Magento - The Trusted Name in Digital Commerce

The Trusted
Name in Digital

Trust is the foundation of our relationship with hundreds of thousands of merchants around the world. We value the confidence you’ve put in us and take the responsibility of protecting your information seriously. To be worthy of your trust, we built and will continue to grow Magento with an emphasis on security, compliance, and privacy.

Shared responsibility security model

Magento Commerce Cloud relies on a shared responsibility security model where customers and Magento have different areas of responsibility for maintaining the security of the commerce experience. Magento provides secure managed services on top of Amazon’s industry leading cloud services.  Customers have the ability to manage the Magento application to their heart’s extent.  This approach is intended to provide the greatest flexibility for customization and innovation while reducing the operational responsibilities of the merchant.

 Magento Security

Customer responsibilities

The customer is responsible for the security of their customized instance of the Magento Commerce application running on the Magento Commerce cloud environment.

AWS responsibilities

AWS is responsible for security of the network including routing, switching, and perimeter network security via firewall systems and intrusion detection systems (IDS).

Magento responsibilities

Magento is responsible for the security and availability of the Magento Commerce Cloud environment, the core Magento Commerce application code, and internal Magento systems.

Secure commerce experiences with control and visibility

Magento Commerce Cloud is designed to provide multiple layers of protection starting from the end-user's browser to the content delivery network, the payment integration, the cloud environment, and to the core Magento Commerce application. We work behind the scenes to help protect your stores and empower IT administrators with tools that help provide control and visibility. Our robust information security management framework is designed to help assess risks and to help build a culture of security at Magento.

Magento Trust Consumer's Browser

Consumer’s Browser

Consumer traffic can be better secured using HTTPS for all pages on the website (using either a shared SSL certification or the customers own SSL certificate for an additional fee).

Magento Fastly CDN

Content Delivery Network (CDN) & DDoS Protection

The Fastly DDOS solution protects against highly disruptive Layer 3 and Layer 4 attacks, and more complex Layer 7 attacks.

Magento Virtual Private Cloud

Virtual Private Cloud

The Magento Commerce Cloud Pro production environment is configured as a virtual private cloud (VPC) so that all 3 production servers are isolated and have limited ability to connect in and out of the cloud environment.

Magento Payment Gateway

Payment Gateway

Magento Commerce requires payment gateway integrations where credit card data is passed directly from the consumer’s browser to the payment gateway.

Magento Application

Magento Application

Magento regularly tests the core application code for security vulnerabilities.  Patches for defects and security issues are provided to customers.

Magento File System

Read-Only File System

All the executable code is deployed into a read-only file system image, which dramatically reduces the surfaces that are available for attack.

Compliant processes and technology architecture

Verifying compliance with generally accepted security practices can be an effective tool to assess a service provider’s dependability and reliability. Our security practices comply with the most widely accepted standards and regulations in the commerce technology industry such as PCI and SOC 2. Our independent third-party auditors test our controls and provide their reports and opinions — which we share with you whenever possible upon request.

Data privacy and protection

Whether you're concerned about your data as a merchant or your end-user's data, we’re committed to help with protecting your data.

Magento - Sensitive Data

Sensitive data

Using our service, customers may use or store either personally-identifiable information (PII) on consumers or confidential data from Magento customers. Protection of customer and consumer data is a critical obligation for Magento.

Magento Privacy Shield

Privacy Shield

Magento is Privacy Shield self-certified, which is a European Commission-approved mechanism that enables the transfer of personal data from the European Union and Switzerland to the United States.

Magento GDPR


Customer success is our top priority. This includes helping to support  our customers’ compliance with the General Data Protection Regulation (GDPR) and the California Consumer Protection Act (CCPA).

See the
Most Trusted

Our reps are ready to show you how Magento can boost your business… and your bottom line.


We’re Working
On Your Request

In the meantime,
you may want to check out...

Related Content

Ten Tips for Increasing Conversion Rates

Ten Tips for Increasing Conversion Rates

As acquisition costs rise, online merchants must maximize conversion rates of the customers who come to their websites.
Match Customers with the Products They're Searching For

Match Customers with the Products They're Searching For

To realize the convenience benefit of shopping online, customers need to find what they are looking for, and fast.
The Rules (and Tools) for Successful Customer Engagement

The Rules (and Tools) for Successful Customer Engagement

Download this guide and find out how to create personalized shopping experiences and customer interactions that drive repeat sales and brand loyalty.