Delivering on Our Security Promise

This past February, we laid out our plan to not only meet the most stringent security requirements, but far exceed them. Despite our humble beginnings, Frame.io is now supporting video workflows at Fortune 100 companies all over the world. Keeping your content safe and available is a responsibility we take very seriously.

I’m excited to announce that Frame.io is now SOC 2 TYPE 1 compliant. This major milestone is one of many on our ongoing security roadmap.

As part of this compliance, we have undergone a rigorous audit conducted by a reputable independent third-party auditor in accordance with American Institute of Certified Public Accountants (AICPA). The audit process evaluated Frame.io against service controls derived from three key trust principles of SOC2—security, availability, and confidentiality.

These security standards extend beyond the technology and processes we use to secure and encrypt your media on Frame.io; it goes through to the very DNA of every part of the company—from the training of our employees, to the distribution of company software and hardware, and even to the protocols for guests that visit our NY headquarters.

New Security Features

In addition to the rigorous security standards we’ve met, we’re also releasing new Enterprise features that will aid in the secure distribution and management of your data.

Visual Watermarking
Now admins and team managers can configure watermarks that will burn into any media their users upload. Admins can type out their own custom watermark, set its opacity, and choose where in the frame they want the watermark to appear. Once you’ve configured your watermark in settings, it’s automatically burned into any video or image files your users upload.

Frame.io Watermarking helps empower admins to deter any unauthorized sharing of content that their users have uploaded to Frame.io. It’s a big step forward in our security offering, and we’re excited to get it in your hands.

Asset Lifecycle Management
There’s no more worrying about clearing out old content from Frame.io—we do it for you on an automated cadence that you define. This optional feature allows admins and team managers to set a limit on the number of days a given asset will remain in Frame.io. Once an asset hits that limit, Frame.io automatically soft deletes it so the account manager doesn’t have to.

If you find yourself needing an asset that was deleted recently, fear not: you can jump into your project’s trash can and restore the asset up to 30 days after it was deleted.

Asset Lifecycle Management can be disabled on a per-project basis at any time, so if you’re a team that likes to keep evergreen or library assets in a single project, you have that option.

Becoming an Industry Role Model and Thought Leader

To continue leading the market in end-to-end product security, we must continuously innovate our intrusion detection techniques. We monitor data generated by our tools to discover attacks in a timely manner. It’s of such integral importance, our team built a custom threat detection solution that’s uniquely tuned to our own systems. This provides an added layer of security we could not have accomplished with third-party solutions. This system has also undergone the AICPA audit and contributed to meeting compliance.

After operating our threat detection system for several months, we’ve authored a research paper titled “Go Serverless: Securing Cloud via Serverless Design Patterns.” We submitted it to HotCloud 2018, a top peer-reviewed cloud systems workshop, which accepted the paper to be published. We will be presenting our work in the HotCloud workshop in July, and the final version of the research paper can be downloaded here.

This paper demonstrates the cutting-edge information security program at Frame.io, and our commitment to continue demonstrating the security thought leadership in this space by researching, innovating, and sharing our work with the broader community.

Team Effort

A huge amount of thanks and gratitude must go out to the team here at Frame.io who have worked so tirelessly—in particular, our Head of Information Security, Abhinav Srivastava. Abhinav joined Frame.io this past September from the AT&T Research Lab where he was leading a number of security research efforts. Abhinav holds a Ph.D in Computer Science from Georgia Institute of Technology and has published 30 security research papers which are widely recognized by the cyber security community.

What’s Next?

Continuing Our Investment in Information Security, we are also working to join the Trusted Partner Network (TPN), a joint effort between the MPAA and the CDSA.

We won’t stop until Frame.io is the most secure platform for the video collaboration market.

 

Written by Emery Wells

Interested in contributing?

This blog relies on people like you to step in and add your voice. Send us an email: blog at frame.io if you have an idea for a post or want to write one yourself.