Infrastructure
SessionStack builds on Google Cloud Platform's compliance with leading standards for information security. Administrative access to our servers and data requires login with Google's two-step authentication.
Compliance, certifications and audits
ISO
ISO-27001 Certification: https://cloud.google.com/files/GCP_ISO_27001_2017.pdf
SOC2 & SOC3
SOC3 third-party audit reports: https://cloud.google.com/files/GCP_SOC3_2017.pdf
Physical Security
SessionStack's production data is processed and stored in state of the art data centers which use multilayer access, alerting and auditing measures, including:
- Perimeter fencing
- Vehicle access barriers
- Custom-designed electronic access cards
- Biometric checks
- Laser beam intrusion detection
- Continuous external and internal security camera surveillance
- 24x7 trained security guards
Servers & Networking
All servers that are running SessionStack are continuously patched Linux systems.
Our web servers use the strongest grade HTTPS security so that requests are protected from eavesdroppers and man-in-the-middle attacks. Our SSL certificates are 2048 bit RSA, signed with SHA 256.
Storage
All persistent data is encrypted at rest using the AES-128 standards or similarly high standards, allowing Google Compute Engine to have successfully completed ISO 27001, SSAE-16, SOC 1, SOC 2, and SOC 3 certifications.
Updated about 5 years ago