5 posts tagged with "security"

Phase Two is excited to announce that we are now ISO/IEC 27001 certified.

This milestone reflects how seriously we take security and compliance across our platform, operations, and internal processes. We completed this as a fast follow to our September 17, 2025 SOC 2 Type II compliance milestone, reaching full ISO/IEC 27001 certification just over six months later as part of our commitment to building a mature, enterprise-ready security program.

Learn more at our Trust Center: trust.phasetwo.io.

At Phase Two, we are committed to providing our customers with the most secure and reliable managed Keycloak hosting platform. As part of this commitment, we are excited to announce the release of new security capabilities for Keycloak clusters available through the Phase Two Dash.

Phase Two is excited to share that we have successfully completed a SOC 2 Type II audit. This independently validates that our security and availability controls were not just designed well, but operated effectively over time.

Learn more and request report access at our Trust Center: trust.phasetwo.io.

We are excited to announce that Phase Two has achieved SOC 2 Type 1 compliance! This milestone demonstrates our ongoing commitment to security, availability, and the protection of our customers’ data.

Learn more at trust.phasetwo.io.

As more companies adopt Keycloak for enterprise identity and access management, security is no longer just a back-end concern. One of the most frequent questions we hear at Phase Two is:

"Should I put a Web Application Firewall (WAF) in front of Keycloak?"

The short answer? It depends—but it's a smart question to ask.

In this post, we'll break down what Keycloak provides out of the box, explore common attack vectors (especially around authentication endpoints), and help you evaluate whether you need to add an external firewall or WAF to your deployment.