The Costello platform is built upon the industry’s most reliable, scalable, and secure cloud computing technologies.

Enterprise-Grade Security

Trust is central to our architectural design. Using industry-standard encryption and processes, along with the principle of least privilege, we ensure the smallest possible attack surface area. Customers authenticate through their self-managed identity providers using SSO and secure exchange protocols, including OAuth 2.0 and HMAC SHA256 hashed web tokens. All data is encrypted at transport and at rest using the latest TLS and AES 256 standards.


  • ISO 27001
  • ISO 27017, Cloud Security
  • ISO 27018, Cloud Privacy
  • Cloud Security Alliance STAR
  • NIST 800-171

Security Starts from Inside the Organization

The majority of security breaches today can be attributed to people as opposed to software. Staff unintentionally – or sometimes intentionally – expose their credentials which can negate many IT security efforts. Costello is proactive in minimizing the risk of these events. All staff members enable 2-factor authentication on their accounts. By adhering to the principle of least privilege, staff only has access to the information required for them to do their jobs, thus reducing the amount of data that could be leaked if a breach were to occur.