SOURCE: CloudLock



September 09, 2013 09:00 ET

CloudLock Completes SOC 2 Type 2 Certification, Elevating the Standard for Securing Information in the Cloud

WALTHAM, MA--(Marketwired - Sep 9, 2013) - CloudLock, the leading information security suite for enterprises using cloud platforms, announced it has successfully completed the Service Organization Control (SOC) 2 Type 2 audit.

A leading independent auditor, EY (formerly Ernst & Young) conducted the audit, which verifies that CloudLock's information security practices, policies, procedures and operations meet or surpasses the rigorous SOC 2 standards for security, availability, and confidentiality.

"Completing the SOC 2 Type 2 audit demonstrates our ongoing commitment to security and underscores the investment we've made to keep our customers' data and systems safe," said Gil Zimmermann, CloudLock CEO and co-founder. "Our customers rely upon us to secure their more than 1.5 million users, who are responsible for creating the more than 55 million files currently stored in public cloud domains. Organizations faced with compliance requirements around sensitive data, like PCI, PII, and IP, can leverage CloudLock's SOC 2 Type 2 as part of their compliance strategy."

Why is SOC 2 Type 2 Important to Our Customers?

Service providers must demonstrate that they have adequate controls of data protection technologies and processes. The SOC 2 Type 2 report puts strict audit requirements in place and sets a high bar with a more meaningful audit standard then SAS70 or SSAE 16 SOC 1. The same audit report used by Amazon Web Services and Google, SOC 2 validates the security of infrastructures and services and is rapidly becoming an industry standard.

"The certification sets CloudLock apart from other ISVs in the growing cloud ecosystem. Our customers, which range from the world's largest enterprises to SMBs, can be assured that the highest level of internal controls and security are established and maintained," said Ron Zalkind, CloudLock CTO and CISO.

The importance of auditing is also recognized and encouraged by Gartner. "Cloud computing is a powerful tool for IT and businesses. Public cloud computing can be adopted safely and sanely. However, enterprises must do their homework, and avoid taking blind leaps of faith; otherwise, they will run huge risks with their mission-critical data, applications and processes," said Gene Phifer and Jay Heiser in their report "Look Before You Leap Into Cloud Computing", 12 June 2013.

About SOC 2 Type 2

The Service Organization Control (SOC) 2 Report is performed in accordance with AT 101 and based upon the Trust Services Principles. The Trust Service Principles which SOC 2 is based upon are modeled around four broad areas: Policies, Communications, Procedures, and Monitoring. Each of the principles have defined criteria (controls) which must be met to demonstrate adherence to the principles and produce an unqualified opinion (no significant exceptions found during the audit).

The audit includes a full assessment of:

  • Security: Data centers are protected against unauthorized access (both physical and logical).
  • Availability: Data centers are available for operation and use as committed or agreed.
  • Processing integrity: Processing is complete, accurate, timely and authorized.
  • Confidentiality: Information designated as confidential is protected as committed or agreed.
  • Privacy: Personal information is collected, used, retained, disclosed and destroyed in conformity with privacy principles issued by the American Institute of Certified Public Accountants (AICPA) and the Canadian Institute of Chartered Accountants (CICA).

Trust principles predefine the criteria businesses must meet, making it easier for business owners to know what compliance needs are required and for users of the report to read and assess the adequacy.

For more information about SOC 2 audits, see the American Institute of Certified Public Accountants website.

About CloudLock
CloudLock is the cloud information security company. CloudLock's suite of information security applications gives organizations the safeguards necessary to take advantage of public cloud offerings like Google Apps without sacrificing security. The largest businesses in the world trust CloudLock to secure their information in the cloud. For more information about the company or reseller opportunities call (781) 996-4332 or visit