Home Studio Security Guidance
When working on projects outside of an established facility, Netflix recommends that security controls implemented at your facility are followed outside of it. Below is our general guidance. If you require additional assistance, please reach out to the Netflix Studio Information Security team at firstname.lastname@example.org.
General Best Practices
- Users should login to systems using a unique username and a strong passphrase. Non-internet facing systems (offline editorial) should be kept disconnected from the Internet when internet access is not needed.
- In the event a user needs to connect to a remote workstation this should be done through a VPN connection. Remote access to machines should be restricted and follow our recommendations.
- VPN connections should require multi-factor authentication as part of the login process.
- All transfers of materials should leverage an approved secure transfer platform (Aspera, Content Hub) or encrypted hard drives (Lacie Rugged Secure, Rocstor, Apricorn Aegis). If hardware encrypted drives are not available we recommend enabling full disk encryption on the drive (FileVault for Mac, BitLocker for PC).
- Devices should have unique profiles for each user and should require a password to access the device.
- Ensure systems are running one of the last two available versions of the commercial operating system and are configured to auto-update for security patches. The user should check quarterly to verify that the device is patched.
- Enable full disk encryption on the workstation (FileVault for Mac, BitLocker for PC).
- On all Microsoft Windows based hosts, enable Windows Defender with automatic updates enabled.
- Secure any physical assets (e.g. external hard drives, scripts) in a lockable container like a cabinet or safe.
- Disable remote connections to the workstation and enable the device firewall.
- Ensure only persons working on the project can access the content.
- Anyone who is not a part of the project and who views the content should sign an NDA.
- Secure all external entry and exit points where content is stored or worked on.
- Consider a security camera system that covers entries and exits into the work area.
- Securely delete content and return external media upon project/task completion or at the request of Netflix.