Infrastructure

SessionStack builds on Google Cloud Platform's compliance with leading standards for information security. Administrative access to our servers and data requires login with Google's two-step authentication.

Compliance, certifications and audits

ISO

ISO-27001 Certification: https://cloud.google.com/files/GCP_ISO_27001_2017.pdf

SOC2 & SOC3

SOC3 third-party audit reports: https://cloud.google.com/files/GCP_SOC3_2017.pdf

Physical Security

SessionStack's production data is processed and stored in state of the art data centers which use multilayer access, alerting and auditing measures, including:

  • Perimeter fencing
  • Vehicle access barriers
  • Custom-designed electronic access cards
  • Biometric checks
  • Laser beam intrusion detection
  • Continuous external and internal security camera surveillance
  • 24x7 trained security guards

Servers & Networking

All servers that are running SessionStack are continuously patched Linux systems.

Our web servers use the strongest grade HTTPS security so that requests are protected from eavesdroppers and man-in-the-middle attacks. Our SSL certificates are 2048 bit RSA, signed with SHA 256.

Storage

All persistent data is encrypted at rest using the AES-128 standards or similarly high standards, allowing Google Compute Engine to have successfully completed ISO 27001, SSAE-16, SOC 1, SOC 2, and SOC 3 certifications.


What’s Next