Enterprises large and small trust Sauce Labs to provide a secure platform for testing their web and mobile applications. Helping to protect our customers’ data is of the utmost importance to us, as is maintaining customer trust and confidence.
When we provision an operating system and browser, we spin up a new virtual machine (VM) that only runs for the duration of the test. This inlcudes traditional browsers and OS combinations as well as mobile emulators and simulators. VMs are never reused for multiple tests or users, and during a test all data is only recorded to RAM, never to disk. Our strategy of never allowing your data to be written to disk greatly reduces the threat that it could be accessed by unauthorized parties. Spinning up new VMs for every test is the only truly reliable way to ensure your data remains secure and private.
Sauce Connect™ is a proxy server that provides users with a secure way to test apps on mobile emulators and simulators and for cross browser testing. Sauce Connect opens a secure connection between a Sauce Labs virtual machine running your browser tests, and an application, website, or data you want to test that’s on your local machine or behind a corporate firewall. The Sauce Connect secure tunnel allows HTTP traffic to reach your server and communicate commands to the Sauce Cloud. Sauce Connect is not required to run tests with Sauce Labs, but only in situations where the website, application, or data you want to test is not publicly accessible. It is strongly recommended that you work with a network engineer to install Sauce Connect, as network architectures can be complex.
We recommend an enterprise-grade IPsec VPN to encrypt traffic between your firewall and your hosted, private real device cloud. The VPN is configured by you, giving you complete control over who has access and what ports are available. Our technical experts can help you configure your VPN to simplify setup.
The Sauce Labs Global Security Framework (GSF) establishes an information security management system (ISMS) for managing the security of information assets critical to our business and that of our customers. We leverage the suite of information security controls found within the Industry Standards Organization ISO/IEC 27001:2013 and ISO/IEC 27002:2013 standards as its initial foundation and overall management system. It includes people, processes, and IT systems by applying a risk management process. And, we incorporate applicable controls from the Cloud Security Alliance’s Cloud Controls Matrix v.3.0.1 (6-16-2016 update . This catalog of cloud security control objectives is the world’s most widely used cloud security standard.
Thoroughly Cleaned Devices
Mobile devices are cleaned using a proprietary cleaning script to remove any data / settings and restore them to a consistent starting configuration. Currently, we offer both manual and automated testing on iOS and Android mobile devices in both public and private clouds. This allows our users the greatest flexibility to test on devices that meet their security requirements. Dedicated private real devices provide the highest level of testing security. Since these devices are never shared outside your organization, you are in complete control of the apps, data and configurations