ngrok: Defense in Depth

We're excited to announce another step in ngrok's security journey: the release of our Defense in Depth white paper. As part of our commitment to helping customers secure their environments, we laid out how ngrok’s capabilities work layer by layer to keep your developers, teams, and systems safe.

The ngrok security controls

ngrok provides an extensive set of security controls – such as routing, encryption, network restrictions, SSO, and monitoring – to protect your connections’ confidentiality, integrity, and availability. These controls are available whenever you launch an ngrok tunnel and enforced on every single request:

The white paper comprehensively presents these security controls, helping you understand the trade-offs and how to use them to secure your data without re-architecting your services.

Navigating security trade-offs

A fundamental part of protecting your services is to choose which controls to apply to secure your systems without affecting the business. The white paper presents the things to keep in mind when setting each control, helping you make decisions that better suits your business requirements and risk profile:

Conclusion

The Defense in Depth white paper is one of the many investments we made — alongside our SOC 2 report, trust portal, and new product features — to ensure that ngrok continues to be a service that developers can trust with their applications and data.

We remain committed to improving our security practices, with even more capabilities coming soon. We hope this is useful for developers and businesses alike. Click here to download our Defense in Depth white paper.

‍