Mimestream is CASA verified
Mimestream strives to provide users with the best possible integration with Gmail, while maintaining a private and secure email experience.
Therefore, we’re excited to share that we’ve successfully completed the Cloud Application Security Assessment (CASA), satisfying all Tier 2 requirements. This assessment was conducted by TAC Security, an independent security lab authorized by the App Defense Alliance that we selected and paid for this assessment.
What is the CASA?
The Cloud Application Security Assessment (CASA) is an industry-standard security assessment framework developed by the App Defense Alliance and backed by Google. CASA addresses security challenges at the application layer, building upon the industry-recognized OWASP Application Security Verification Standard (ASVS), and provides a consistent set of requirements to strengthen application security. In addition to meeting a stringent set of organizational process requirements, a code security scan and threat audit were conducted by the lab.
Why did Mimestream get this verification?
Many of the Google APIs that Mimestream uses, like the Gmail API, are a Restricted Scope and require verification from Google in order to use them. In the past, third party audits were only required for cloud-based applications, but this year Google began extending this requirement to Mimestream (a non-cloud, traditional desktop client) as well.
What does this mean for Mimestream?
Mimestream has always used the Gmail API to deliver features that IMAP-based clients can’t, without the use of an intermediary cloud sync service. By being a non-cloud, client-side app that keeps your data on your device, many potential security problems can be inherently avoided.
Completing the CASA means that Mimestream has met stringent security standards for the handling of your private data on your device. Although security and privacy were always a top priority for Mimestream, we found and implemented several ideas for additional security hardening during the assessment process, reinforcing our commitment to maintaining a secure environment for your email and data.
Will there be ongoing security assessments in the future?
Yes – in order to continue to have access to the Google APIs, Mimestream will need to repeat the CASA on an annual basis to meet Google’s requirements. This means that we’ll have to engage with and pay a certified third-party security lab to repeat the assessment every year.
Your trust in Mimestream is our priority, and we hope that completing the CASA is a testament to our dedication to keeping your information safe.