What are the Adyen security foundations?
Security foundations at Adyen
As a financial service provider, securing data is a top priority at Adyen and is built into every part of our business. In order to ensure security is at the forefront of everything we do, we’ve created the Adyen Security Foundations. The foundations include important principles to keep our platform and processes secure.
1. Everybody does security
At Adyen, everyone has a role to play when it comes to security. Teams own their own security practices, and we collectively keep our practices up to date with our growing business. Annually, all employees must participate in the annual security refresher training.
2. Defense in depth
To keep data and systems secure, we layer protection and prevent single points of failure. We do so by combining both technical and non-technical controls.
3. Built to be controlled by Adyen engineers
We own and manage everything about our products and services, from beginning to the end. This gives us full control over everything we do and helps us secure our platform and data.
4. Independent, available, and redundant infrastructure
Uptime is critical to our customers’ success. By minimizing reliance on third parties, careful monitoring, and building in redundancy and latency in everything we do, we bring minimal risk to the businesses we work with.
5. Avoiding insecure components
At Adyen, we minimize exposure to risks that are inherent to the usage of specific technologies, vendors and software components. We avoid components that have shown recurring signs of bad security practices, have repeatedly been the cause of breaches, or are widely considered dangerous through rigorous screening.
6. Zero-trust network design
Our network has been segmented on multiple layers following the zero-trust principle. We use a tiered approach of physically isolated networks that are each assigned to a specific purpose, with our payment platform being the highest security tier. Every component in our network is treated as untrusted by default, so components can only communicate with systems they are explicitly allowed to communicate with, and only use services they are explicitly allowed to use.
7. Secure by default
We deploy, configure, and harden every core and supporting component in our platform infrastructure with automation. By doing so, we ensure that each server, network component and other hardware operates in line with security best practices and benchmarks. We use a similar approach to protect our employees’ laptops, which are managed and hardened centrally by our infrastructure engineers.
8. Secure engineering
At Adyen, security is embedded in every phase of our product lifecycle. This allows us to catch flaws at an early stage and substantially reduce risk, workload and the need for excessive security engineering activities.
Was this article helpful?
The integration security guide
Follow best practices to reduce security risks.
View integration security guide