We're excited to announce another step in ngrok's security journey: the release of our Defense in Depth white paper. As part of our commitment to helping customers secure their environments, we laid out how ngrok’s capabilities work layer by layer to keep your developers, teams, and systems safe.
The ngrok security controls
ngrok provides an extensive set of security controls – such as routing, encryption, network restrictions, SSO, and monitoring – to protect your connections’ confidentiality, integrity, and availability. These controls are available whenever you launch an ngrok tunnel and enforced on every single request:
The white paper comprehensively presents these security controls, helping you understand the trade-offs and how to use them to secure your data without re-architecting your services.
Navigating security trade-offs
A fundamental part of protecting your services is to choose which controls to apply to secure your systems without affecting the business. The white paper presents the things to keep in mind when setting each control, helping you make decisions that better suits your business requirements and risk profile:
The Defense in Depth white paper is one of the many investments we made — alongside our SOC 2 report, trust portal, and new product features — to ensure that ngrok continues to be a service that developers can trust with their applications and data.
Keith Casey serves on the Product/GTM Team at ngrok helping teams launch their systems faster and easier than ever before. Previously, he served on the Product Team at Okta working on Identity and Authentication APIs, as an early Developer Evangelist at Twilio, and worked to answer the Ultimate Geek Question at the Library of Congress. His underlying goal is to get good technology into the hands of good people to do great things. In his spare time, he writes at CaseySoftware.com and lives in the woods. He is also a co-author of A Practical Approach to API Design.