Operational Security
 

Empowering stronger security throughout our cloud infrastructure.


From system monitoring to access control, we've designed our operations to enable continuous, layered risk management and help ensure optimum security for all our products and services.

Learn about our ongoing efforts.

Better detection and prevention rules

Robust security infrastructure.

We deploy and maintain a robust platform stack of security infrastructure technologies developed by both trusted partners and our internal teams. We leverage automation throughout this stack to enable consistency in our security controls across all our products and services. We share many of the custom tools we’ve developed as open source to help the broader security community learn from our efforts.  

Detection and prosecution

Constantly watching for issues.

Our operations team, including our Adobe Cyber Defense Center, uses a set of monitoring alert criteria to define the critical security and availability standards for our services' production environments. They use third-party and internally developed monitoring and analysis tools to closely monitor any unusual activity. 

Preventing product fraud

Restricting access.

Role-based access is used to restrict privileged access to information resources based on the concept of least privilege. Authorization requires approval by the management directly responsible for the confidentiality, integrity, and availability of impacted resources.

Fraud education

Keeping our solutions humming.

We implement a comprehensive change management process to help check that changes to the network or production environment are documented, tracked, tested, authorized, and approved prior to migration to production. We monitor the states of the hardware, operating system, and configurations, and we log and execute changes in a controlled way.

Resources

The Adobe Secure Product Lifecycle (SPLC)

Integrated into several stages of the product lifecycle—from design and development to quality assurance, testing, and deployment— the Adobe Secure Product Lifecycle (SPLC) is the foundation of security at Adobe. A rigorous set of several hundred specific security activities spanning software development practices, processes, and tools, the Adobe SPLC defines clear, repeatable processes to help our development teams build security into our products and services and continuously evolves to incorporate the latest industry best practices.


Adobe Operational Security (OpSec) overview

This white paper describes the Adobe secure cloud operations strategy, which focuses on securing cloud resources at scale and helping provide for the safety and security of customer applications and data within our continually evolving cloud infrastructure operations.


Adobe Identity Management Services Security Overview

Adobe Identity Management Servcies (IMS) sits between your enterprise end-users and your Adobe solution/s, handling all user authentication for any Adobe solution.


Dive deeper.


Learn more about operational security platform and our automation efforts on our blog.