A new era of collaboration — introducing the new LucidLink

Introducing the new LucidLink

Learn more
The blog
About LucidLink

LucidLink has successfully completed SOC 2 Type II

April 2024

4 mins

Protecting your data is our highest priority and we believe that you deserve the best security assurances possible. That’s why LucidLink is excited to give our customers the peace of mind that comes with SOC 2, Type II certification.

This article explains what SOC 2 is, why it is the perfect partner for cloud-based platforms, and what it means for creative teams.

Cybersecurity in the M&E industry

Cybercrime has been steadily on the rise in the past few years. The COVID-19 pandemic has provided cybercriminals with new opportunities to target organizations as remote work, and online activities have become more prevalent. Unfortunately, this trend is not slowing down.  

Cyber attacks like data breaches can result in significant financial losses, reputational damage, and legal implications for businesses of all shapes, sizes, and sectors. This is especially true for the Media & Entertainment (M&E) industry .

The M&E industry is a prime target for cybercriminals due to its high value content, public interest around unreleased movies, TV shows, and music, along with the vast amounts of personal data from customers, employees, and vendors. Infamous examples of attacks on M&E companies, like the 2014 Sony Pictures hack, the 2017 Orange is the New Black (Netflix), and the 2022 House of the Dragon (HBO) leaks, highlight the need for robust cybersecurity measures. 

Cybersecurity in the M&E industry

What is SOC 2 and why does it matter?

Created by the American Institute of Chartered Public Accountants (AICPA), Service Organization Controls (SOC) 2 is one of the most important and widely recognized compliance frameworks designed to guarantee the effectiveness of a company’s security policies and procedures. 

To become SOC 2 certified, organizations must adhere to some or all five of the Trust Services Criteria: Security, Availability, Confidentiality, Processing integrity, and Privacy. There are two main types of SOC 2 compliance: 

  • Type 1 – attests to an organization’s proper design and use of controls at a specific point in time.

  • Type 2 – evaluates whether an organization’s controls are operating effectively over a period of time (usually 6 to 12 months).

SOC 2 is vital for ensuring the security, privacy, and trustworthiness of product or service providers. It is considered the gold standard of data protection in today’s interconnected digital world.

‍SOC 2 and cloud – a winning combination

M&E companies increasingly rely on cloud-based technologies to streamline their workflows, enable remote collaboration, and improve content delivery to audiences worldwide. Cloud technology is beneficial to media companies because it ensures they can store and access vast amounts of data at any time, on any device, no matter where they are located.

As more and more organizations migrate to the cloud, data security is ever more critical for sustaining business operations and maintaining the trust and confidence of stakeholders. SOC 2 compliance is one of the best ways for cloud-based platforms to prove their capability of safeguarding confidential customer information. 

As an auditing and reporting procedure, SOC 2 might not be a typical requirement for cloud service providers and can just be considered a baseline for further compliance standards. However, the certification speaks of the company’s commitment to establishing rigorous security policies, including access controls, vulnerability management, incident response, and data protection. 

Addressing all five of the Trust Services Criteria of SOC 2 is essential for cloud-based tools:

  • Security: Ensures that data is protected from unauthorized access, alteration and destruction.. It is the foundation of trust for cloud service providers.

  • Availability: Guarantees that no downtime occurs and cloud-based tools are reliable and accessible, and that data and services are available to users when required.

  • Confidentiality: Affirms privacy of sensitive data such as personal and financial information, which can cause severe harm if compromised. 

  • Integrity: Maintains data quality while accurately processing large amounts of data, critical for  making informed decisions.

  • Privacy:  Certifies that the data is used and managed in accordance with applicable privacy regulations, and users’ privacy rights are respected.

LucidLink is committed to your data security

LucidLink is committed to your data security

We successfully completed a SOC 2, Type II audit – further evidence of our dedication to keeping your confidential information safe and sound. 

Gregory Tomczyk, Vice President of IT at LucidLink, emphasizes the company’s dedication to data security: “Data security is a fundamental tenant to LucidLink’s mindset and operating model. We continually strive to protect our clients from current and emerging threats. We recognize that our customers’ data is their most valuable asset and are committed to applying relevant industry standards across our products and services adhering to the highest international compliance standards. We can demonstrate this commitment by achieving SOC 2, Type II compliance, and TPN Blue Shield certification.

Beyond certifications, our novel approach to data confidentiality meets the most stringent security requirements of our customers.  LucidLink’s filespace technology uses a secure “Zero-Knowledge” encryption model guarantees that neither LucidLink, nor storage providers have access to customer data. This enables a durable operating environment for customers collaborating on sensitive workloads across all media and entertainment segments. 

To learn more about LucidLink’s approach to security, get in touch with our team

LucidLink was audited by Prescient Assurance, a security and compliance attestation leader for B2B SaaS companies worldwide. Find out more information about our security certifications and Zero-knowledge encryption model here.