To support robust security for our products and services as well as our cloud hosting operations, Picsart employs a variety of programs, processes, policies, and security mechanisms that help secure our internal networks and systems, physical corporate locations and data.
We leverage the philosophy of Principle of Least Privilege in conjunction with Data Classification to ensure data is secured properly and only those who need access have access to data.
Picsart adheres to NIST standards for encryption, utilizing both at-rest and in-transit protection. AES 256 encryption for data at rest TLS 1.2 or higher for transmission, ensuring that data is secured by the highest industry standards.
Our internal network is protected by an enterprise-grade firewall/IDS/IPS system and we utilize network segmentation to keep the network secure. Our network is protected against DDoS attacks, as well as other well-known network attacks. We routinely scan our internal network for vulnerabilities and document remediations. Access to the production environment is restricted to only authorized IP addresses and requires key authentication on all endpoints. Our public addresses are reviewed on a quarterly basis to ensure a secure production environment.
Our security team performs automated and manual application and infrastructure security testing to identify and patch potential security vulnerabilities and bugs on a regular basis. Picsart identifies and mitigates risks via regular network security testing and auditing by both dedicated internal security teams and third-party security specialists.
Picsart engages a third-party to perform annual penetration testing for applications and all critical services. The objective of penetration testing is to find security vulnerabilities following industry standards and best practices (such as OWASP and OSSTMM). Picsart documents and evaluates any vulnerabilities found by the third-party assessor and then creates remediation plans for fixing them.
A formal change management policy has been defined by Picsart’s engineering team to ensure that all changes have been authorized prior to implementation into the production environment. All changes are stored in a version control system and are required to go through automated quality assurance (QA) testing procedures and manual code review to verify that security requirements are met. Successful completion of QA procedures leads to implementation of the change. All QA-approved changes are automatically implemented in the production environment. Our software development lifecycle requires adherence to secure coding guidelines, as well as screening of code changes for potential security issues via our QA and manual review processes.
When a new employee joins Picsart, they complete a mandatory cybersecurity training to bring them up to speed with cybersecurity principles and best practices. We’ve built a custom management learning system to help further educate employees on cybersecurity issues:
Passwords & multi-factor best practices
Attack vectors (e.g., phishing, social engineering, malware)
Device security and how devices should be properly secured and hardened
Digital footprint (e.g., PII and how it can be easily accessed online, social media best practices)
All Picsart employees complete ongoing training related to cybersecurity and emerging threats to ensure they are well trained and informed about protecting against potential security threats.
We use technologies from well-established and trustworthy service providers to prevent DDoS attacks on our servers. These technologies offer multiple DDoS mitigation capabilities to prevent disruptions caused by bad traffic, while allowing good traffic through. This keeps our websites, applications, and APIs highly available and performing.
All Picsart employees undergo a strict offboarding process that ensures access to systems and client data is removed immediately when an employee leaves or is terminated.
We utilize data centers that have been thoroughly vetted and have strict physical security controls (e.g. RFID badges, biometrics, barbed wire fences, video surveillance, motion detection, and access logging) to ensure the data centers are secure. The data centers limit access for entry and utilize the principle of least privilege for access. Additionally, we utilize ISO 27001 and SOC 2 compliant data centers by geographic location whenever available by our data center providers.
All company devices are hardened, adhering to the highest security standards, utilize full-disk encryption, and have MDM software that allows for remote wiping if the device is lost.
Our intrusion detection mechanism takes note of host-based signals on individual devices and network-based signals from monitoring points within our servers. Administrative access, use of privileged commands, and system calls on all servers in our production network are logged. Rules and machine intelligence built on top of this data give security engineers warnings of possible incidents. At the application layer, we have our proprietary WAF which operates on both whitelist and blacklist rules.
Our framework distributes and maintains the cloud space for our customers. Each customer's service data is logically separated from other customers' data using a set of secure protocols in the framework. This ensures that no customer's data becomes accessible to another customer.
The security of customer data is our top priority. With independent third-party assurance, we are committed to protecting both our systems and your data.
Picsart performs an annual SSAE 18 SOC2 audit to ensure third party oversight of our services. SOC2 Type 2 audit report is available upon request.
Picsart proudly maintains ISO 27001 certification, demonstrating our commitment to the highest standards of Information Security.
Learn more about how we protect your data in our Privacy Policy and Security Policy.