LucidLink’s default settings provide a SOC2 Type II, ISO 27001, and TPN certified secure production environment including AES256 encryption at rest, TLS encryption in flight, as well as a zero-knowledge policy, but there are some optional steps that can be implemented to maximize the security posture. 

LucidLink follows the “shared responsibility” model whereby end users must assume responsibility for “security in the cloud” while LucidLink assumes responsibility for “security of the cloud”.  These guidelines provide recommendations for hardening the security of your LucidLink environment, but teams also need to manage and secure their own host systems used to access LucidLink filespaces.

Technological Recommendations
 

• Use SSO
  • require MFA through an authenticator app.
• Enable 2FA on external accounts if enabled.
• Create backup code for owner account.
• Enable Audit Trail functionality
  • Setup audit log ingest and query methodology of choice
  • Setup alerting based on relevant parameters
• Adjust snapshot schedule to meet business needs
• Implement a fully redundant disaster recovery / business continuity process including planning for fail-over and fail-back.
• Use LucidLink custom to enable your own S3 key rotation policies, and bucket access policies.
• If using LucidLink custom, after initialization, apply bucket policies that only allow the hub to perform "s3:deleteObject" commands to facilitate garbage collection. Note: by using this technique bucket access polices will need to be temporarily modified to enable key rotation.

Procedural Recommendations

• Store workspace owner login credentials with a trusted secrets management tool
  • Ensure multiple people know how to access in case of staff changes
• Perform key rotation on a regularly scheduled interval (Custom Filespaces only)
• Minimize Admin and Filespace Admin roles to only those who absolutely need it.
• Grant folder access on the “Least Privileged Access” principle
• Audit your user access and permissions on a regularly scheduled interval