Security at ngrok
The ngrok service is designed, built, maintained, monitored, and regularly updated with security in mind. To deliver our service with confidentiality, integrity and availability, we use the shared security responsibility model, a framework adopted by many cloud providers—including Amazon AWS, Microsoft, and Salesforce—to identify the distinct security responsibilities of the customer and the cloud provider. In this model:
- ngrok is responsible for the security of the ngrok service. ngrok is also responsible for providing features you can subscribe to in order to secure your services.
- Our customers are responsible for securing how they use the ngrok service. This includes, for example, granting the correct permissions to users and administrators, disabling accounts and auth tokens when employees are terminated, properly configuring features required to protect your data, and keeping ngrok agents updated in our systems.