From system monitoring to access control, we've designed our operations to enable continuous, layered risk management and help ensure optimum security for all our products and services.
We deploy and maintain a robust platform stack of security infrastructure technologies developed by both trusted partners and our internal teams. We leverage automation throughout this stack to enable consistency in our security controls across all our products and services. We share many of the custom tools we’ve developed as open source to help the broader security community learn from our efforts.
Our operations team, including our Adobe Cyber Defense Center, uses a set of monitoring alert criteria to define the critical security and availability standards for our services' production environments. They use third-party and internally developed monitoring and analysis tools to closely monitor any unusual activity.
Role-based access is used to restrict privileged access to information resources based on the concept of least privilege. Authorization requires approval by the management directly responsible for the confidentiality, integrity, and availability of impacted resources.
We implement a comprehensive change management process to help check that changes to the network or production environment are documented, tracked, tested, authorized, and approved prior to migration to production. We monitor the states of the hardware, operating system, and configurations, and we log and execute changes in a controlled way.
Integrated into several stages of the product lifecycle—from design and development to quality assurance, testing, and deployment— the Adobe Secure Product Lifecycle (SPLC) is the foundation of security at Adobe. A rigorous set of several hundred specific security activities spanning software development practices, processes, and tools, the Adobe SPLC defines clear, repeatable processes to help our development teams build security into our products and services and continuously evolves to incorporate the latest industry best practices.
This white paper describes the Adobe secure cloud operations strategy, which focuses on securing cloud resources at scale and helping provide for the safety and security of customer applications and data within our continually evolving cloud infrastructure operations.
Adobe Identity Management Servcies (IMS) sits between your enterprise end-users and your Adobe solution/s, handling all user authentication for any Adobe solution.
Learn more about operational security platform and our automation efforts on our blog.