Information Security

At Jamf, we practice what we preach.

Cloud Security

Security is built in to all Jamf products. We employ numerous industry-leading security controls to safeguard your data including:

Aurora RDS encryption

Jamf Cloud uses an external, third-party SSL certificate for the Jamf Pro web app. In addition, Jamf Cloud uses TLS 1.2 and AES-256 bit encryption for data at rest and in transit between a managed endpoint and the Jamf Pro server.

Logical Data Separation

Data is kept logically separate on various layers throughout the Jamf Cloud infrastructure. Only processes and threads such as queries within an authenticated organization’s context may access that organization’s data. This restriction applies to all data and processes/threads, both in memory and on disk.

Database Backups & Recovery

Databases are continuously replicated to another server in a different data center. A snapshot of each database is taken every 24 hours and may be used to restore data if a critical event occurs. Jamf Cloud uses application and database servers in multiple data centers to provide high availability and recovery in case of service outage.

Dedicated Security Operations Team

We have a dedicated global team of engineers to monitor cloud availability and ensure the highest uptime is achieved for our customers.

Product Security

We understand that company and employee data protection is the top priority for not only our organization, but for all organizations. That's why we ensure our devices are secured with Jamf, because we can't secure yours if we don't secure ours.

Secure Development

Jamf’s engineering team follows a secure software development lifecycle policy which addresses the areas of preliminary analysis or feasibility study; risk identification and mitigation; systems analysis; technical design; development; quality assurance and acceptance testing; implementation; and post-implementation maintenance and review. This methodology ensures that the software will be adequately documented and tested before it is used in customer environments.

Security Resources


Vulnerability Disclosure Program

Our vulnerability disclosure program makes it easy for you to submit any issue or bug you come across. With your help, we can alleviate risk and enhance operational efficiency across the Jamf platform. For more information or to report a bug, click here.

Annual Testing & Security Scan

We engage a trusted third-party to perform annual testing of Jamf Pro Server, Jamf Management Framework, and Self Service app. In addition, dynamic and static automated security scans are performed on builds to identify critical security risks such as XSS, CSRF, injection attacks, and authentication issues.

Product Security Team

Jamf has a dedicated product security team that tests for and resolves product security issues. They also review customer feedback to make security enhancements to our products.

Availability & Business Continuity

Business Continuity

Jamf Cloud is built on AWS, the industry leader in cloud availability and dependability. We monitor system availability in real-time to ensure compliance with availability and uptime commitments. In addition, built-in redundancies and disaster recovery plans are in place and tested periodically.

System Status

For high-level Jamf Cloud availability information, visit our Jamf Cloud Status page. Refer to our Hosted Services Availability Commitment to learn more about our customer’s use and access to Jamf’s Hosted Services.

Certifications

View our corporate compliance certifications and initiatives.

Security questionnaires and/or assurance reports available upon request (CAIQ, SIG LITE, SOC 2, ISO certificate).