Home Studio Security Guidance
When working on projects outside of an established facility, Netflix recommends that security controls implemented at your facility are followed outside of it. Below is our general guidance. If you require additional assistance, please reach out to the Netflix Studio Information Security team at firstname.lastname@example.org.
General Best Practices
- Users should login to internet based editorial systems using a unique username and a strong passphrase. Non-internet facing systems that have access to infrastructure (storage, etc.) should be kept disconnected from the Internet when internet access is not needed.
- All transfers of materials should leverage an approved secure transfer platform (Aspera, Signiant, Content Hub) or encrypted hard drives (Lacie Rugged Secure, Rocstor, Apricorn Aegis).
- Devices should have unique profiles for each user and should require a password to access the device.
- Ensure systems are running one of the last two available versions of the commercial operating system and are configured to auto-update for security patches. The user should check quarterly to verify that the device is patched.
- Enable full disk encryption on the workstation (FileVault for Mac, BitLocker for PC).
- Disable remote connections to the workstation and enable the device firewall.
- Ensure only persons working on the project can access the content.
- Anyone who is not a part of the project and who views the content should sign an NDA.
- Secure all external entry and exit points where content is stored or worked on.
- Consider a security camera system that covers entries and exits into the work area.
- Secure any physical assets (e.g. external hard drives, scripts) in a lockable container (e.g. safe).
- Securely delete content and return external media upon project/task completion or at the request of Netflix.