Security Philosophy at Outbrain
- Understanding the importance of security, Outbrain is dedicated to maintaining the integrity and protection of our services. We tailor our security controls to safeguard the data you trust us with, dynamically adapting to the varying degrees of sensitivity and the ever-evolving landscape of technological innovation.
- At Outbrain, we recognize the paramountcy of trust and security for you and your enterprise. We are wholeheartedly committed to upholding and defending these values.
- Consistent with our security ethos, robust controls, practices, and procedures are entrenched throughout our organization, underpinning our infrastructure and our service offerings.
- The Outbrain Information Security team is composed of seasoned professionals, each bringing extensive and pertinent expertise in various domains of cybersecurity, which includes—but is not limited to—security architecture, secure coding, privacy standards, and compliance with regulations. Our team's credentials boast of certifications such as CISSP, CISA, CRISC, C|CISO, and CCSK.
Principles of Secure Development
- Outbrain prides itself on being an agile entity, constructing a software development methodology that responds nimbly to competitive market demands and changes.
- All new recruits are equipped with training in Secure Software Development Life Cycle (SSDLC) to ensure that security is embedded from the ground up.
- In our pursuit of innovation, each new product journey begins with a meticulous review to embed Security by Design (SbD) and Privacy by Design (PbD) principles during the design phase itself.
- Our systems are rigorously assessed to identify and fortify against known vulnerabilities, such as those outlined by the OWASP top 10.
- Regular security audits are run across our core systems and infrastructure, utilizing both automated tools and, where necessary, exploratory examinations by third-party experts.
- Contributions from the security research community are invaluable. Thus, Outbrain operates a Security 'Bug Bounty' Program, welcoming vulnerability reports through our bug bounty portal.
Encryption Standards
- In our handling of sensitive information, encryption is a cornerstone, assisting Outbrain's compliance with legal and contractual requirements.
- Our deployment of cryptographic solutions adheres strictly to industry best practices, under the auspices of our security team.
- Outbrain champions secure browsing with HTTPS and ensures the encryption of metadata related to the Outbrain widget (e.g., links, clicks).
Access Control
- Entrance to our production environment is stringently controlled, limited solely to personnel with express authorization.
- Such authorized staff must authenticate through a unique user ID, password, and a two-factor authentication mechanism, prior to establishing a secure VPN connection.
- To augment security across various information systems, Outbrain employees utilize a Single-Sign-On (SSO) service.
Service Availability and Continuity
- Our commitment to delivering a service that is both consistently available and dependable is unwavering.
- Outbrain's infrastructure is designed for resilience, capable of withstanding individual component failures or even entire data center emergencies.
- Proactive disaster recovery protocols are in place, backed by a team ready to address and resolve unexpected incidents at a moment’s notice.
- With advanced monitoring systems in place, we aim to anticipate and preemptively address potential service disruptions, ensuring seamless operations.
- The core of Outbrain's operational excellence is its multiple 'Tier-3, SOC 2' compliant data centers, strategically located for optimal performance and safety, with perpetual data replication.
Continuous Monitoring and Adherence to Best Practices at Outbrain
- Outbrain’s philosophy of proactive security is driven by continuous monitoring and adherence to esteemed industry benchmarks and frameworks. We leverage Continuous Integration (CI) systems, MITRE ATT&CK framework, and other relevant guidelines to ensure a vigilant security posture designed to detect and respond to threats in real-time.
ISO/IEC 27001 Certification
- The ISO 27000 series presents a blueprint for organizations to ensure information asset security.
- ISO/IEC 27001, a pivotal standard within this series, guides the creation and maintenance of an Information Security Management System (ISMS). Outbrain’s commitment to ISO/IEC 27001 enables us to:
- Rigorously protect our assets, including financial records, intellectual property, and personal information entrusted by third parties;
- Instill greater confidence in our risk management and information control strategies among customers and stakeholders;
- Harmonize with broader standards and regulatory frameworks; and
- Uphold our legal responsibilities towards our customers, especially concerning privacy.
ISO/IEC 27001 certification is a testament to Outbrain’s unwavering dedication to security, heightened product quality, and the deep trust we aim to foster with our clients.