TL;DR: Auth0 takes security very seriously. If you want to learn how we handle security and protect your users, download our security white paper.
At Auth0, we have built state-of-the-art security into our product so our subscribers can take advantage of cutting edge features designed to protect their users and business. But features aren't enough. We go beyond best practices in our security program, so other businesses can rely on us to help keep the bad guys out, and simplify letting the good guys in. You can find the security white paper that we have just released in here or at the Auth0's Security page.
This white paper is an analysis and explanation of how we handle security. In this document, we have detailed our approach to this subject from many different perspectives. We discuss how we deal with People and Processes, how we handle Disaster Recovery and Backup, and much more. With this information, our subscribers can better understand how their data is protected and what measures we actively take to guarantee that sensitive data won't fall into the wrong hands.
Below, you can view the table of contents for the white paper. The whole document can be found here.
- Introduction - Dedicated Security Team |- People and Processes |- Background Checks |- Security Awareness |- Access Requests |- Security Policies |- Privacy - Secure Product Development |- Specification Compliance |- Authentication Experts |- Code Review |- Development Tools |- Secret Management |- White Hat Program |- OWASP Compliance |- Deployment Process - Third-Party Compliance |- SOC II Type 2 |- External Security Assessments - Infrastructure and Data Security |- Cloud Security |- Infrastructure as Code |- Network Security |- Security Monitoring |- Authentication |- Data Encryption |- Laptop and Mobile Device Security - Disaster Recovery and Backup |- Business Continuity Plan |- Backup Strategy - Vendor security |- Security Team Review |- Privacy Considerations - Summary
We hope that by releasing the security white paper, we can achieve greater transparency with our subscribers and the whole community of developers, security experts, and partners. We also hope that by making this information publicly available and concise in one document, interested parties will feel more confident about Auth0's practices and processes.
Lastly, we’d really love to encourage interested parties to analyze, question, and comment our approach to security. Please, feel free to ping us if you have any doubts or suggestions.
Auth0, a global leader in Identity-as-a-Service (IDaaS), provides thousands of customers in every market sector with the only identity solution they need for their web, mobile, IoT, and internal applications. Its extensible platform seamlessly authenticates and secures more than 2.5 billion logins per month, making it loved by developers and trusted by global enterprises. The company's U.S. headquarters in Bellevue, WA, and additional offices in Buenos Aires, London, Tokyo, and Sydney, support its global customers that are located in 70+ countries.