Security Architecture Overview
Prisme.ai’s Apps Marketplace is built with a security-first approach that protects sensitive information while enabling powerful integrations:Isolated Execution
Apps run in isolated environments with controlled access to resources
Encrypted Credentials
Authentication details are encrypted at rest and in transit
Granular Permissions
Fine-grained access controls determine who can use which apps
Audit Logging
Comprehensive logging of all app installation, configuration, and usage
Credential Management
The Apps Marketplace includes a secure credential management system that protects authentication information:1
Encrypted Storage
All credentials (API keys, passwords, tokens, etc.) are encrypted using industry-standard algorithms before being stored
2
Secure Access
Credentials are only accessible to authorized services and users with appropriate permissions
3
No Plain Text Display
Credentials are never displayed in plain text after initial entry, even to administrators
4
Automatic Rotation
Support for automatic credential rotation based on policies or schedules (for compatible services)
5
Centralized Management
Unified interface for managing all integration credentials across the organization
Data Protection
When apps process and transfer data, several protective measures ensure security:Data in Transit
Data in Transit
All communication between Prisme.ai and integrated services is protected:
- TLS encryption for all data in transit
- Certificate validation to prevent man-in-the-middle attacks
- Modern cipher suites and security protocols
- HTTP security headers for web-based integrations
Data at Rest
Data at Rest
Information stored within the platform is protected through:
- Encryption of all sensitive data
- Secure key management
- Regular security assessments and penetration testing
- Data minimization practices
Data Processing
Data Processing
During processing, data is protected through:
- Isolated execution environments
- Memory protection
- Controlled access to resources
- Input validation and output sanitization
Access Control Model
The Apps Marketplace implements a comprehensive access control model:Organizations can control which apps can be installed:
- Allow or block specific apps
- Require approval for installation requests
- Limit installation capabilities to specific roles
- Create allowlists of approved apps
Integration Risk Assessment
When adding new integrations, Prisme.ai helps organizations assess and mitigate risks:1
Initial Assessment
Evaluate the security posture of the service being integrated:
- Review security certifications and compliance
- Assess data handling practices
- Consider the sensitivity of data being exchanged
2
Permission Scoping
Define the minimum permissions required:
- Use the principle of least privilege
- Request only necessary access scopes
- Limit data access to what’s essential
3
Implementation Review
Validate the security of the implementation:
- Review authentication mechanisms
- Verify data handling practices
- Check for appropriate error handling
4
Ongoing Monitoring
Continuously assess integration security:
- Monitor for unusual activity
- Regularly review access and usage
- Update configurations as needs change
Security Best Practices
Follow these recommendations to maintain the security of your app integrations:Credential Management
Credential Management
- Use dedicated API keys for each integration when possible
- Rotate credentials regularly
- Implement the most secure authentication method available
- Use service accounts with minimum necessary permissions
- Consider using OAuth flows rather than static credentials
- Store sensitive configuration outside source control
- Implement API key expiration and rotation policies
Data Handling
Data Handling
- Limit the data exchanged to what’s necessary
- Implement data classification to identify sensitive information
- Apply appropriate controls based on data sensitivity
- Use field-level security to protect specific attributes
- Consider data anonymization or pseudonymization when appropriate
- Validate and sanitize all data inputs and outputs
- Apply encryption for highly sensitive data
Monitoring and Incident Response
Monitoring and Incident Response
- Enable audit logging for all integration activities
- Set up alerts for unusual access patterns
- Regularly review integration usage
- Establish procedures for responding to suspicious activities
- Create a process for emergency credential revocation
- Conduct periodic security reviews of integrations
- Test security incident response plans
Compliance Considerations
Compliance Considerations
- Identify regulatory requirements applicable to your integrations
- Document compliance controls for each integration
- Include integrations in security assessments and audits
- Consider data residency and sovereignty requirements
- Review vendor contracts and terms of service
- Maintain data processing agreements when required
- Update security controls as regulations evolve
App Approval Workflow
For organizations requiring strict control over app usage, Prisme.ai provides a configurable approval workflow:1
Request Submission
Users request access to specific apps, providing business justification
2
Security Review
Security teams assess the risks and appropriate controls
3
Approval Decision
Designated approvers review and decide on the request
4
Implementation
Upon approval, the app is installed with appropriate controls
5
Documentation
The approval, including justification and controls, is documented
Internal Marketplace Security
For organizations maintaining their own internal marketplace:App Review Process
Establish a formal process for reviewing and approving custom apps
Security Requirements
Define security standards that all custom apps must meet
Secure Development
Implement secure development practices for custom integrations
Regular Assessment
Periodically review and update internal apps for security
Security Features for Common Integration Types
- Support for modern authentication protocols (OAuth 2.0, JWT, etc.)
- Automatic handling of token refresh and expiration
- Secure storage of API credentials
- Rate limiting and throttling protection
- Request and response validation