Idea Details

Security Vulnerability: Communications Feature

Last activity 9 days ago
Carrie Minton's profile image
By: Carrie Minton
06-17-2022 03:54

No Customer Care of JIRA ticket has been opened.

The ask by Morgan Stanley is to have SS&C update Communications to use a 3rd party certificate instead of the self-signed certificate.

The Morgan Stanley CISO team believes this is a security risk and should be remediated by SS&C with either a short-term solution if we can't provide a long-term solution this year.  The short-term solution could be to rotate the certificate in the SS&C Hosted environment by November 2022.

Risk - Self-signed certificates introduce a risk of server impersonation attack. 

Remediation - Vendor must ensure that the certificate used for authentication is not self-signed and is actually signed by a Trusted third party Certificate Authority.

Risk- Not rotating the certificates introduces the risk of certificate keys becoming “stale” and increases the likelihood that they will be compromised or increasing the period for which compromised credentials are valid.



Ideas Portal

If you like this idea – vote! Ideas with over 20 votes will be highlighted to our Product review teams.
• Discussion is healthy! If you have a question or comment, don’t be afraid to jump in and start a discussion in the comments section below.
• Community collaboration is key!
New
This idea is new to the community and hasn’t been reviewed yet. While in the New stage, an idea is open for voting and comments to further the discussion around this idea.
Duplicate
This idea already exists! A change to the Duplicate status will always include a comment linking to the existing idea, so all voting and feedback can be collected in one place.
Need More Info
We’ve reviewed this idea, and determined we need a bit more info before deciding on how to move forward. An update to the Need More Info status will always be accompanied by a comment explaining which additional details are needed. Ideas are still open for voting and comments while in the Need More Info stage.
Under Consideration
We have all the info we need and are currently considering the feasibility of implementing this idea. Ideas in the Under Consideration status are still open to community voting and discussion.
Not Planned
We’ve reviewed this idea, and determined that it’s not feasible to implement right now. Ideas in the Not Planned status are no longer open for voting.
Coming Soon!
We’ve reviewed this idea and have determined that it will be delivered in the near future. Ideas in the Coming Soon! status are not attached to a binding timeline, but there is a concrete plan to implement this idea. Therefore we will have status does not allow for voting.
Delivered
Congrats! Your idea has been accepted by the team and is now in production! Give yourself a pat on the back – you contributed to the improvement of one of Blue Prism’s products or services!