Overview

The new Security Center tab in My Pega Cloud (MPC) now displays targeted alerts if your inbound access configuration does not align with Pega's security best practices. These alerts currently target Pega Cloud environments with unrestricted public internet access.

While some applications are intentionally designed for public access, unrestricted inbound access configuration in non-public applications can pose a potential security risk.To mitigate this risk, limit inbound access to your applications by allowing only well-known and trusted sources.

Action Required: Limit inbound access to your Pega Cloud applications

If you receive an inbound configuration alert in MPC, immediately review your existing configuration and use the enhanced self-service option to apply changes. If you are unable to manage allow lists in MPC or need assistance interpreting the required actions, create a ticket in My Support Portal (MSP).

For detailed guidelines and best practices on managing inbound access configurations, see Limiting public inbound access in Pega Cloud deployments.

You can further enhance protection and compliance with security best practices by using Pega Cloud Secure Connect to establish private connectivity.

Why this matters

Since cyber threats are constantly evolving, reducing public exposure is essential to limiting your application's attack surface. As a security best practice, apply the principle of least privilege to your inbound access configuration, exposing only what is essential to trusted sources.