Security at Ory

Identity Data is Secure With Ory

01Security and compliance

We take security seriously

Ory is committed to offering secure, GDPR compliant, privacy-focused products.

a 3d cube with a security lock icon in the center

GDPR compliant

Built with GDPR in mind. We make it easy for our customers to respect the rights of data subjects.

SOC2 and ISO 27001

Rigorous security auditing. SOC 2 Type 1 and Type 2 attestation and ISO 27001 certification is underway.

02Best practices

Secure identity and access management made easy

Experienced experts

Our developers are trained on and adhere to secure coding standards, including applying OWASP Top 10 implementation guidance.

Organizational excellence

Ory implements least privilege principles, undergoes regular access control audits, and follows an extensive code review, testing, and analysis process.

Industry-standard best practices

We use best practices including zero trust security, encryption, third-party penetration testing, vulnerability scanning, and others.

Open source ethos

We believe an open-source approach to building software leads to better security. But we don’t stop there. We also implement security best practices to ensure the Ory Network stays safe.

cube with a line extended out from it with a security icon at the end

Vulnerability management

Ory embeds vulnerability scans into the CI/CD pipelines and scans all containers built for deployment. In addition, at runtime all containers running in our clusters are scanned continuously to report findings.

a 3d cube inside a 2d cube protected by a wall on the right side

Third party penetration testing

Third party pen tests are conducted on a quarterly basis to ensure regular verification of our systems and procedures.

Bug bounty program

Ory's disclosure and reward program supports anyone who wants to increase the security of the Ory Network by conducting external pen testing.

Technical and operational measures

Ory Network forces HTTPS for all services using TLS 1.2 or higher, including our public website and the console to ensure secure connections.

a cube with a key icon on one side and a lock icon on the other

At rest encryption

Any data stored by the Ory Network is encrypted at rest using industry best practice standard AES-256 Password Encryption Ory uses salted bcrypt to ensure passwords are stored securely.

Recoverability

The Ory Network implements a backup strategy to ensure regular backups are created and stored in an encrypted fashion.

Secure cloud deployment

Google Cloud Platform provides secure and scalable infrastructure that meets Ory's strict requirements and compliance needs.

a cube surrounded on both sides by wall like shapes

Logging and audit trail

Ory uses logging in its cloud network. enabling forensic analysis of potential incidents.

Availability and resiliency

Ory Network ensures all services and data are spread over different data centers and availability zones within them to maximize availability in the case of localized outages.

03Testimonials

Hear from our longtime users

Akibur Rahman - System Architect, Padis GmbH

"Ory products consider all modern technical aspects and it was a perfect fit for our system. Integration was relatively easy and we are able to customize based on our requirements."

padis logo
04Start for free

Protect your identity data with Ory

Sign up or schedule a demo with us to learn how you can improve conversion, retention, and security with Ory.

Cube with two smaller cubes on the top portion of it