Skip to main content
Security is a critical consideration when integrating external services and data sources with your Prisme.ai environment. This page outlines the security architecture of the Apps Marketplace, explains how credentials and data are protected, and provides best practices for secure integration management.

Security Architecture Overview

Prisme.ai’s Apps Marketplace is built with a security-first approach that protects sensitive information while enabling powerful integrations:

Isolated Execution

Apps run in isolated environments with controlled access to resources

Encrypted Credentials

Authentication details are encrypted at rest and in transit

Granular Permissions

Fine-grained access controls determine who can use which apps

Audit Logging

Comprehensive logging of all app installation, configuration, and usage

Credential Management

The Apps Marketplace includes a secure credential management system that protects authentication information:
1

Encrypted Storage

All credentials (API keys, passwords, tokens, etc.) are encrypted using industry-standard algorithms before being stored
2

Secure Access

Credentials are only accessible to authorized services and users with appropriate permissions
3

No Plain Text Display

Credentials are never displayed in plain text after initial entry, even to administrators
4

Automatic Rotation

Support for automatic credential rotation based on policies or schedules (for compatible services)
5

Centralized Management

Unified interface for managing all integration credentials across the organization

Data Protection

When apps process and transfer data, several protective measures ensure security:
All communication between Prisme.ai and integrated services is protected:
  • TLS encryption for all data in transit
  • Certificate validation to prevent man-in-the-middle attacks
  • Modern cipher suites and security protocols
  • HTTP security headers for web-based integrations
These measures ensure that data cannot be intercepted or tampered with during transmission.
Information stored within the platform is protected through:
  • Encryption of all sensitive data
  • Secure key management
  • Regular security assessments and penetration testing
  • Data minimization practices
The platform applies the principle of least privilege, storing only necessary information and protecting it with appropriate controls.
During processing, data is protected through:
  • Isolated execution environments
  • Memory protection
  • Controlled access to resources
  • Input validation and output sanitization
These controls prevent unauthorized access to data during processing and protect against injection attacks and other vulnerabilities.

Access Control Model

The Apps Marketplace implements a comprehensive access control model:
  • App Installation Control
  • Usage Permissions
  • Configuration Management
Organizations can control which apps can be installed:
  • Allow or block specific apps
  • Require approval for installation requests
  • Limit installation capabilities to specific roles
  • Create allowlists of approved apps
This ensures that only authorized and approved apps are introduced into the environment.

Integration Risk Assessment

When adding new integrations, Prisme.ai helps organizations assess and mitigate risks:
1

Initial Assessment

Evaluate the security posture of the service being integrated:
  • Review security certifications and compliance
  • Assess data handling practices
  • Consider the sensitivity of data being exchanged
2

Permission Scoping

Define the minimum permissions required:
  • Use the principle of least privilege
  • Request only necessary access scopes
  • Limit data access to what’s essential
3

Implementation Review

Validate the security of the implementation:
  • Review authentication mechanisms
  • Verify data handling practices
  • Check for appropriate error handling
4

Ongoing Monitoring

Continuously assess integration security:
  • Monitor for unusual activity
  • Regularly review access and usage
  • Update configurations as needs change

Security Best Practices

Follow these recommendations to maintain the security of your app integrations:
  • Use dedicated API keys for each integration when possible
  • Rotate credentials regularly
  • Implement the most secure authentication method available
  • Use service accounts with minimum necessary permissions
  • Consider using OAuth flows rather than static credentials
  • Store sensitive configuration outside source control
  • Implement API key expiration and rotation policies
  • Limit the data exchanged to what’s necessary
  • Implement data classification to identify sensitive information
  • Apply appropriate controls based on data sensitivity
  • Use field-level security to protect specific attributes
  • Consider data anonymization or pseudonymization when appropriate
  • Validate and sanitize all data inputs and outputs
  • Apply encryption for highly sensitive data
  • Enable audit logging for all integration activities
  • Set up alerts for unusual access patterns
  • Regularly review integration usage
  • Establish procedures for responding to suspicious activities
  • Create a process for emergency credential revocation
  • Conduct periodic security reviews of integrations
  • Test security incident response plans
  • Identify regulatory requirements applicable to your integrations
  • Document compliance controls for each integration
  • Include integrations in security assessments and audits
  • Consider data residency and sovereignty requirements
  • Review vendor contracts and terms of service
  • Maintain data processing agreements when required
  • Update security controls as regulations evolve

App Approval Workflow

For organizations requiring strict control over app usage, Prisme.ai provides a configurable approval workflow:
1

Request Submission

Users request access to specific apps, providing business justification
2

Security Review

Security teams assess the risks and appropriate controls
3

Approval Decision

Designated approvers review and decide on the request
4

Implementation

Upon approval, the app is installed with appropriate controls
5

Documentation

The approval, including justification and controls, is documented
This process ensures that new integrations are evaluated from a security perspective before being implemented.

Internal Marketplace Security

For organizations maintaining their own internal marketplace:

App Review Process

Establish a formal process for reviewing and approving custom apps

Security Requirements

Define security standards that all custom apps must meet

Secure Development

Implement secure development practices for custom integrations

Regular Assessment

Periodically review and update internal apps for security

Security Features for Common Integration Types

  • API Connectors
  • Infrastructure Apps
  • UI Components
  • Support for modern authentication protocols (OAuth 2.0, JWT, etc.)
  • Automatic handling of token refresh and expiration
  • Secure storage of API credentials
  • Rate limiting and throttling protection
  • Request and response validation

Conclusion

Security is a shared responsibility between Prisme.ai, app providers, and your organization. By following the best practices outlined in this guide and leveraging the platform’s security features, you can safely integrate external services and data sources while maintaining a strong security posture.

Next Steps

Marketplace Overview

Explore the Apps Marketplace structure and features

API Integrations

Learn about connecting to external APIs securely

Extending Apps

Develop secure custom integrations

Compliance

Broader compliance considerations for Prisme.ai
I