Scribd Logo
Upload

Welcome to Scribd!

  • Spotify: Cloud Confidence Index

    Uploaded by

    pritish kene
    45 views5 pages
    Spotify is a commercial music streaming service headquartered in Stockholm, Sweden. It allows users to browse, search, and play music as well as create, share, and edit playlists. Spotify encrypts data in transit but does not provide details on other security and compliance certifications. It has experienced data breaches through credential stuffing attacks and hacks within the past year.

    Original Description:

    Original Title

    ns_cci_app_50856

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    Spotify is a commercial music streaming service headquartered in Stockholm, Sweden. It allows users to browse, search, and play music as well as create, share, and edit playlists. Spotify encrypts data in transit but does not provide details on other security and compliance certifications. It has experienced data breaches through credential stuffing attacks and hacks within the past year.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    45 views5 pages

    Spotify: Cloud Confidence Index

    Uploaded by

    pritish kene
    Spotify is a commercial music streaming service headquartered in Stockholm, Sweden. It allows users to browse, search, and play music as well as create, share, and edit playlists. Spotify encrypts data in transit but does not provide details on other security and compliance certifications. It has experienced data breaches through credential stuffing attacks and hacks within the past year.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    of 5

    Cloud Confidence Index

    43
    Spotify
    Consumer, Unsanctioned
    Cloud Confidence
    App Category: Streaming & Downloadable Audio
    Location of Headquarters: Stockholm, Sweden
    spotify.com

    Users: 1 Sessions: 0 Bytes Downloaded: 0 Bytes Uploaded: 0

    Date Range: 06/23/2021 UTC to 07/23/2021 UTC

    Business Risk

    DUNS #

    Activities

    Summary
    Spotify is a commercial music streaming service that provides restricted digital content from a range of record labels and artists. Users
    can browse through the interface by artist, album, genre, playlist, record label, and direct searches. It also enables individuals to create,
    share, and edit playlists with other users.

    Similar Apps by Sessions Top Users by Sessions

    N/A 0 wiley@uberknowledge.com 0.00

    Pricing Plan

    # of Users: 1 Cost / User / Month: $13 Estimated Cost: $13

    07/23/2021 Spotify
    Cloud Confidence Index

    Certifications and Standards

    What compliance certifications does the app have?


    No published support
    HIPAA, PCIDSS, SP800-53/FedRAMP, GAPP, COBIT, TrustArc, Privacy Shield, PrivacyMark (Japan), Under Research

    To what data center standards does the app adhere?


    No published support
    SOC-1, SOC-2, SOC-3, SAS70/SSAE 16/SSAE 18, ISO27001, ISO/IEC 27018, Cyber Essentials/ Cyber Essentials Plus (UK), C5 (Germany),
    Under Research

    Data Protection

    Does the app allow data classification (e.g., public, confidential, proprietary)?
    No published support
    Yes, Under Research, Not Applicable

    If yes, does the app allow admins to take action on classified data (e.g., encrypt, control access)?
    No published support
    Yes, Under Research, Not Applicable

    Does the app encrypt data-at-rest?


    No published support
    RSA, DES, BitLocker, Blowfish, AES, Yes. Algorithm under research, Under Research

    Does the app encrypt data-in-transit?


    Yes

    Does the app increase the risk of data exposure by supporting weak cipher suites?
    No

    Does the app increase the risk of data exposure by supporting weak signature algorithm or key size ?
    Does not support weak Algorithm
    SHA1 with RSA/1024 Bits, SHA1 with RSA/2048 Bits, SHA1 with RSA/4096 Bits, Under Research

    Does the app allow customer-managed encryption keys?


    No published support
    Yes, Under Research, Not Applicable

    Data segregated by tenant


    No published support
    Yes, Under Research, Not Applicable

    Which HTTP security headers does the app use?


    Content Security Policy, HTTP Strict Transport Security, X-Content-Type-Options, X-Frame-Options
    XSS-Protection, Not supported by vendor, Under Research

    Does the app vendor use a Sender Policy Framework to protect customers from spam and phishing emails?

    07/23/2021 Spotify
    Cloud Confidence Index

    Yes

    Does the app enable file sharing?


    Yes

    File Sharing Capacity


    Greater than 10GB
    Less than 5GB, 5GB to 10GB, No published support, Under Research, Not Applicable

    Does the app allow anonymous sharing of data?


    Under Research
    Yes, No, Not Applicable

    Does the app allow signup without a credit card?


    Yes

    The list of platforms through which the app traffic can be proxied:
    Under Research

    Access Control

    Does the app support role-based authorization?


    User-role based access
    No published support, Under Research, Not Applicable

    Does the app enforce authorization policies on user activities?


    Yes

    Does the app support access control by IP address or range?


    No published support
    Yes, Under Research, Not Applicable

    Does the app enforce password best practices as policy?


    No published support
    Yes, Under Research

    SSO/AD hooks
    OAuth, Facebook, Google Sign-in
    SAML, OpenID, Twitter, AD/LDAP, Linkedin, No published support, Under Research

    Does the app support multi-factor authentication?


    No published support
    Supports 2-factor/multi-factor authentication, Under Research

    Does the app support the following device types?


    iOS Device, Android, Windows Mobile, Blackberry, Windows Desktop, Browser, Mac
    No published support, Under Research

    07/23/2021 Spotify
    Cloud Confidence Index

    Auditability

    Does the app provide admin audit logs?


    No published support
    Yes, Under Research, Not Applicable

    Does the app provide user audit logs?


    No published support
    Yes, Under Research, Not Applicable

    Does the app provide data access audit logs?


    No published support
    Yes, Under Research, Not Applicable

    Disaster Recovery and Business Continuity

    Does the app vendor provide infrastructure status reports?


    Yes

    Does the app vendor provide notifications to customers about upgrades and changes (e.g., scheduled maintenance, new releases,
    software/hardware changes)?
    Yes

    Does the app vendor back up customer data in a separate location from the main data center?
    Yes

    Does the application vendor utilize geographically dispersed data centers to serve customers?
    Yes

    Does the app vendor provide disaster recovery services?


    Yes

    Which infrastructure or hosting provider is the app hosted on?


    Google Cloud Platform

    Legal and Privacy - Legal

    Who owns the data/content uploaded to the application site? Does the customer own the data or does the application vendor own the data?
    Customer owns the data
    No published support, Under Research

    Is the customer data available for download upon cancellation of service?


    Available immediately
    Not supported by vendor, Under Research

    Is all customer data erased upon cancellation of service? If so, when?


    Later than a month

    07/23/2021 Spotify
    Cloud Confidence Index

    Within a week, Within a month, Never, Under Research

    From which countries does this app serve data?


    United States

    Legal and Privacy - Privacy: Mobile

    Does this application access contacts, calendar data and messages?


    Under Research
    Yes, No

    Does this application access other apps on the device?


    Under Research
    Yes, No

    Does this application perform system operations?


    Under Research
    Yes, No

    Legal and Privacy - Privacy: Browser

    Does this app share users' personal information (e.g., name, email, address) with third parties?
    Yes

    Does this application use third-party cookies?


    Yes

    Vulnerabilities and Exploits

    Vulnerabilities & Exploits


    None
    Heartbleed, OpenSSL CCS Injection, POODLE SSL v3 fallback, FREAK, Logjam, DROWN, Cloudbleed

    Has this application been recently breached (in the past year)?
    Yes
    Spotify Hacked, 02/05/21, Source(s): Digital Music News
    Credential stuffing attacks, 11/24/20, Source(s): welivesecurity

    This value is a significant factor which adversely affects the overall score for this application

    07/23/2021 Spotify
    Powered by TCPDF (www.tcpdf.org)

    You might also like