Enterprise Security
Enterprise-grade security with complete data control
Your code and data never leave your infrastructure. SOC 2 Type II certified, GDPR compliant, HIPAA ready. Meet the strictest compliance standards with granular access controls.
Hybrid architecture
Your code and data never leave your infrastructure
Separation of orchestration and execution means Prefect Cloud coordinates workflows without ever accessing your code or data. Workers poll via outbound-only connections—no inbound access to your network required.
No code or data egress from your environment
Deploy on Kubernetes, ECS, Docker, or serverless
Workers poll for work—no inbound network access
Prefect Cloud hosts the Control Plane & Metadata. You host execution & data.
Access controls
Granular permissions and enterprise governance
Control who can access what with role-based access control, team management, and directory sync. Secure your workflows while keeping code and data in your infrastructure.
Object-level permissions for fine-grained control
Service accounts for automation
Multi-factor authentication required
Infrastructure security
Industry-standard encryption and infrastructure
All data encrypted in transit and at rest with industry best-practice algorithms. High availability configuration across multiple availability zones with annual penetration testing and disaster recovery simulations.
Annual third-party penetration testing
Continuous vulnerability monitoring
Annual disaster recovery simulations
Encryption
Infrastructure
Flexible execution models
Choose the deployment pattern that fits your security requirements
Hybrid Execution
Prefect Cloud coordinates workflows while execution happens in your infrastructure. No code or data leaves your environment.
Push Execution
Prefect Cloud provisions infrastructure on-demand in your cloud account with limited service account permissions.
Managed Execution
Prefect Cloud executes workflows on managed infrastructure. Requires providing workflow source code.
What data does Prefect store?
Complete transparency on data handling
Metadata stored by Prefect Cloud
Required for orchestration coordination
- •Flow and task parameter names
- •Flow parameter values (not task parameter values)
- •Workflow logs (can be disabled)
- •Configuration blocks (encrypted per-workspace)
Data that stays in your infrastructure
Prefect Cloud never accesses
- Workflow source code
- Task parameter values and execution data
- Customer data processed by workflows
- Secrets and credentials
Enterprise security features
Built for regulated industries
SOC 2 Type II certified
Independently audited security controls proving commitment to data protection and operational excellence.
End-to-end encryption
TLS 1.2+ for data in transit. Industry-standard encryption for data at rest with workspace-unique keys.
Granular RBAC
Object-level permissions and role-based access control. Control exactly who can access what.
Compliance ready
GDPR compliant and HIPAA ready. Designed for healthcare, finance, and regulated industries.
Audit logs & retention
Complete audit trail of all actions with configurable retention. Track who did what and when.
SSO & directory sync
SAML 2.0 and OIDC single sign-on. Automatic user provisioning with SCIM directory sync.
Security policies & practices
Continuous security improvement
System Access
- Least privilege access to all systems
- Quarterly access audits on critical systems
- SSO enforcement where possible
- Multi-factor authentication required
Monitoring & Testing
- Annual third-party penetration testing
- Continuous vulnerability monitoring
- Annual disaster recovery simulations
- Bug bounty program
Security resources
Documentation and policies
Questions about security?
Our security team is here to help. Contact us about enterprise security requirements, compliance documentation, or to request our SOC 2 Type II report.