Welcome to the Netflix Partner Help Center. Have a question or need help with an issue? Send us a ticket and we'll help you to a resolution.

Refer to end for translated versions

 

Netflix Content Security Best Practices

The Netflix Studio Information Security team has identified the following as best practices for any entity handling pre-release Netflix content. Consider this a baseline set of high-level recommendations that collectively achieve the intention of each security domain. Each best practice is not meant to prescribe a specific solution; rather, they are ideal end states with many different methods and means to achieve them. We encourage you to take a risk-based approach to content security ensuring that your specific risks are addressed by your security framework. We will work with you to ensure that any specific Netflix security asks are based on project-specific needs. If you or part of your workflow operate out of a home studio please review the Home Studio Security Guidance.

Security Management

  • Clearly document information security philosophy and rationale
  • Implement a security training and awareness program
  • Regularly assess risk
  • Ensure hardware and software is kept up-to-date
  • Implement an incident response plan that documents what to do in the event of an incident involving client data/materials. Incidents involving Netflix content should be immediately escalated to scs@netflix.com
  • Implement a business continuity plan
  • Ensure only persons working on client projects can access the content
  • Anyone who is not a part of the project and who views the content should sign an NDA
  • Define who is responsible for key security functions

Network

  • Implement network connectivity based on least-privilege if appropriate (e.g. zero-trust or network segmentation via VLAN or physical air gap)
  • Implement an auditing and logging system (network activity--connections, traffic, etc.)
  • Use VPN for remote access to the network, ideally with MFA

Endpoint (e.g. workstations, servers)

  • Ensure endpoint devices that handle/store content are in a secure state at all times (e.g. firewalls and disk encryption enabled; password protection)

Identity (e.g. user controls)

  • Implement an authentication framework that appropriately validates user identity on the content-handling network
  • In conjunction with authentication, implement an authorization framework that grants permissions based on least-privilege
  • Implement strong authentication protections via MFA, SSO, etc.
  • Implement identity lifecycle management (e.g., onboarding and off-boarding processes)

Data Protection

  • Implement end-to-end data protection measures:
    • Encryption in transit
    • Encryption at rest (file-based, database, disk-based)
    • Content-specific protections (DRM, watermarking)

Physical Security

  • Implement physical access controls (e.g. cameras, card readers, alarm systems, etc.) around sensitive areas and where appropriate
  • Store sensitive physical assets (e.g. external hard drives, printed materials, etc.) in a secure physical location
  • Ensure appropriate chain of custody is in place for physical transport of assets
  • Visitors should be accounted for in sensitive areas (e.g. logged in, escorted)

If you seek additional guidance, please contact Netflix Studio Information Security (scs@netflix.com).

 

Translations

العربية‬

Deutsch

Español (España)

Français

Italiano

日本語

한국어

Polski

Português

Türkçe

Was this article helpful?
42 out of 48 found this helpful