This follows our achieving the CSA STAR Level 1 in February 2022
At BrowserStack, our focus has always been on maintaining exceedingly high security and compliance standards. We’ve gone a step further by achieving a STAR Level 2 attestation from Cloud Security Alliance (CSA), a global not-for-profit defining standards and best practices to ensure a secure cloud environment. We had already achieved the Security, Trust, Assurance, and Risk (STAR) Level 1 certification in February this year.
CSA’s STAR Registry is a publicly accessible registry that documents the security and privacy controls provided by popular cloud computing offerings. With the CSA STAR Level 2 Attestation, we are the first of the cloud testing platforms to join a short list of approximately 30 companies globally, that include AWS, Google, Microsoft, and Oracle. We had to pass more than 100+ stringent controls to secure this certification.
Why is this important?
It is because security lapses can be a costly affair. As businesses and governments increase spending toward digitalisation and digitization, ensuring a secure cloud environment becomes paramount. According to McKinsey & Company, costs related to cybercrime are rising 15 percent annually and are projected to reach USD 10.5 trillion a year by 2025.
Which is also where our longstanding focus on security and privacy come in. BrowserStack is SOC2 Type 2 and GDPR compliant along with a default HTTPS implementation. What that means is:
- Our SOC2 Type 2 compliance covers both our data centers and our platform (which our competitors lack)
- Our SOC2 compliance also ensures that yours and your organization’s privacy is protected. Our SOC2 compliance extends to all the products we provide. And we’re audited, annually.
- Our GDPR compliance covers all your account-related information and customer content.
- Our default HTTPS implementation means that every time you communicate with BrowserStack, you will be redirected through a secure connection using HTTPS.
Devices are offered in pristine condition
We always offer our devices in a pristine condition - after every session, the devices undergo a thorough clean up process where apps installed, temporary file caches, browsing history, cookies, passwords, testing logs, and downloads are erased. Moreover, our data centers are hosted in secure locations with stringent access controls. Access is restricted to select authorized personnel, and that too only for maintenance and upkeep.
We do NOT monetize your data
We do not sell customer data or provide third-parties access to production systems. Confidential, customer-related data is not stored on our network nor do BrowserStack employees or administrators have access to the data being tested except for administrative, investigative, or debugging purposes. For good measure, customer data is encrypted at rest using AES 256 encryption, and with HTTPS (TLS 1.2 and greater) during transit.
Read more about BrowserStack’s security practices on our website.