Download our brief on Wasabi’s System Security
Cloud Storage Security
Wasabi uses only premier tier 4 datacenter facilities for colocating our equipment. Each site is staffed 24/7/365 with onsite security and to protect against unauthorized entry. Each site has security cameras that monitor both the facility premises as well as each area of the datacenter internally. There are biometric readers for access as well as at least two factor authentication to gain access to the building. Each facility is unmarked so as not to draw any additional attention from the outside and adheres to strict local and federal government standards.
Storage Data Security
Wasabi is secure by default and all data stored in the Wasabi cloud is always encrypted at rest (even if the requesting party doesn’t specify encryption). Wasabi follows industry-best security models and security design practices. Examples of Wasabi security features include:
- HTTPS is supported for the secure upload/download of data
- Buckets are only accessible to the bucket and object creators
- Wasabi supports user authentication to control access to data (including support for the AWS IAM model)
- Access control mechanisms such as bucket policies and Access Control Lists (ACLs) can be used to selectively grant permissions to users and groups of users
Credit Card Security
Wasabi hands off credit card processing to Stripe. They power online transactions for thousands of business and SaaS platforms and comply with strict PCI standards in the storage and handling of credit card information.
All communications with Wasabi are transmitted over SSL (HTTPS) for both access to the public website as well as the S3 storage and IAM APIs.
Reporting A Security Vulnerability?
Please email us directly at: email@example.com.
We would like to keep Wasabi safe and secure for everyone. If you have discovered a security vulnerability we would appreciate your help in disclosing it to us in a responsible manner. Publicly disclosing a vulnerability can put the entire Wasabi community at risk. If you have discovered a possible vulnerability we would appreciate you emailing us at firstname.lastname@example.org. We will work with you to assess and understand the scope of the issue and fully address any concerns. Any emails are immediately sent to our support and engineering staff to ensure that issues are addressed rapidly. Any security emails are treated with the highest priority as the safety and security of our service is our primary concern.
We would welcome any questions you have regarding any specific policy that could be made clearer or any general inquiries regarding security. Please send us a note to email@example.com with any feedback or questions you may have.