Security Awareness and Training
Fostering a culture of security across the company.
Every individual at Adobe plays an integral part in keeping our company and infrastructure secure. Our robust security awareness and role-based security training, along with regular simulation exercises and awareness programs to keep our employees vigilant against scams, help keep everyone from interns through C-suite executives up-to-date on the latest security threats and techniques—as well as how to combat them.
Learn about our ongoing efforts.
Keeping security top of mind.
As part of Adobe’s company-wide culture of security, every employee must complete our mandatory security awareness training upon hire and annually thereafter. The course provides a comprehensive overview of security issues employees may encounter in their day-to-day work at Adobe. In addition, some employees in more sensitive roles covered by industry and governmental regulations such as PCI and FedRAMP receive supplemental, targeted training. Annual re-certification helps keep security top of mind and equips our workforce with the latest information to help protect Adobe corporate assets as well as customer and employee data.
Equipping technical teams to implement secure products and services.
Developing secure code poses significant challenges, even for seasoned security experts. That’s why our technical employees, including engineering and technical operations teams, are auto-enrolled in in‑depth, role-specific developer security training upon hire. To attain certification, individuals must successfully complete one learner journey that is most closely aligned with their role at Adobe. Recertification is required every three years. Even individuals in technical roles whose day-to-day responsibilities don’t involve much coding can choose a learner journey to show them how security best practices can be applied to their job.
Teaching employees how to spot the scam.
In the ever-evolving landscape of cybersecurity threats, it's more critical than ever to be aware of possible scams via phishing, smishing, vishing or other common attack techniques and how to report them. The proliferation of generative AI is making spotting the tell-tale signs of these scams even more difficult. Unfortunately, email is but one weapon in a cybercriminal’s arsenal; increasingly, scam efforts also come through text messages, DMs on social media, and even phone calls. Adobe’s state-of-the-art simulation programs help ensure our employees stay vigilant against these security threats and know how to spot and report scams before they can do damage to Adobe’s information and reputation.
Embedding security-aware engineers to improve product security.
Each product team includes an embedded “security champion,” an engineer who has undergone advanced security training and understands security controls as well as advocates for their implementation in the team’s product or service. Tightly integrated with the Adobe Security organization, security champions are responsible for communicating security priorities to their team and for helping ensure these priorities are acknowledged and completed. In addition to hands-on security training, security champions receive regular communications and updates from Adobe Security to help improve their knowledge and keep them apprised of the latest advancements in security technologies, tools, and concepts.
Resources
The Adobe Secure Product Lifecycle (SPLC)
Integrated into several stages of the product lifecycle—from design and development to quality assurance, testing, and deployment— the Adobe Secure Product Lifecycle (SPLC) is the foundation of security at Adobe. A rigorous set of several hundred specific security activities spanning software development practices, processes, and tools, the Adobe SPLC defines clear, repeatable processes to help our development teams build security into our products and services and continuously evolves to incorporate the latest industry best practices.
Adobe Operational Security (OpSec) overview
This white paper describes the Adobe secure cloud operations strategy, which focuses on securing cloud resources at scale and helping provide for the safety and security of customer applications and data within our continually evolving cloud infrastructure operations.
Adobe Identity Management Services Security Overview
Adobe Identity Management Servcies (IMS) sits between your enterprise end-users and your Adobe solution/s, handling all user authentication for any Adobe solution.
Dive deeper.
Learn more about operational security platform and our automation efforts on our blog.