Information Security
At Jamf, we practice what we preach.Cloud Security
Security is built in to all Jamf products. We employ numerous industry-leading security controls to safeguard your data including:
Aurora RDS encryption
Jamf Cloud uses an external, third-party SSL certificate for the Jamf Pro web app. In addition, Jamf Cloud uses TLS 1.2 and AES-256 bit encryption for data at rest and in transit between a managed endpoint and the Jamf Pro server.
Logical data separation
Data is kept logically separate on various layers throughout the Jamf Cloud infrastructure. Only processes and threads such as queries within an authenticated organization’s context may access that organization’s data.
Database backups & recovery
Databases are continuously replicated to another server in a different data center. Jamf Cloud uses application and database servers in multiple data centers to provide high availability and recovery in case of service outage.
Dedicated Security Operations Team
We have a dedicated global team of engineers to monitor cloud availability and ensure the highest uptime is achieved for our customers.
Product Security
We understand that company and employee data protection is the top priority for not only our organization, but for all organizations.Secure development
Jamf’s engineering team follows a secure software development lifecycle policy which addresses the areas of preliminary analysis or feasibility study; risk identification and mitigation; systems analysis; technical design; development; quality assurance and acceptance testing; implementation; and post-implementation maintenance and review. This methodology ensures that the software will be adequately documented and tested before it is used in customer environments.
Annual testing & security scan
We engage a trusted third-party to perform annual testing of Jamf Pro Server, Jamf Management Framework, and Self Service app. In addition, dynamic and static automated security scans are performed on builds to identify critical security risks such as XSS, CSRF, injection attacks, and authentication issues.
Vulnerability Disclosure Program
Our vulnerability disclosure program makes it easy for you to submit any issue or bug you come across. With your help, we can alleviate risk and enhance operational efficiency across the Jamf platform.
Product Security Team
Jamf has a dedicated product security team that tests for and resolves product security issues. They also review customer feedback to make security enhancements to our products.
Security resources
Apple security resources
Filling the gap: macOS security
Jamf Pro security overview
Jamf School security overview
Availability & Business Continuity
Business continuity
Jamf Cloud is built on industry leading platforms that offer cloud availability and dependability. We monitor system availability in real-time to ensure compliance with availability and uptime commitments. In addition, built-in redundancies and disaster recovery plans are in place and tested periodically.
System status
For high-level Jamf Cloud availability information, visit our Jamf Cloud Status page. Refer to our Hosted Services Availability Commitment to learn more about our customer’s use and access to Jamf’s Hosted Services.
Certifications
View our corporate compliance certifications and initiatives or request security questionnaires and/or assurance reports (CAIQ, SOC 2, ISO certificate).