With the exposure and risk of multi million productions seen in the Sony hack and other online exploits, the need for internet security in collaboration atmosphere’s has become as important, if not more so, than the content they protect. Frame.io is doubling down on the need to protect online collaboration with a new SOC2 Type 1 compliant security structure.
“This past February, we laid out our plan to not only get the most stringent security requirements, but far exceed them. Keeping your content safe and available is a responsibility we take very seriously,” writes Frame.IO CEO Emery Wells.” I’m excited to announce that Frame.io is no SOC2 Type 1 compliant.”
Stating that Frame.io has grown beyond it’s humble roots in film production, Frame.io CEO wrote this week that the company now supports workflows for Fortune 100 companies all over the world. And to that end, this year, Frame conducted an extensive security audit by a third party to see where they needed to shore up their online security. The audit looked at three main areas, including security, availability, and most importantly, confidentiality.
With the results of the audit, Frame has developed a series of SOC 2 Type 1 security standards which involves everything from the technological infrastructure Frame.io uses, to the training of employees and the distribution of software. According to a definition provided by NetGainIt, “SOC 2 reports build on the financial reporting basis of SOC 1 and also require standard operating procedures for organizational oversight, vendor management, risk management, and regulatory oversight. A SOC 2-certified service organization is appropriate for businesses whose regulators, auditors, compliance officers, business partners, and executives require documented standards.”
The reports come in two forms:
- Type I reports concern policies and procedures that were placed in operation at a specific moment in time.
- Type II reports concern policies and procedures over a specified time period; for this more rigorous designation, systems must be evaluated for a minimum of six months.
Consequently, to accomplish that level of security, Frame.io has incorporated three updates that promise to make their framework more secure. 1) Built into the software, frame has created Visual Watermarking, which allows team managers and administrators to burn watermarks into any media uploaded into the Frame.io system, with varying degrees of opacity, text, and even location. Once configured, the watermark will be automatically overplayed onto any video or image files uploaded into the system. “Frame.io Watermarking helps empower admins to deter any unauthorized sharing of content that their users have uploaded to Frame.io,” Wells added. “It’s a big step forward in our security.”
2) The next step is Asset Lifecycle Management. Users of Frame.io can now automate removal of old assets, according to a defined “cadence.” Admins can manage the number of days a given asset will remain online, and Frame.io will soft delete the asset automatically. If users need the asset after that, they can restore it up to 30 days after. Admins can also disable it completely for projects that require assets to be “evergreen” throughout the entire collaborative process.
3) Lastly, Frame.io has developed a custom threat detection system that monitors data generated in the system by users, looking for any attacks from the outside. The system only looks within the Frame.io system for threat detection and takes steps to eliminate any threats it identifies.
Frame has outlined the process in their white paper “Go Serverless: Securing the Cloud via Serverless Design Patterns.” Frame.io will be presenting the paper at the annual HotCloud conference and workshop later this month. You can read it here.
Looking ahead, Frame.io is also joining the Trusted Partner Network (TPN) started by the Motion Picture Association of America, to collaborate on security standards as online threats evolve.