Surfshark server infrastructure undergoes an independent audit

A good VPN service relies in large part on robust and secure server infrastructure. For Surfshark, you don’t have to take our word for it: our servers have just passed an independent infrastructure audit. Carried out by Germany-based Cure53, the extensive research did not detect any serious issues.

The server infrastructure audit – a rarity in the VPN world – was part of an evaluation that also included a broader security assessment. In the end, Cure53 produced a report stating that Surfshark’s server network relies on good defaults and that the company engineers really demonstrated their dedication and skill in the configuration of constructs and cipher-suites. 

This was the second time Cure53 ran an audit on Surfshark. “Having a secure network of thousands of servers is a big responsibility, so we needed to have an independent expert opinion on how we’re doing. We made sure to quickly react to all the recommendations so today we can be even more confident of delivering on the security our customers expect,” says Chief Executive Officer of Surfshark Vytautas Kaziukonis. 

As for the uncovered security issues, they were general rather than specific flaws, all of which were fixed by the time I was writing these words, with Cure53 judging the fixes to be appropriate to the problems. 

Cure53 is a German cybersecurity firm founded by Dr. Mario Heiderich. It has almost a decade of experience in the field, including an audit of a South Korean parental monitoring mobile app. The audit uncovered security issues big enough for the SK government to withdraw support for the app. Cure53 previously audited Surfshark in 2018

Read a summary of the Cure53 report here.