to delete the original custom cipher or encryption keys when switching between cipher types.

This is a GenAI-powered tool. All generated answers require validation against the provided references.

Key management system for application data encryption

Encrypting application data

Potential problems with keystores when using AWS KMS

Encryption > Custom Cipher

Conversation		Replies	Views
PEGA Platform generated master key Details & who will have access to it? General pega-platform , lead-system-architect , pega-cloud , financial-services	3	535	November 2, 2020
Pega Platform 8.8.3 - Encrypting system data by using a custom key management service General pega-platform , senior-system-architect , security , 8-8-3	11	323	November 14, 2025
Encrypt data using Attribute-Based Access Control (ABAC) Knowledge Share account-executive , consulting-solution-executive , pega-delivery-leader , sales-consultant , sales-manager , senior-system-architect , business-architect , solutions-consultant , solutions-consulting-manager , solutions-engineer , system-architect , lead-system-architect , experience-designer , citizen-developer , team-lead , ui-solutions-developer , low-code-app-development , reporting , security , system-administration , case-management , cloud-services , data-integration , devops , project-delivery , enterprise-application-development , data-management , data-model , financial-services , manufacturing , government , insurance , cross-industry , other-industry , consumer-services , communications-and-media , healthcare-and-life-sciences , all-products , pega-infinity , system-cloud-ops-administrator , dev-designer-studio	14	2268	January 13, 2026
Application data encrypt using Azure KMS Key Vault General security , 24-1	1	140	July 19, 2024
Encrypting system data by using a custom key management service - Failed to add keystore to cache General pega-platform , solutions-consultant , security	12	456	October 3, 2025

Application data encryption Risk

Related topics