Content Security Overview
As Netflix continues to invest in the creation of Original content the need to maintain and evolve our content security posture only increases.
The approach Netflix takes to addressing this need is three-fold:
Netflix hopes to clearly outline our expectations to all partners to ensure there is alignment around the security controls that we assess our partners against.
We aim to keep up-to-date with the existing industry standards, as well as new initiatives, and identify how they can be used to safeguard Netflix Original content. We advocate for such standards and initiatives to ensure all our partners are aware of them, can start to think about how best to implement them, and keep up-to-date on new developments.
One such initiative is the Trusted Partner Network (TPN). The TPN is an industry initiative that ties together multiple industry and studio security assessment programs into a single standardized control set and framework. The TPN aims to create efficiencies by vendors undergoing a single assessment, recognized and accepted by all of the major studios, which will reduce the number of duplicative assessments they previously had to undertake.
The ultimate aim is to ensure that an environment exists that fosters creativity while reducing the risk of content from loss or theft. This is done by ensuring that key stakeholders, both internally at Netflix and externally with our production and post production partners, are given all relevant context and resources on the topic. Netflix offers guidance to our partners, helping them to consider the measures, workflows, and best practices needed to implement, and maintain, a coherent content security posture.
Some great resources that we strongly encourage all our partners to review include:
- MPAA Content Security Guidelines
- The MPAA Best Practices are the control framework that the TPN assessments are based on. These best practices provide a baseline set of security controls that any facility can build on. A mature organization will use these to create a security model for their organization based on the risks to their business.
- Netflix Minimum Content Security Recommendations
- These are our least minimum recommendations for setting up very basic security at your facility. These are not to be seen as a replacement for more robust security best practices or the TPN framework.
We understand that this is a topic that many have not necessarily had to consider in depth prior to working on Netflix Original content. We hope to be a guide and resource that empowers all partners (regardless of previous experience, size or location) to make informed decisions on this topic.
We take a light-touch approach to actively assessing our partners to ensure guidance and expectations are being followed and implemented while processing Netflix Original content. Assessments are initiated based on current production activity, internal business needs/requests to review new partners, or regularly scheduled re-evaluations of existing partners. Using inquiry, observation, and examination, Netflix assesses an organization’s security maturity as it relates to administrative, physical, and digital security controls. The results of our assessment are not a pass/fail model. The intent is to identify significant risks and provide guidance to mitigate the likelihood of a content leak.
We also leverage the Trusted Partner Network’s (TPN) assessment program to supplement our internal efforts. The TPN assessments are comprehensive and give Netflix, and other content creators, a very good understanding of an organization’s security posture. Because TPN has been well thought out and implemented, the assessments are accepted across the industry. We believe that this is a significant value-add in terms of one assessment, satisfying many customers. With the heavy-lifting security assessment completed through the TPN, our security interactions with our partners can be more strategic, allowing for improved collaboration and project specific discussions. For these reasons we encourage our partners to participate in the TPN.