Scribd
Upload
147 views5 pages

Spotify: Cloud Confidence Index

Spotify is a commercial music streaming service headquartered in Stockholm, Sweden. It allows users to browse, search, and play music as well as create, share, and edit playlists. Spotify encrypts data in transit but does not provide details on other security and compliance certifications. It has experienced data breaches through credential stuffing attacks and hacks within the past year.

Uploaded by

pritish kene
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
147 views5 pages

Spotify: Cloud Confidence Index

Spotify is a commercial music streaming service headquartered in Stockholm, Sweden. It allows users to browse, search, and play music as well as create, share, and edit playlists. Spotify encrypts data in transit but does not provide details on other security and compliance certifications. It has experienced data breaches through credential stuffing attacks and hacks within the past year.

Uploaded by

pritish kene
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 5

Cloud Confidence Index

43
Spotify
Consumer, Unsanctioned
Cloud Confidence
App Category: Streaming & Downloadable Audio
Location of Headquarters: Stockholm, Sweden
spotify.com

Users: 1 Sessions: 0 Bytes Downloaded: 0 Bytes Uploaded: 0

Date Range: 06/23/2021 UTC to 07/23/2021 UTC

Business Risk

DUNS #

Activities

Summary
Spotify is a commercial music streaming service that provides restricted digital content from a range of record labels and artists. Users
can browse through the interface by artist, album, genre, playlist, record label, and direct searches. It also enables individuals to create,
share, and edit playlists with other users.

Similar Apps by Sessions Top Users by Sessions

N/A 0 [email protected] 0.00

Pricing Plan

# of Users: 1 Cost / User / Month: $13 Estimated Cost: $13

07/23/2021 Spotify
Cloud Confidence Index

Certifications and Standards

What compliance certifications does the app have?


No published support
HIPAA, PCIDSS, SP800-53/FedRAMP, GAPP, COBIT, TrustArc, Privacy Shield, PrivacyMark (Japan), Under Research

To what data center standards does the app adhere?


No published support
SOC-1, SOC-2, SOC-3, SAS70/SSAE 16/SSAE 18, ISO27001, ISO/IEC 27018, Cyber Essentials/ Cyber Essentials Plus (UK), C5 (Germany),
Under Research

Data Protection

Does the app allow data classification (e.g., public, confidential, proprietary)?
No published support
Yes, Under Research, Not Applicable

If yes, does the app allow admins to take action on classified data (e.g., encrypt, control access)?
No published support
Yes, Under Research, Not Applicable

Does the app encrypt data-at-rest?


No published support
RSA, DES, BitLocker, Blowfish, AES, Yes. Algorithm under research, Under Research

Does the app encrypt data-in-transit?


Yes

Does the app increase the risk of data exposure by supporting weak cipher suites?
No

Does the app increase the risk of data exposure by supporting weak signature algorithm or key size ?
Does not support weak Algorithm
SHA1 with RSA/1024 Bits, SHA1 with RSA/2048 Bits, SHA1 with RSA/4096 Bits, Under Research

Does the app allow customer-managed encryption keys?


No published support
Yes, Under Research, Not Applicable

Data segregated by tenant


No published support
Yes, Under Research, Not Applicable

Which HTTP security headers does the app use?


Content Security Policy, HTTP Strict Transport Security, X-Content-Type-Options, X-Frame-Options
XSS-Protection, Not supported by vendor, Under Research

Does the app vendor use a Sender Policy Framework to protect customers from spam and phishing emails?

07/23/2021 Spotify
Cloud Confidence Index

Yes

Does the app enable file sharing?


Yes

File Sharing Capacity


Greater than 10GB
Less than 5GB, 5GB to 10GB, No published support, Under Research, Not Applicable

Does the app allow anonymous sharing of data?


Under Research
Yes, No, Not Applicable

Does the app allow signup without a credit card?


Yes

The list of platforms through which the app traffic can be proxied:
Under Research

Access Control

Does the app support role-based authorization?


User-role based access
No published support, Under Research, Not Applicable

Does the app enforce authorization policies on user activities?


Yes

Does the app support access control by IP address or range?


No published support
Yes, Under Research, Not Applicable

Does the app enforce password best practices as policy?


No published support
Yes, Under Research

SSO/AD hooks
OAuth, Facebook, Google Sign-in
SAML, OpenID, Twitter, AD/LDAP, Linkedin, No published support, Under Research

Does the app support multi-factor authentication?


No published support
Supports 2-factor/multi-factor authentication, Under Research

Does the app support the following device types?


iOS Device, Android, Windows Mobile, Blackberry, Windows Desktop, Browser, Mac
No published support, Under Research

07/23/2021 Spotify
Cloud Confidence Index

Auditability

Does the app provide admin audit logs?


No published support
Yes, Under Research, Not Applicable

Does the app provide user audit logs?


No published support
Yes, Under Research, Not Applicable

Does the app provide data access audit logs?


No published support
Yes, Under Research, Not Applicable

Disaster Recovery and Business Continuity

Does the app vendor provide infrastructure status reports?


Yes

Does the app vendor provide notifications to customers about upgrades and changes (e.g., scheduled maintenance, new releases,
software/hardware changes)?
Yes

Does the app vendor back up customer data in a separate location from the main data center?
Yes

Does the application vendor utilize geographically dispersed data centers to serve customers?
Yes

Does the app vendor provide disaster recovery services?


Yes

Which infrastructure or hosting provider is the app hosted on?


Google Cloud Platform

Legal and Privacy - Legal

Who owns the data/content uploaded to the application site? Does the customer own the data or does the application vendor own the data?
Customer owns the data
No published support, Under Research

Is the customer data available for download upon cancellation of service?


Available immediately
Not supported by vendor, Under Research

Is all customer data erased upon cancellation of service? If so, when?


Later than a month

07/23/2021 Spotify
Cloud Confidence Index

Within a week, Within a month, Never, Under Research

From which countries does this app serve data?


United States

Legal and Privacy - Privacy: Mobile

Does this application access contacts, calendar data and messages?


Under Research
Yes, No

Does this application access other apps on the device?


Under Research
Yes, No

Does this application perform system operations?


Under Research
Yes, No

Legal and Privacy - Privacy: Browser

Does this app share users' personal information (e.g., name, email, address) with third parties?
Yes

Does this application use third-party cookies?


Yes

Vulnerabilities and Exploits

Vulnerabilities & Exploits


None
Heartbleed, OpenSSL CCS Injection, POODLE SSL v3 fallback, FREAK, Logjam, DROWN, Cloudbleed

Has this application been recently breached (in the past year)?
Yes
Spotify Hacked, 02/05/21, Source(s): Digital Music News
Credential stuffing attacks, 11/24/20, Source(s): welivesecurity

This value is a significant factor which adversely affects the overall score for this application

07/23/2021 Spotify
Powered by TCPDF (www.tcpdf.org)

You might also like