Frame.io video collaboration platform has received SOC2 TYPE 1 compliance, ensuring customers’ data is protected, and now includes two new security features.
Since the launch of its workflow management platform for video that Frame.io has taken the necessary steps to strengthen security in media environments, and now the company received SOC2 TYPE 1 compliance, ensuring customers’ data is protected. Simultaneously, the company announces the video collaboration platform now includes two new security features: Visual Watermarking and Asset Lifecycle Management, expanding security management to front-line workflows.
“At Frame.io content security matters. It doesn’t just matter, it’s everything,” said Emery Wells, co-founder and CEO of Frame.io. “Earlier this year, I wrote an open letter to our customers about our growing security team and initiatives, with a promise to not just meet security best practices, but far exceed them. Becoming SOC2 Type 1 compliant is a big step toward our goal to lead in the content security space. And releasing new security features like Visual Watermarking and Asset Lifecycle Management is another way we can deliver on our promise.”
To become SOC2 Type 1 compliant the company underwent a rigorous audit process conducted in accordance with the American Institute of Certified Public Accountants (AICPA). The audit process evaluated Frame.io against service controls derived from three key trust principles of SOC2 – security, availability, and confidentiality. That means all customers can rest assured their valuable media assets are protected from security threats today and well into the future.
“SOC2 Type 1 certification is a milestone in our efforts to keep customers’ data protected,” stated Wells. “Ensuring customers’ content is safe and accessible is a responsibility we take very seriously. So instead of just talking about our security processes, we invited an independent third-party auditor from an accredited auditing company and had them examine us against security, availability, and confidentiality controls. This is just the first of many measures Frame.io is taking to build the industry’s best security program. Now, when we say that your content is secure, you don’t have to only take our word for it.”
As part of the audit process, auditors examined various internal controls and practices, including human resources, software development lifecycle, risk management & assessment, vendor management, change management, incident response process, security monitoring & operations, infrastructure & cloud security, physical security, and most importantly, the Frame.io management and board’s commitment to security & privacy of Frame.io customers.
Frame.io’s effort to obtain SOC2 Type 1 compliance was led by the company’s Head of Information Security, Abhinav Srivastava. Abhinav joined Frame.io this past September from the AT&T Research Lab where he was leading a number of security research efforts. Abhinav and the Frame.io security team recently co-authored a white paper published on July 9th as a part of Usenix’s HotCloud ’18 Workshop on cloud computing.
Because security is not a checkbox, it is a never-ending part of the product development process, Frame.io will continue to explore new ways to make the whole system as secure as possible, according to the technologies available. The company has just released two new features to further strengthen its ties with enterprise customers.
Visual Watermarking is one of the new features. With it admins and team managers can configure watermarks that are embedded onto any media their users upload to Frame.io. Admins can type out their own custom watermark, set its opacity, and choose where in the frame they want the watermark to appear. Then they can configure their team settings to automatically watermark the content their team uploads to Frame.io, helping deter any unauthorized sharing of their team’s content.
The second feature introduced is Asset Lifecycle Management. With it customers need not worry about cleaning out old videos from the platform; Frame.io does it for you on an automated cadence that you define. Admins and team managers can set a limit on the number of days a given asset will remain in Frame.io. Once an asset hits that limit, the system automatically deletes it. Assets can be restored up to 30 days after deletion and admins can disable Asset Lifecycle Management on a per-project basis.
Asset Lifecycle Management is built for the enterprise admin that finds themselves removing assets from Frame.io constantly, whether that be for security, for better organization, or for increased storage capacity.