Identity Data is Secure With Ory
We take security seriously
Ory is committed to offering secure, GDPR compliant, privacy-focused products.
Built with GDPR in mind. We make it easy for our customers to respect the rights of data subjects.
SOC2 and ISO 27001
Rigorous security auditing. SOC 2 Type 1 and Type 2 attestation and ISO 27001 certification is underway.
Secure identity and access management made easy
Our developers are trained on and adhere to secure coding standards, including applying OWASP Top 10 implementation guidance.
Ory implements least privilege principles, undergoes regular access control audits, and follows an extensive code review, testing, and analysis process.
Industry-standard best practices
We use best practices including zero trust security, encryption, third-party penetration testing, vulnerability scanning, and others.
Open source ethos
We believe an open-source approach to building software leads to better security. But we don’t stop there. We also implement security best practices to ensure the Ory Network stays safe.
Ory embeds vulnerability scans into the CI/CD pipelines and scans all containers built for deployment. In addition, at runtime all containers running in our clusters are scanned continuously to report findings.
Third party penetration testing
Third party pen tests are conducted on a quarterly basis to ensure regular verification of our systems and procedures.
Bug bounty program
Ory's disclosure and reward program supports anyone who wants to increase the security of the Ory Network by conducting external pen testing.
Technical and operational measures
Ory Network forces HTTPS for all services using TLS 1.2 or higher, including our public website and the console to ensure secure connections.
At rest encryption
Any data stored by the Ory Network is encrypted at rest using industry best practice standard AES-256 Password Encryption Ory uses salted bcrypt to ensure passwords are stored securely.
The Ory Network implements a backup strategy to ensure regular backups are created and stored in an encrypted fashion.
Secure cloud deployment
Google Cloud Platform provides secure and scalable infrastructure that meets Ory's strict requirements and compliance needs.
Logging and audit trail
Ory uses logging in its cloud network. enabling forensic analysis of potential incidents.
Availability and resiliency
Ory Network ensures all services and data are spread over different data centers and availability zones within them to maximize availability in the case of localized outages.
Hear from our longtime users
"Ory products consider all modern technical aspects and it was a perfect fit for our system. Integration was relatively easy and we are able to customize based on our requirements."
Protect your identity data with Ory
Sign up or schedule a demo with us to learn how you can improve conversion, retention, and security with Ory.