We're Serious About Security
Liferay prioritizes security across every layer—from software and cloud infrastructure to customer protection. With certifications like ISO 27001 and SOC 2, built-in safeguards against common threats, and advanced features such as MFA, SSO, and fine-grained access controls, we help customers meet their compliance and privacy needs.
For those facing advanced threats, Liferay SaaS offers enhanced DDoS protection and proactive vulnerability management and our highest support tier, Strategic 24/7 offers expert Security Guidance to help safeguard mission-critical deployments.
Although Liferay provides top-tier infrastructure and security tools, keep reading to get five key security best practices every customer should follow to maintain a secure and stable deployment.
5 Security Best Practices for Liferay Deployments
1. Enable caching for the Document Library.
Caching significantly reduces the load on your system by serving public files (like PDFs and images) efficiently through CDNs. This not only boosts performance but also protects your deployment during high-traffic conditions or DDoS attacks.
2. Stay up to date with Liferay DXP releases.
Each new release from Liferay includes performance enhancements and security patches. Regularly updating your deployment ensures that you benefit from the latest optimizations and defenses.
3. Regularly update your Docker images.
Using up-to-date Docker images ensures that your environment is protected against known vulnerabilities. If a critical or high severity security vulnerability is identified in the container image, Liferay will rebuild and provide a new version, keeping you secure.
4. Be vigilant about monitoring for vulnerabilities.
Proactively monitor your systems for vulnerabilities. For Liferay PaaS customers, this is your responsibility—but with the Strategic 24/7 support tier, the Liferay team will inform you of known actionable vulnerabilities and help patch them.
5. Prepare for DDoS attacks.
DDoS attacks can overwhelm your platform, especially during high-traffic events. Make sure you have response plans in place to mitigate risks. With Liferay’s Strategic 24/7 Support tier, you get guidance on how to best implement DDoS security to ward off attacks.
Why Rely on Liferay for Security?
We partner with our customers to ensure that your deployment is both secure and optimized for growth. The Strategic 24/7 Support tier gives you the expert insights, monitoring, and forensics to help safeguard mission-critical deployments.
Here’s a glimpse at what the support tier offers:
- Personalized Vulnerability Assessments: Get notified of known actionable vulnerabilities impacting your environment and get help from the Liferay team to patch them.
- Yearly Security Audits: Gain more clarity on Liferay’s security posture and work with our specialists (up to 5 hours a year) to make sure you’re complying with security questionnaires and requirements.
- DDoS Protection and CDN Configuration Review: Receive guidance on how to implement DDoS protection and configure your CDN (up to 4 hours of meetings and 4 hours of preparation per year).
- Incident Forensics: Uncover the root cause of incidents with Liferay's security experts who will help review and provide recommendations up to 8 hours a year.
On top of the security benefits, the Strategic 24/7 tier also gives you access to our Production Incident Updates, a dedicated Support Squad, Health Checks, Implementation and Performance Guidance, and more.
Reach out to your Account Executive today to learn how you can strengthen the security of your mission-critical deployments.
