Wasabi Trust Center

Security and Data Protection You Can Trust

Explore the hub for our most-accessed security, compliance, and legal resources.

Security

Our approach to security is deep and multi-faceted, designed to protect your data, your storage account, and your business. Visit our security page to learn more, view Wasabi Academy's Knowledge Base articles about compliance and security, or use the information below to find what you need.

Learn More

Compliance & Security Info

How secure is my data?

Wasabi is secure by default and all data stored in Wasabi hot cloud storage is always encrypted at rest (even if the data is already encrypted by the storage application prior to sending it to Wasabi). Wasabi follows industry-best security models and security design practices. Read more

User security best practices

We have compiled recommended security best practices for users of the Wasabi cloud storage service. While it is not an exhaustive list of security measures, it covers the fundamentals that will help ensure the Confidentiality, Integrity, and Availability of your cloud data. Topics covered include encryption, authentication, data replication, immutability, logging, and security policies. Read more

Storage region locations and server physical security

Wasabi storage regions are deployed in fully secure and redundant data centers that are SOC-2 compliant and certified for ISO 27001, and PCI-DSS. Wasabi users have full control over where your data is stored by selecting the region-specific bucket. Read more

PCI/credit card security

Wasabi takes the security of your credit card information very seriously. Wasabi operates in data centers certified for the Payment Card Industry Data Security Standard (PCI-DSS), an important standard for protecting payment information. Read more

Technical and organizational measures

Wasabi implements the technical and organizational measures, designed to secure your stored Content, identified here.

Wasabi operates under a shared responsibility model. This model outlines the security and management responsibilities between Wasabi and its customers. Understanding this model is crucial for maintaining the security, privacy, and integrity of your data in the Wasabi cloud storage regions.

Data Management

Classify, retain, and delete data appropriately.

Identity & Access Management (IAM)

Define user roles and permissions; use IAM policies instead of root credentials.

Multi-Factor Authentication (MFA)

Require a second factor for login to strengthen access security.

Learn more

Multi-User Authentication (MUA)

Require multiple approvals for sensitive actions (e.g., Object Lock changes).

Single Sign - On (SSO)

Connect Wasabi to your enterprise identity provider.

Object Lock (Immutability)

Prevent tampering with Write Once, Read Many (WORM) protection to defend against ransomware.

Covert Copy (Virtual Air-Gapping)

Invisible copies of your data are hidden away to become inaccessible to unauthorized users and remain untouched and secure.

Encryption Options

Client-Side Encryption: Encrypt before upload with your own keys.
SSE-C: Use Wasabi’s server-side encryption with your keys.

Bucket & Object Policies

Define access controls, versioning, and lifecycle rules.

Network Security

Use HTTPS for all transfers, secure API keys, and configure firewalls/VPNs.

Wasabi ensures that the foundation of the storage platform is always secure and reliable.

Automatic FIPS-197 using AES-256 encryption at rest
Designed for 11x9s (99.999999999%) of data durability with redundancy and repair
Secure compute, storage, database, and networking infrastructure
Global data centers with SOC 2 Type II and/or ISO 27001, redundant power, cooling, and 24/7 monitoring
Owned and managed hardware stack (servers, storage, networking)
Compliance with ISO 27001, HIPAA, CJIS, GDPR/UK GDPR controller obligations, and applicable SEC standards

Have questions?

For any additional questions, just send us a message and we'll be happy to assist.

Privacy Inquiries

Compliance & Security Inquiries

Report a Security Incident