Security
and compliance​

RealVNC Connect is built from the ground up with security in mind, affording you the flexibility and access you need while providing the controls and privacy required by regulations.

Security and Compliance

Our fundamental security principles

secure

You don't have to trust RealVNC as a company to trust our software and services

We do not record your sessions, and data cannot be decrypted now or in the future

multi-platform

Every connection is treated as though it is made in a hostile environment

collaboration

The owner of the remote computer ultimately decides who is able to connect

  • STANDARDS AND COMPLIANCE
  • DATA PRIVACY
  • SECURE INFRASTRUCTURE
  • 24X7 SECURITY OPERATIONS CENTER (SOC)

Standards and Compliance 

RealVNC’s remote access solution is designed to meet and assist with a broad range of industry and government standards and regulations.

We are certified to ISO/IEC 27001:2013 and Cyber Essentials and comply with GDPR, and CCPA, ensuring adherence to stringent data protection and privacy guidelines. Additionally, RealVNC supports your compliance with HIPAA and PCI-DSS

Standards and Compliance

Data Privacy

RealVNC does not process, store, or have any access to any data accessed during a remote session.

Data Privacy

Secure Infrastructure

The RealVNC Connect services run on RealVNC owned and managed servers and network equipment.

We do not use public Cloud services (such as AWS or Azure) for the RealVNC authentication and cloud connection brokering services. No third-party provider has access to the RealVNC infrastructure.  

Secure Infrastructure

24x7 Security Operations Center (SOC)

We have a 24×7 Security Operations Center that monitors for cyber security events across our infrastructure and investigates and, where needed, mitigates them.
Global threat intelligence provides detailed information on attacker tools, techniques, and trends to facilitate effective triage.

24x7 Security Operations

Full End-to-End Encryption 

RealVNC Connect uses full end-to-end encryption with Perfect Forward Secrecy built into our protocol. This means the session cannot be decrypted by a man-in-the-middle during the session, and that session data cannot be saved or decrypted in the future. 

These remote sessions are encrypted with AES-GCM 128 or 256-bit, and all web API calls use at least TLS 1.2, ensuring no one can read the data in transit, including RealVNC. 

Works with any network

RealVNC Connect’s cloud connectivity enables easy access to machines through NAT and firewalls. It does this using an outbound connection to RealVNC cloud services from both RealVNC Viewer and RealVNC Server. By avoiding the use of inbound TCP or UDP packets, RealVNC Connect doesn’t require any ports to be opened on your firewall. 

On-premise (offline) deployment mode 

If you have specific security or regulatory requirements, RealVNC Connect can be deployed entirely behind your firewalls and used only within your network without requiring devices to have an internet connection. 

Secure Cloud Brokering 

RealVNC Connect has been designed to work in a hostile environment – in fact, you don't have to trust RealVNC as a company to trust our software and services. Even when using our cloud-based brokering service, RealVNC Connect is fully end-to-end encrypted and you are guaranteed to be connected to the intended device via both automated and manual identity checking of our RSA key-based fingerprint verification. 

Ring-fenced devices 

Only permitted members of your team can discover and then attempt to access your RealVNC Connect devices, unlike competitor products where remote devices are discoverable by anyone. 

AUTHENTICATION

Default two-factor authentication for account access 

RealVNC accounts are secured using email-based 2FA by default. This ensures that your account is secure even if someone gets their hands on your account credentials (email address and password). You can also set up time-based one-time password (TOTP) authentication and enforce this for your entire RealVNC Connect Team.

2factor verify
2factor verify

SSO

Single Sign-On 

By implementing Single Sign-On, you can use your existing identity provider for authentication, reducing user complexity while enhancing security. 

Multi-factor authentication

Learn how to protect both your RealVNC® account, and remote computers with RealVNC® Connect installed, using as many authentication factors as you need.

SESSION AUTHENTICATION

Remote session authentication by default 

All remote sessions must be authenticated using local system – or domain – credentials by default. This authentication is independent of RealVNC account authentication. 

Centralized management 

Use your existing management tooling, such as Group Policy, to manage all aspects of your RealVNC Connect software configuration. Group Policy ADM/ADMX templates are available for download.  

Brute force protection

No matter which method is used to connect to your devices, RealVNC Connect clients have built-in brute force protection, so even the final device-level authentication layer has protection by exponentially increasing the delay between incorrect authentication attempts. 

Granular Permissions 

Users or groups can be granted specific remote access permissions. As an example, you can disable functionality such as file transfer or copy & paste for a specific user or user group.  

Gatekeeping Access 

If a user is already logged in when a remote session starts, RealVNC Connect can be configured to prompt the end user to approve or reject the connection. It is useful when the end user has something confidential open on their desktop. 

Privacy Mode 

Keep your sessions and sensitive data private by blanking the screen and connected monitors on your remote device. You can also lock-down input devices like the keyboard and mouse so you can work without interference. 

Deployment Options 

To support the varied needs of businesses, RealVNC Connect offers a choice of deployment options, including MSI packages for Windows deployment, group policy management, and deployment via script. 

Secure by Design

The RealVNC engineering team follows a Security Development Lifecycle to ensure security is included in all stages of product design and development.
We use software composition analysis to alert our engineering team of vulnerabilities found in third-party libraries used within the RealVNC Connect codebase, which are then remediated as necessary.

White-box security audited

RealVNC periodically employs a specialist security consultancy to audit all aspects of the RealVNC Connect software. For further information, see our cure53 report.

Independent penetration tests

As well as extensive internal security measures, we employ third-party security experts to perform penetration tests on our public-facing services. For the most recent penetration test report, 
see our our latest pentest report

Code signing 

We use code signing to ensure binaries haven’t been modified in transit or at rest by malicious third parties. On Windows, RealVNC Connect installers and installed binaries are signed using Authenticode, while on MacOS, we use Gatekeeper. For added peace of mind, you’ll also find checksums on our website to verify that the component you download is valid. 

Session Logging & Audit 

Track and monitor remote access activity using session logs to meet compliance and security policies. All events are saved to the local system log. If using cloud connections, events are logged in our Audit tool, which you can access in the RealVNC Connect Portal or via API for ingestion into external log systems.  

Try RealVNC® Connect for yourself

Sign up for your free 14-day trial and see what RealVNC Connect can do! No bank details required.

G2

4.7 stars, 400+ reviews
Top 50 IT Management
Products 2020

Apple App Store

4.8 stars, 11,700 reviews
Apple App Store 5M+ downloads

Google Play Store

4.6 stars, 55,000 reviews
Google Play Store 5M+
downloads

Capterra

4.5 stars, 100+ reviews
Best Software Reviews
Platform