Security

Security Assessments and Compliance

At Authgear, we take data security extremely seriously, being both ISO 27001 and SOC 2 Type II compliant. This affirms our commitment to implementing and maintaining the highest standards of information security and operational integrity.

  • ISO 27001: Ensures Authgear's Information Security Management System (ISMS) meets international best practices for managing sensitive company and customer information.
  • SOC 2 Type II: Validates Authgear's ability to securely manage customer data, ensuring trust and privacy across critical service criteria

Feel free to reach us via our contact form for more details on our security certifications.

Data Centers

Authgear’s physical infrastructure is hosted and managed within Google’s secure data centers around the globe and utilizes the Google Cloud Platform (GCP) technology. Independent and thorough assessments on security, privacy and compliance controls are regularly conducted by Google to ensure they are up to industry standards. In fact, Google's data center operations have been accredited under:

  • ISO 27001
  • ISO/IEC 27017
  • ISO/IEC 27018
  • SOC 1/2/3
  • PCI DSS
  • CSA STAR

On the other hand, Stripe, a PCI DSS Level 1 compliant payment gateway, is our choice for securing and processing card payments.

Payment Card Industry Data Security Standard (PCI DSS) Compliance

PCI DSS is a set of industry-mandated requirements that applies to any business that handles, processes, or stores credit cards regardless of the its size or location.

Authgear does not fall into that category, as we do NOT store any financial data nor process payments.

Security Measures from Data Centers

Google-managed data centers are certified with ISO 27001. Google has many years of experience in securing data and handling emergencies at large-scale data centers all over the world, and they have applied this experience to GCP and its infrastructure.

These facilities are one of the safest residence for your data, with a world-wide industry-leading security team works 24/7 monitoring and constantly improving the security measures. Data is distributed across multiple machines in different locations with various backups replicated to avoid a single point of failure. Backup data is chunked for random distribution to add an extra layer of security, making it not human-readable.

Physically, secure perimeter defense systems, comprehensive camera coverage and 24/7 guard teams are deployed to prevent any unauthorized access. Plus, data center staffs are trained to be security minded, and their access to the facilities is immediately revoked once they do not have a need for these privileges.

Regular tracking and monitoring are applied to hard drives at these facilities as well, and when one has reached the end of it life, it will be destroyed through a thorough, multi-step process.

Environmental Safeguards

Fire Detection and Suppression

Robust disaster recovery measures are applied in place. In the event of a fire or other physical disruption, data is shifted automically to other data centers, allowing the users to work uninterrupted.

Power

Power failure is also considered, with backup generators installed in response to that.

Climate and Temperature Control

Climate control is required to maintain a constant operating temperature for servers and other hardware, which prevents overheating and reduces the possibility of service outages. Data centers are designed to maintain atmospheric conditions at optimal levels. Monitoring systems and data center personnel ensure temperature and humidity are at the appropriate levels.

Network Security

Firewalls

Firewalls are utilized to restrict access to systems from external networks and between systems internally. By default, all access is denied and only explicitly allowed ports and protocols are allowed based on business need. Each system is assigned to a firewall security group based on the system’s function. Security groups restrict access to only the ports and protocols required for a system’s specific function to mitigate risk.

Spoofing and Sniffing Protections

Managed firewalls prevent IP, MAC, and ARP spoofing on the network and between virtual hosts to ensure spoofing is not possible. Packet sniffing is prevented by infrastructure including the hypervisor which will not deliver traffic to an interface which it is not addressed to. Authgear utilizes application isolation, operating system restrictions, and encrypted connections to further ensure risk is mitigated at all levels.

Port Scanning

Port scanning is prohibited and every reported instance is investigated by our infrastructure provider. When port scans are detected, they are stopped and access is blocked.

System Security

System Configuration

System configuration and consistency are maintained through standard up-to-date images, configuration management software, and by replacing systems with updated deployments. Systems are deployed using verified and safe images that are updated with configuration changes and security updates before deployment. Once deployed, existing systems are decommissioned and replaced.

System Authentication

Operating system access is limited to Authgear staffs only and requires username, key and multi-step authentication. Operating systems do not allow password authentication to prevent password brute-force attacks, theft, and sharing.

Disaster Recovery

Authgear is designed for stability and scaling, and inherently mitigates common issues that lead to outages while maintaining recovery capabilities. Our platform maintains redundancy to prevent single points of failure, and is able to replace failed components.

Access to Customer Data

Authgear staff does not access or interact with customer data or applications as part of normal operations. There may be cases where Authgear is requested to interact with customer data or applications at the request of the customer for support purposes or where required by law. Authgear may also inspect customer data to debug and troubleshoot platform issues.

Preferences

Privacy is important to us, so you have the option of disabling certain types of storage that may not be necessary for the basic functioning of the website. Blocking categories may impact your experience on the website.

Accept all cookies

These items are required to enable basic website functionality.

Always active

These items are used to deliver advertising that is more relevant to you and your interests.

These items allow the website to remember choices you make (such as your user name, language, or the region you are in) and provide enhanced, more personal features.

These items help the website operator understand how its website performs, how visitors interact with the site, and whether there may be technical issues.

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.