It’s October and at Quickbase World Headquarters in Boston, that means two things: cozy sweaters and the start of National Cybersecurity Awareness Month. Since it began twenty years ago, this month has become more important as we all rely on the cloud to store our data and to run our businesses. We have also seen more frequent and more severe data breaches put companies’ reputations on the line. That’s why we’re proud to announce that Quickbase has achieved STAR Level Two Attestation for the Cloud Security Alliance (CSA) Security, Trust & Assurance Registry. This means that an independent assessment has been performed to validate Quickbase’s data security posture.
Trust at Quickbase
Many companies waste time every day with the manual work that’s done in ad-hoc solutions to make do and get by when their technology doesn't work for them. And that’s why some of the world’s largest companies rely on Quickbase to remove this “Gray Work”. This allows them to see, connect, and control their most complex projects and processes so they can stay on time and on budget. These business-critical processes involve some of the most sensitive types of data imaginable. Quickbase has a proven track record spanning more than twenty years protecting customer data. Today we host hundreds of thousands of apps, with terabytes of data and millions of users, all created by business builders.
Our cybersecurity mission is to embed best practices into everything we do, in every part of our company; to align our processes and controls with industry standards to ensure consistency and quality; and to be transparent with our customers as we continue to learn from them. The trust framework at Quickbase includes data security, user privacy, platform availability, as well as compliance. The Level Two Attestation from the Cloud Security Alliance validates Quickbase’s excellence in data security.
How Quickbase Helps You Secure Your Data
There are three ways Quickbase helps you keep your data safe: through our platform capabilities, through our operational security, and through process-based security. Additionally, we empower our customers with industry-leading governance controls so they can configure their account in a way that meets their individual needs.
The Quickbase platform itself is designed with data security at its core. For example, we logically segregate customer data by realm and by app. And customers control who can access their accounts and the apps within them. Quickbase protects data at rest using envelope encryption with AES-256 encryption keys. And data in transit is encrypted via TLS (v1.2 or higher).
Our platform operations also protect customer data. The only Quickbase staff with administrative access to our infrastructure are the members of our small operations team, and all Quickbase staff are bound by NDAs and acceptable use policies which forbid unauthorized access to customer data. Extensive logging of all aspects of the Quickbase platform are tracked and stored for six months.
Quickbase’s internal processes are designed to keep your data secure as well. We use a number of tools to detect security vulnerabilities, like static code analysis and dynamic web application scans.
Third-Party Validation
Independent, third-party validation adds a crucial layer of trust where sensitive business data is involved. That’s why such validation has become the gold standard for data security in the cloud.
Quickbase has achieved third-party validation for excellence in data security for many years. Each year, we work with an external firm to evaluate the entire platform. We provide annual SOC 1 and SOC 2 reports which contain more detailed information about all the security activities mentioned in this article. These reports are available by request to any current or prospective customers. You can reach out to your Quickbase account team if you’re interested in a copy.
We have also earned an A ranking on SecurityScorecard, rating us as #1 across all industries for our security posture. And now we’re proud to announce that we have expanded our third-party validation with the Level Two Attestation on the CSA’s Security, Trust, & Assurance Registry.
The CSA Security, Trust, & Assurance Registry (STAR)
Quickbase has achieved Level Two attestation in the STAR registry. This means that an independent assessment validated that Quickbase conforms to the security controls and principles of the Cloud Controls Matrix. This is just one way we stay on top of security best practices.
Now for some technical details:
CSA STAR is a free, publicly accessible registry in which cloud service providers can publish their CSA-related assessments. Attestation means that Quickbase conforms to the applicable requirements of SOC 2 Type II and addresses issues critical to cloud security as outlined in the Cloud Controls Matrix (CCM). The STAR attestation provides for rigorous third-party independent assessments of cloud providers.
The STAR program provides multiple benefits, including indications of best practices and validation of the security posture of cloud offerings. It consists of three levels of assurance (self-assessment, third-party certification, and continuous auditing), based upon the CSA Cloud Controls Matrix.
Shared Responsibility
Quickbase is committed to maintaining best-in-class security. However, as all IT leaders know well, security is a responsibility shared between the cloud vendor and the customer. Customers have responsibilities around the security of their Quickbase instance. Customers must understand what data they intend to collect and store in their Quickbase apps, and ensure that legal, security, and compliance requirements are addressed accordingly. They also must ensure that security is addressed in the development, implementation, and maintenance of the Quickbase apps they develop, including but not limited to ensuring that apps are shared with only those who are authorized to access them. And while customers configure their apps in a way that meets their needs and policies, Quickbase provides a secure platform for designing and governing applications and pipelines.
Reporting a Security Concern
Quickbase encourages customers and public researchers alike to report known or suspected security concerns to Quickbase. Learn more about this process by visiting the Reporting a Vulnerability page.
Learn More
