Press Release

CloudLock Completes SOC 2 Type 2 Certification, Elevating the Standard for Securing Information in the Cloud


WALTHAM, MA – September 9, 2013 – CloudLock, the leading information security suite for enterprises using cloud platforms, announced it has successfully completed the Service Organization Control (SOC) 2 Type 2 audit.

A leading independent auditor, EY (formerly Ernst & Young) conducted the audit, which verifies that CloudLock’s information security practices, policies, procedures and operations meet the SOC 2 standards for security, availability, and confidentiality.

“Completing the SOC 2 Type 2 audit demonstrates our ongoing commitment to security and underscores the investment we’ve made to keep our customers’ data and systems safe,” said Gil Zimmermann, CloudLock CEO and co-founder. “Our customers rely upon us to secure their more than 1.5 million users, who are responsible for creating the more than 55 million files currently stored in public cloud domains. Organizations faced with compliance requirements around sensitive data, like PCI, PII, and IP, can leverage CloudLock’s SOC 2 Type 2 as part of their compliance strategy.”

Why is SOC 2 Type 2 Important to Our Customers?

Service providers must demonstrate that they have adequate controls of data protection technologies and processes. The SOC 2 Type 2 report puts strict audit requirements in place and sets a high bar with a more meaningful audit standard then SAS70 or SSAE 16 SOC 1. The same audit report used by Amazon Web Services and Google, SOC 2 validates the security of infrastructures and services and is rapidly becoming an industry standard.

“The certification sets CloudLock apart from other ISVs in the growing cloud ecosystem. Our customers, which range from the world’s largest enterprises to SMBs, can be assured that the highest level of internal controls and security are established and maintained,” said Ron Zalkind, CloudLock CTO and CISO.

The importance of auditing is also recognized and encouraged by Gartner. “Cloud computing is a powerful tool for IT and businesses. Public cloud computing can be adopted safely and sanely. However, enterprises must do their homework, and avoid taking blind leaps of faith; otherwise, they will run huge risks with their mission-critical data, applications and processes,” said Gene Phifer and Jay Heiser in their report Look Before You Leap Into Cloud Computing, 12 June 2013.

About SOC 2 Type 2

The Service Organization Control (SOC) 2 Report is performed in accordance with AT 101 and based upon the Trust Services Principles. The Trust Service Principles which SOC 2 is based upon are modeled around four broad areas: Policies, Communications, Procedures, and Monitoring. Each of the principles have defined criteria (controls) which must be met to demonstrate adherence to the principles and produce an unqualified opinion (no significant exceptions found during the audit).

The audit includes a full assessment of:

  • Security: Data centers are protected against unauthorized access (both physical and logical).
  • Availability: Data centers are available for operation and use as committed or agreed.
  • Processing integrity: Processing is complete, accurate, timely and authorized.
  • Confidentiality: Information designated as confidential is protected as committed or agreed.
  • Privacy: Personal information is collected, used, retained, disclosed and destroyed in conformity with privacy principles issued by the American Institute of Certified Public Accountants (AICPA) and the Canadian Institute of Chartered Accountants (CICA).

Trust principles predefine the criteria businesses must meet, making it easier for business owners to know what compliance needs are required and for users of the report to read and assess the adequacy.

For more information about SOC 2 audits, see the American Institute of Certified Public Accountants website.

About CloudLock

CloudLock is the cloud-native CASB and Cloud Cybersecurity Platform that helps organizations securely leverage cloud apps they buy and build. CloudLock delivers security visibility and control for SaaS, IaaS, PaaS and IDaaS environments across the entire enterprise in seconds. Founded by Israeli Elite Cybersecurity Military Intelligence experts, the company delivers actionable cybersecurity intelligence through its data scientist-led CyberLab and crowdsourced security analytics across billions of data points daily. CloudLock has been recognized by Inc. Magazine as the fastest growing security product company in the U.S. and by Glassdoor as one of the top 3 best places to work in the U.S. Learn more at

Experience a Live Demo

See Cisco Cloudlock in action from one of our cloud security experts

Browser Not Supported

Your browser version is outdated.

We would recommend you upgrade to a recent version to ensure that you have a good experience on the CloudLock site. Outdated browsers also increase your security risk. So please update your browser and come back later!

Click on the icon below to download the latest version of your browser