JobScheduler provides a lot of possibilities to secure the access via JOC.
The simpliest form ist to configure JobScheduler with different security settings for different server (see JOC with restricted permissions and How to determine the allowed hosts for a JobScheduler installation for details).
Since JobScheduler has implemented the jetty webserver it is possible to use different security settings based on the user logged in (see user authentication with jetty for details).
Last but not least a lot of customers runs JOC behind an Apache Proxy.