Media Security Requires More Than Lip Service

By Larry Jordan

A press release from caught my eye this morning. Emery Wells, CEO of, announced that is “now SOC 2 Type 2 compliant.” This means that successfully completed a rigorous, ongoing security audit that demonstrates not only met, but exceeded industry security standards.

This security audit, according to, “is the gold standard for security compliance for [Software as a Service] companies.”

Type 1 compliance defines security at a specific point in time. Meaning that demonstrated to external third party auditors their ability to successfully design and implement security controls, policies, and procedures to secure and encrypt your media on

Type 2 compliance is much more rigorous. This requires that demonstrate their ability to maintain those same security controls, policies, procedures, and standards successfully throughout the examination period — from July until today — without any exception. These are standards that cover the training of employees to the distribution of company software and hardware, and even to the protocols for guests that visit their NY headquarters.

This audit included examination of their policies and procedures regarding network connectivity, firewall configurations, systems development life cycle, computer operations, logical access, data transmission, backup and disaster recovery, and other critical operational areas of business.

The reason I mention this is that, many times when I talk to tech companies, they make a big deal of how the security of your data is important to them. But almost none have gone to the lengths that has to PROVE that your data is secure.

Talk is cheap and, as we’ve seen over and over in social media, it is easy to promise security, while not actually delivering anything of substance. has put their money – LOTS of their money – into living up to their promises to keep our data secure. This is a major accomplishment and they deserve congratulations. has set a high bar for other service companies to meet. Here’s a link to their press release to learn more.


As you think about moving business-critical assets to The Cloud, here are some questions you should ask:

  • Is our data encrypted while it’s being transferred (“in transit”), while it is stored on your servers (“at rest”) or both?
  • Do system administrators have access to either our data or the encryption keys and, if so, how do you secure our data?
  • What happens to my data if your company goes out of business?
  • What organizational processes have you put in place to make sure unauthorized users don’t have access to my data?
  • How are you auditing and verifying that your security procedures are sufficient, and sufficiently followed by members of your staff?


About James DeRuvo 801 Articles
Editor in Chief at doddleNEWS. James has been a writer and editor at doddleNEWS for nearly a decade. As a producer/director/writer James won a Telly Award in 2005 for his Short Film "Searching for Inspiration. James is a recovering talk show producer from KABC in Los Angeles, and a weekly guest on the Digital Production Buzz with Larry Jordan.

Be the first to comment

Leave a Reply

Your email address will not be published.