Everything is software now!
JFrog Saas solution offers top-notch security for both JFrog products and infrastructure.
As JFrog SaaS solution is dynamic, scalable, and portable, it requires special security controls for workloads and data while at rest and in transit. These security controls allow our end users to scale efficiently.
Customer Account Segregation
Each customer account is deployed with a unique ID to guarantee adequate separation.
Each customer account is granted with its own unique and narrow role, based on least privilege principle. We grant just the permissions which are required to perform tasks and access shared resources, such as databases and cloud object storage.
The default and automatic deployment of JFrog SaaS solution is on a shared environment including the following resources:
- The load balancer is a shared component at the region level.
- The applications’ database schema and role are dedicated for each customer. The applications’ database is a cloud provider managed service, shared at the region level.
- Each customer has its own unique role with permissions for their own files. The applications’ filestore is a cloud provider managed service, shared at the region level.
Data Center Security
JFrog’s production environment complies with top-tier providers with the highest data privacy, security standards and practices.
Find out more information about the security of the Amazon, GCP & Azure cloud platforms.
As part of our multi-layer protection approach, a dedicated DDoS mitigation ecosystem has been put in place. JFrog utilizes anti-DDoS protection, a next-gen WAF, an API protection tool, advanced rate limiting and bot protection.
JFrog SaaS solution has a well architected, secured, high-performing, resilient, and efficient infrastructure for JFrog products and workloads. JFrog supports hybrid solutions for customers wishing to combine self-managed with SaaS solution, on any of the three major cloud providers: Google Cloud Platform (GCP), Amazon Web Services (AWS), and Microsoft Azure.
JFrog offers a multi-tier architecture for your deployment including high-availability systems, backups and more.
Real Time Platform Status
JFrog communicates the status of our platform and its incidents https://status.jfrog.io/.