CHAPTER 7 DXP Information Security Information security is crucial for digital platforms that are used for financial domains such as banking. In this chapter we discuss various aspects of information security. The best practices given in this chapter can be used for defining and implementing a robust information security framework for DXPs. Information Security in DXP Solutions Information security defines policies for protecting data at rest and data during transit. The basic principles of information security are defined as follows: • Information security policies: Organizations should define security policies and procedures and processes to protect information from unauthorized access and appropriate use. • Data access policy definition: Access policies should be defined for data, based on the sensitive nature of the data. • Defense in depth: Provide layer-wise access policies at each of the application tiers. • Compartmentalization: Group the information and provide access to grouped information (called “compartments”) only on a need-to- know basis. Compartmentalization reduces the attack surface and can be implemented using layer-wise security and the least privilege principle. • Least privilege by default: Provide only the minimal needed privileges for entities and processes. • Centralized access: All security policies such as authentication and authorization should be centrally controlled. © Shailesh Kumar Shivakumar, Sourabhh Sethii 2019 201 S. K. Shivakumar and S. Sethii, Building Digital Experience Platforms, https://doi.org/10.1007/978-1-4842-4303-9_7