01 January 2025

Is Prismic Secure?

A picture of computer screen with design application opened

Content:

  1. API Security
  2. User Permissions
  3. Content and API Versioning
  4. Single Sign-On (SSO) and Two-Factor Authentication (2FA)
  5. Data Hosting and Storage
  6. Security Policies
  7. Considerations
  8. In Summary

Prismic, a headless Content Management System (CMS), implements several security measures to protect user data and content. Here's an overview of its key security features:

API Security

Prismic distributes content through an API that can be configured as private. In private mode, the API requires client applications to authenticate to access any content stored in a Prismic repository. Each data-consuming client application can use a distinct set of authentication credentials, enhancing control over content access.

User Permissions

User management in Prismic is strictly isolated from one repository to another, allowing for granular control over permissions across repositories delivering content to client applications. This isolation ensures that access rights are appropriately managed and maintained.

Content and API Versioning

Prismic keeps track of content version history and provides the capability to restore previously published versions. Additionally, any new publication creates a new identifiable version of the API, facilitating content management and rollback if necessary.

Single Sign-On (SSO) and Two-Factor Authentication (2FA)

Prismic integrates with most enterprise identity federation and Single Sign-On standards or services (e.g., Active Directory, Okta) through the OAuth2 standard. This integration allows for the implementation and enforcement of centralized access management policies, such as password enforcement rules and multi-factor authentication, enhancing account security.

Data Hosting and Storage

Prismic's services and data are hosted in Amazon Web Services (AWS) facilities located in Northern Virginia, USA. AWS facilities comply with several security and data privacy standards, including ISO/IEC 27001:2013, ISO/IEC 27017, ISO/IEC 27018, PCI-DSS Level 1, CSA STAR Levels 1, 2, and 3, SOC 1, SOC 2, and SOC 3. This compliance ensures that data is stored securely and in accordance with industry standards.

Security Policies

Prismic shares with its employees a set of security policies and guidelines covering topics such as strong password policies, physical security policies, best practices in cybersecurity, and privacy and confidentiality rules. These policies help maintain a high standard of security within the organization.

Considerations

While Prismic offers robust security features, it's important to note that certain advanced security functionalities, such as Single Sign-On (SSO), may be available only on higher-tier plans. Additionally, users should be aware of potential security implications when implementing client-side features, such as pagination, especially when dealing with public APIs. Ensuring that repositories are configured appropriately (e.g., private vs. public) is crucial to maintaining the desired level of security.

In Summary

Prismic implements a comprehensive set of security measures to protect user data and content. However, users should remain vigilant and configure their repositories and applications in line with best practices to ensure optimal security.

We use cookies to enhance your experience. You can accept all cookies or manage your preferences.