Is my content safe?

Content security is at the very core of our company and platform. We go to great lengths to ensure that your assets are safely stored and processed. We work with external application security experts to test our application and cloud infrastructure on a regular basis. Over the years we’ve added numerous security features to give our clients flexibility and assurance that their content is well protected, including Single-Sign On, watermarking, and hosting your own data for full control. 


Do you support Multi-Factor Authentication (MFA)?

Yes, we have added our own MFA solution which you can enforce on your workspace level. We are also fully SAML 2.0 compatible and support Okta, Onelogin, Azure, Google, etc to onboard your team more easily.


What is being logged and how can I have access?

SyncSketch is using an extensive logging infrastructure with a central Security Information and Event Management (SIEM) server to collect and process everything that is happening on our platform. For peace of mind, we log anything from when specific users access items to state changes and download requests. We can stream workspace-specific logs to our customers via Logstash in the JSON format for full log analysis.


Do you support IP whitelisting?

To restrict access to your site we allow users to define either an IP range and/or fully qualified domain names (FQDN). Currently the whitelist is not accessible through the UI and needs to be requested when you set up your enterprise workspace.


Can I give users different permissions?

Within your workspace you can assign different permissions to your users; from unrestricted admin access to regular members and a view-only option to allow restricted users to just stay in the loop. Members can create and upload media to actively participate in your day to day while Reviewers are only able to leave feedback.


Can I share a review with users outside of my workspace?

Yes, you can share reviews with external collaborators by generating a link. Shared links can be password protected and you have the option to set an expiration date. Both password protection and expiration can be enforced on the workspace level to make sure your users are not accidentally sharing content without the necessary protection. For complete peace of mind you can also disable link sharing all together. That way you can be sure that anyone accessing your data is logging in through SSO or MFA if enabled on your account. 


Is my data encrypted?

Yes, all your data is encrypted at rest and in transit using the latest encryption technology like TLS 1.2 and AWS-SSE.


Do you follow a particular security framework?

Absolutely. There are several great frameworks that companies can follow. The most important thing is to ensure that the framework fits the organization’s operations, protects sensitive information, and meets or exceeds our customer’s expectations. A framework must achieve results and build integrity at every level of an organization. In the creative industry, there is no room for a weakest link. That is why we’ve adopted the ISO 27001 framework, along with best practices presented by the Motion Picture Association (MPA) and Trusted Partner Network (TPN). ISO 27001 is a very robust framework that offers great practices for day-to-day operations, while the TPN framework focuses specifically on content protection and the types of assets you typically find in the entertainment industry. For us, those best-practices are key.


How do you ensure compliance & integrity within the workforce?

There are numerous mechanisms that help ensure compliance. This is where the ISO 27001 framework can be very useful. Beginning with our hiring process, we conduct thorough background screenings, in compliance with local government laws, to minimize risk and uphold the highest standards of personnel integrity. To do this, we use a reputable external partner. We also require security training as part of the onboarding process, ensure that all staff have access to and understand SyncSketch policies, require non-disclosure agreements and host job-specific training to familiarize our teams with the information they are working with, how to protect it, and the risks involved. In addition to regular training, we host an ongoing Security Awareness Program that delivers timely and relevant communication each month, keeping our staff informed about security-related events, practical knowledge, and real-world case studies. This helps promote a culture of safety and security. 


What do you do to protect company devices?

Even with all of the training and best-practices, we try to minimize the chance of human error or malicious attacks by deploying device management controls and anti-virus and anti-malware protection. All employee devices are monitored and controlled by a centralized application that enforces password policies, system updates, and activity logging. This gives our InfoSec team a lot of control over what happens in our company’s ecosystem and offers proactive ways to respond to threats.


How do you ensure security with third parties?

We hold our third-party partners and vendors to the same high standards that our customers hold us to. Our vendor onboarding program requires SyncSketch to evaluate the information that vendors can access, who has access to it, where it’s being held, and how it’s being protected. In many cases, we require third parties to fill out questionnaires in order to familiarize ourselves with their infrastructure and practices. We also require non-disclosure agreements when service agreements are executed. Anyone who engages with our day-to-day operations quickly learns that security is at the heart of everything SyncSketch does, whether they’re a vendor, employee, contractor, or customer.


Does SyncSketch have a dedicated Security Team?

Our InfoSec Team meets regularly to evaluate changes to the SyncSketch ecosystem. We also work to identify risks and plan for technological enhancements. Our security roadmap is constantly evolving. Sometimes a client will suggest a brilliant security feature that could be added at the workspace level. Other times, we implement new solutions or policies that we believe will benefit our clients, their workflows, and their assets. Our InfoSec Team possesses a diverse array of security knowledge, including system administration, policy creation, enterprise learning, IT, software development, risk assessment, remediation, and other valuable expertise. It’s the perfect mix to keep our roadmap moving forward.


Using a cloud or SaaS solution is a big leap for many companies. Especially when their content is so valuable. Do you find it tough to gain the trust of studios or increase adoption?

When it comes to trusting a SaaS solution with valuable IP, there will always be skepticism and processes for due diligence– and there should be. It forces companies to not just talk the talk, but to walk the walk. That’s why we consider security a business and operations strategy in addition to an information security management strategy. SyncSketch has gone through some of the most rigorous security evaluations imaginable, and we’re continually approved and recognized as one of the most trusted SaaS solutions for content reviews and creative collaboration.

Once in a while, a company will have a policy that prohibits the use of content in the cloud. However, our flexibility in allowing clients to use their own AWS S3 buckets often helps solve that problem by providing control over logs and other aspects of their data. We believe the creative industry’s skepticism shouldn’t be projected towards cloud technology itself; but rather how companies protect data in the cloud. The power of the cloud provides companies with a competitive advantage that’s too valuable to ignore, and adoption towards its usage will accelerate, as it does with most technology of this caliber. The early adopters have already begun their creative journey with SyncSketch. They happen to be big players, so others are following suit.

Market forces aside, perhaps the best way to gain trust is to collaborate with clients to enhance the platform’s feature set. That includes creative features as well as security features. The security evaluation process is a great opportunity to collect feedback and think about the future of the platform. If an idea sounds like a winner, we usually add it to our roadmap for further evaluation and work alongside our clients to turn it into a reality. There’s nothing that builds trust more than working towards a unified goal together. Building an increasinlgy secure platform is a goal both SyncSketch and our clients can get behind.

For more information about Enterprise level security features, read this blog.