OnBase security

A secure, protected environment for your critical information 

OnBase is designed to be secure. Protecting your sensitive data and critical information is of paramount importance, and it’s a job we take seriously. 

From design through post-launch support, security is a priority at every step of the OnBase lifecycle. 

Natively secure platform 

At Hyland, every developer and tester in our R&D department undergoes training in secure development and penetration testing practices during onboarding. As new vulnerabilities are identified and new attack vectors are discovered, our dedicated security team provides additional training to make sure you’re always protected against the latest threats. 

The security of each OnBase release is further ensured as our security team shepherds the product through our security-focused development process — based on principles from Microsoft’s Secure Development Lifecycle (SDLC v3) including:  

  • Mandatory security gates 
  • Threat modeling 
  • Code review 
  • Static and dynamic analysis scans 
  • Manual penetration testing (internal and external) 

Protected at every data state 

OnBase keeps your documents securely protected at all times, guarding from unauthorized access while at rest, during transit between servers and while in use: 

  • At rest: Data, including keyword values, can be encrypted using strong, industry-tested algorithms (AES-128 or AES-256). 
  • In transit: Full Transport Layer Security (TLS) support protects communication of data between client and server, and an (AES-128  or AES-256) encrypted connection can be used to render data unusable if intercepted as it’s being written to the file system.  
  • In use: Session timeouts and masked keyword values keep your data safe from prying eyes even while it’s being accessed by legitimate users. 

Configurable security options 

OnBase security is inherent, whether it’s deployed on-premises or in the cloud. OnBase is also capable of integrating with other external security systems, including single-sign-on integrations like Active Directory (AD) and Lightweight Directory Access Protocol (LDAP), or with unified, federated authentication providers of choice. That's the case whether you’re using on-premises authentication services or cloud-hosted identity providers 

Built-in security features include: 

  • Strict password policies with configurable complexity, rotation and lockout requirements 
  • Granular rights management that limits users’ access exclusively to authorized data 
  • Security keywords that allow administrators to further restrict access based on document metadata

In addition to strong native security, there are numerous enhanced security measures that OnBase admininstrators can configure in their solution. OnBase has the ability to provide: 

  • Encrypted disk groups and encrypted keywords to protect your data directly at the database and file system levels 
  • Distributed disk services that protect your data as it’s written to the file system and can act as a layer to aid in the protection against ransomware attacks 
  • Digital signatures to alert users to unauthorized content modification 

Contact us today to learn more about how OnBase can meet your security needs.