The Motion Picture Association America owns the Trusted Partner Network – which along with TISAX, ISO27001, NIST, CISA,CSA, SEC , C2PA and FTC – has many security rules and recommendations. Please check the following document:
Security issues can come from theft, malware, ransomware, hostage and data corruption.
The highest security
Many of these rules and recommendations require a financial investment and extra manpower. So what is the least expensive elaborate way to get the highest security?
The higest security is when computers and storage are on premise with blocked direct internet access and blocked USB, Thunderbolt, etc. ports. Material which comes in or has to go out via internet should be checked and managed in a so called transfer room. This transfer room is run by authorized personel and is equipped with virus scanning/diagnostics and has a Checker/Mover/DDP setup from Ardis Technologies. The high speed CheckerMover/DDP solution checks each incoming file against a list and when it is okay the file is moved to be used. All other file types are quarantined.
Also the audit program on DDP is active and the administrator manages who gets to work on which project.
Last it is important that co-workers are long term employed with benefits and other perqs so one can expect company loyalty. Some remarks about virus scanners. They could slow down perforrmance and can not normally cope with video files larger then 32GB. Also a virus scanner will not touch files with postfixes such as .exe, .vbs, .cmd, .iso, ips1 and others.
So what is the least secure situation?
That is when working remotely. Although there is watermarking, use of hidden tokes, etc, employees with their computer with numerous applications can not really be controlled. This is despite using Teradici or Citrix or others to make it more secure. With so many applications and their required updates and the growing number of AI tools to consider the chance of a security breach increases.
Maybe large companies with a separate IT/security department feel they have good control. Smaller companies mostly feel overwhelmed or think they have good control. To maintain security with remote access is expensive and requires extra manpower. This has to be weighted against other savings made and it maybe a disadvantage when competing for a project of a high profile cliënt.
What other breaches are possible?
One possiblity is theft of the DDP. For that purpose hard disks with AEX 256 encryption can be ordered as an option. Other possiblities can range from accidentally or intentially deleting material, displacing material so it seems lost or playing a production in full without necessity. These cases can be monitored using the audit facility, which comes standard with each DDP. The audit file registers the following per desktop: day and start time of the connection, the volume name or names, user which is logged on, actions on files and folders, the file path, from/to day and time and the end time of the connection. In a special case when there is a suspicion these parameters can also be monitored in line, real time. The audit files cycling is set to 4 days but files can be archived as long as needed. Other measures which can be taken are using HTTPS with your owned certificate installed and installing two factor authentification.
Changing passwords in AD/LDAP and or in the DDP regulary is good as well.
