TL;DR: Auth0 takes security very seriously. If you want to learn how we handle security and protect your users, download our security white paper.
At Auth0, we have built state-of-the-art security into our product so our subscribers can take advantage of cutting edge features designed to protect their users and business. But features aren't enough. We go beyond best practices in our security program, so other businesses can rely on us to help keep the bad guys out, and simplify letting the good guys in. You can find the security white paper that we have just released in here or at the Auth0's Security page.
This white paper is an analysis and explanation of how we handle security. In this document, we have detailed our approach to this subject from many different perspectives. We discuss how we deal with People and Processes, how we handle Disaster Recovery and Backup, and much more. With this information, our subscribers can better understand how their data is protected and what measures we actively take to guarantee that sensitive data won't fall into the wrong hands.
Below, you can view the table of contents for the white paper. The whole document can be found here.
- Introduction - Dedicated Security Team |- People and Processes |- Background Checks |- Security Awareness |- Access Requests |- Security Policies |- Privacy - Secure Product Development |- Specification Compliance |- Authentication Experts |- Code Review |- Development Tools |- Secret Management |- White Hat Program |- OWASP Compliance |- Deployment Process - Third-Party Compliance |- SOC II Type 2 |- External Security Assessments - Infrastructure and Data Security |- Cloud Security |- Infrastructure as Code |- Network Security |- Security Monitoring |- Authentication |- Data Encryption |- Laptop and Mobile Device Security - Disaster Recovery and Backup |- Business Continuity Plan |- Backup Strategy - Vendor security |- Security Team Review |- Privacy Considerations - Summary
We hope that by releasing the security white paper, we can achieve greater transparency with our subscribers and the whole community of developers, security experts, and partners. We also hope that by making this information publicly available and concise in one document, interested parties will feel more confident about Auth0's practices and processes.
Lastly, we’d really love to encourage interested parties to analyze, question, and comment our approach to security. Please, feel free to ping us if you have any doubts or suggestions.
Auth0 is the first identity management platform for application builders, and the only identity solution needed for custom-built applications. With a mission to secure the world’s identities so innovators can innovate, Auth0 provides the simplicity, extensibility, and expertise to scale and protect identities in any application, for any audience. Auth0 secures more than 100 million logins each day, giving enterprises the confidence to deliver trusted and elegant digital experiences to their customers around the world.