TL;DR: Auth0 takes security very seriously. If you want to learn how we handle security and protect your users, download our security white paper.
At Auth0, we have built state-of-the-art security into our product so our subscribers can take advantage of cutting edge features designed to protect their users and business. But features aren't enough. We go beyond best practices in our security program, so other businesses can rely on us to help keep the bad guys out, and simplify letting the good guys in. You can find the security white paper that we have just released in here or at the Auth0's Security page.
This white paper is an analysis and explanation of how we handle security. In this document, we have detailed our approach to this subject from many different perspectives. We discuss how we deal with People and Processes, how we handle Disaster Recovery and Backup, and much more. With this information, our subscribers can better understand how their data is protected and what measures we actively take to guarantee that sensitive data won't fall into the wrong hands.
Below, you can view the table of contents for the white paper. The whole document can be found here.
- Introduction - Dedicated Security Team |- People and Processes |- Background Checks |- Security Awareness |- Access Requests |- Security Policies |- Privacy - Secure Product Development |- Specification Compliance |- Authentication Experts |- Code Review |- Development Tools |- Secret Management |- White Hat Program |- OWASP Compliance |- Deployment Process - Third-Party Compliance |- SOC II Type 2 |- External Security Assessments - Infrastructure and Data Security |- Cloud Security |- Infrastructure as Code |- Network Security |- Security Monitoring |- Authentication |- Data Encryption |- Laptop and Mobile Device Security - Disaster Recovery and Backup |- Business Continuity Plan |- Backup Strategy - Vendor security |- Security Team Review |- Privacy Considerations - Summary
We hope that by releasing the security white paper, we can achieve greater transparency with our subscribers and the whole community of developers, security experts, and partners. We also hope that by making this information publicly available and concise in one document, interested parties will feel more confident about Auth0's practices and processes.
Lastly, we’d really love to encourage interested parties to analyze, question, and comment our approach to security. Please, feel free to ping us if you have any doubts or suggestions.
Auth0 provides frictionless authentication and authorization. Auth0 makes it easy for developers to implement even the most complex identity solutions for their web, mobile, and internal applications. Ultimately, Auth0 allows developers to control how a person’s identity is used with the goal of making the internet safer. As of August, 2016, Auth0 has raised over $24m from Trinity Ventures, Bessemer Venture Partners, K9 Ventures, Silicon Valley Bank, Founders Co-Op, Portland Seed Fund and NXTP Labs, and the company is further financially backed with a credit line from Silicon Valley Bank.