CloudLock, Trust, and the CSA STAR Program In an age rampant with cybercrime and digital espionage, trust has become an increasingly coveted commodity. Earning the trust of a market…

CloudLock, Trust, and the CSA STAR Program

Michael Gleason

I spend my days (and nights) explaining how the strengths of the cloud - high availability, scalability, and interoperability - can help us overcome what is often considered its greatest weakness: security.


Cloud SecurityIn an age rampant with cybercrime and digital espionage, trust has become an increasingly coveted commodity. Earning the trust of a market requires the one-two punch of effort and time – reliability and consistency. And today, we’re excited to share another milestone for CloudLock as we announce we have achieved Cloud Security Alliance’s STAR Certification.

For those unfamiliar with the CSA Security, Trust & Assurance Registry (STAR) program, the organization explains:

“The CSA STAR Program is a publicly accessible registry designed to recognize the varying assurance requirements and maturity levels of providers and consumers, and is used by customers, providers, industries and governments around the world.”

At CloudLock, we understand trust to be the ultimate currency. What makes a cloud security firm trustworthy?

1) Trustworthy Practices is undoubtedly the most straightforward path to earn trust. Let’s break down some of CloudLock’s best practices.

  • One of the many benefits of our API-driven, cloud native approach means our customers’ content stays where it is; we do not take customer content into our database. Rather, we keep an inventory of customer assets, a reflection of our fundamental philosophy that we should not take possession of data belonging to others.
  • We provide value to customers through acting as a security translator of sorts. Rather than forcing security operatives to learn the idiosyncratic security vernacular of each SaaS application within their environment, our solution seeks to understand organizational security objectives and translates highly tunable individual policies across entire cloud portfolios.
  • While some security vendors endlessly speak of their panel of “security experts,” we ensure our entire team, especially our product, engineering, and support team, are all well-versed in security – see the third point below for more on this.
  • We partner with global security-centric companies, such as Google and AWS, to ensure our infrastructure and architecture is as reliable and secure as humanly possible.
  • To meet evolving security standards such as FedRAMP, we continuously monitor our own infrastructure. Achieving such standards serves as a recurring proof point that are cloud offering is hardened against an evolving landscape of cyberthreats.

2) Certifications. As a security company, we’ve built security into everything we do. Our commitment to security and privacy is underscored by a number of certifications. To demonstrate how CloudLock protects customer data, we provide independent third-party reports to our customers. We regularly pass rigorous third-party compliance audits of our security, confidentiality, availability, and privacy controls.

In addition to the CSA STAR certification, CloudLock has also achieved many additional certifications, including:


  • SSAE 16 (SOC 2 Type 2) Certified: CloudLock is SOC 2 Type 2 certified by EY. The SOC 2 report provides description of the CloudLock controls, environment, and external audit of CloudLock controls that meet the AICPA Trust Services Security Principle and Criteria.
  • SSAE 16 (SOC 3) Certified: Trust Services Report for Service Organizations – CloudLock has met the AICPA Trust Services Security Principle and Criteria.
  • TRUSTe: CloudLock is certified by TRUSTe, the leading global privacy management solutions provider. We adhere to the terms outlined in our privacy policy to securely and safely handle customer data.
  • U.S. Department of Commerce Safe Harbor: We comply with U.S. Department of Commerce Safe Harbor policies regarding the collection, use, and retention of personal data, and abide by European and Swiss data protection laws.

3) True Security Mindset. Our dedication to security extends beyond product-specific best practices and formal certification efforts. In fact, security is top of mind for every employee in the organization. This ongoing commitment manifests itself in the form of an inter-departmental security committee and task force as well as regular company-wide trainings to adopt secure best practices in our daily lives, both at CloudLock and beyond.
We’re proud to have earned the trust of so many, and are excited to maintain and expand this trust in the future.

Browser Not Supported

Your browser version is outdated.

We would recommend you upgrade to a recent version to ensure that you have a good experience on the CloudLock site. Outdated browsers also increase your security risk. So please update your browser and come back later!

Click on the icon below to download the latest version of your browser