​​Promoting Security in Cloud-Based Test Automation

Today is World Cloud Security Day, an important reminder to consider the data management and protection needs that come with the shift to cloud-based test automation. Though cloud computing helps QA teams overcome serious obstacles to expanding their automated testing strategy with richer results, faster execution times, and parallelization, those improvements aren’t worth compromising your organization’s security posture. Given the ever-growing number of test automation tools available, QA leaders need to evaluate how test automation partners protect their cloud infrastructure and how automated testing tools can empower their teams to promote secure user experiences. 

At mabl, we believe that strong cloud security should be the default. Whether it’s constantly working to audit and improve our own security measures across the company, or continuously introducing new features that allow your team to promote data privacy in your software testing strategy, we’re always working to be a more secure test automation partner for your team. 

Announcing General Availability for MFA Login Support

Originally introduced as part of our annual hackathon, mabl’s support for MultiFactor Authentication logins is now in general availability for all customers and trial users! This feature helps software development organizations meet the demand for seamless, more secure customer experiences by incorporating MFA testing into their existing automated testing strategy. 

Automating tests for MFA logins is usually a difficult process since MFA is designed to thwart bots. Support for MFA logins in mabl now means that anyone - regardless of coding experience - can easily create automated tests that ensure quality across customer journeys that include MFA workflows with just a few simple steps. It also means no more hard choices about reducing application security to enable automated testing, such as removing MFA or adding login backdoors for test automation users. This allows QA teams to automate testing across an even greater range of the customer experience, improving test coverage and ensuring their users have a great experience every time they login. 

Building A Security-Focused Test Automation Platform

In addition to MFA login support, mabl’s unified test automation platform includes a plethora of security-related features that ensure you don’t have to reduce the security of your application in order to test it. From our beginnings in 2017 (yours truly included with nearly 7 years of mabl tenure), we have strategically invested in capabilities that empower your team to test securely and to test important security features. 

One of these core capabilities is mabl Link, which establishes a secure tunnel between the mabl cloud and your private network. This means your applications can always remain private and secure. Mabl Link establishes a secure outgoing (egress) connection from your network to the mabl cloud using our Link Agent. There is typically no need to change your firewall rules since many firewalls are already configured to allow for most outgoing connections, but you can allowlist our static IPs if you like. Once the tunnel has been established, mabl can securely access and run tests against hosts on your private network. This allows your team to leverage mabl’s unified test automation platform and comply with your organization’s security requirements, no matter how stringent. 

Once you’re ready to start running automated tests, you have the option of using mabl credentials as variables to reduce the risk of exposing sensitive information. These variables can be used as part of local and cloud-based browser tests, depending on the credential type, and are typically used to validate login flows. The values of mabl credentials are encrypted with a customer-specific encryption key before being stored in mabl, so customers can be confident that their data is protected.

Cloud credentials in mabl are a strong option for security and privacy-minded testing teams. Cloud credentials consist of a username and password; once saved, the username and password may be updated, but passwords can never be retrieved. Teams also have the option to use cloud credentials with MFA, which consist of a username, password, and MFA authenticator secret code. Mabl users can update the username, password, and secret code, but they cannot retrieve an existing password or secret code once it has been saved, reducing the risk of password exposure

Auditing and Improving Security Practices at mabl 

SOC 2, more formally known as Service Organization Control 2, is a set of standards that require solution providers to audit and continuously track how they manage data security, availability, processing integrity, confidentiality, and privacy. Established by the American Institute of CPAs, SOC 2 is designed specifically for organizations that handle customer data in cloud environments. As one of the industry’s most widely recognized and respected data security management standards, SOC 2 compliance helps ensure that mabl handles customer data in the most secure, transparent, and accountable manner possible.

Mabl has been SOC 2 compliant since 2021, having started down the certification path in only our second year as a company, and has continued to update our security practices in accordance with evolving standards. This means you don’t just have to take our word when it comes to protecting your data, you ask the experts at the American Institute of CPAs and know that external auditors have reviewed our compliance with this standard.

We also collaborate with third-party security experts through annual penetration testing, which brings in fresh perspectives that further strengthen mabl’s security posture. As soon as one of our white hat partners identifies an issue, we take prompt action to resolve it as quickly as possible.

A Modern Approach to Software Quality Demands Security

Cloud-based test automation has unleashed unprecedented levels of performance, insight, and speed. But those benefits come with increased security risks, and both consumers and companies are raising their standards for data privacy and protection. As a cloud-native test automation solution, mabl continuously works to maintain a strong security posture that allows your team to meet your testing goals and follow security policies.