Whether you’re a SMB or enterprise media company, a secure rights management system gives you peace of mind when tracking your royalties and opportunities. So, what security features should your system have? Let’s review the essential security features FilmTrack provides its customers—and how those features help secure rights management applications.

FilmTrack’s Proactive Approach to Software Security

The last thing any media company wants is for its rights management software to shut down during the workday because of a cyber attack. Preventing such events requires a proactive security approach, meaning security must be a core component of software development. 

Here’s how this works in practice:

Secure Code Reviews

At FilmTrack, we conduct manual and automated secure code reviews to manage system security risks. Our in-house software developers' code is subjected to detailed security checks to identify potential configuration flaws and ensure these flaws do not sneak into the next software release.

To comply with industry and regulatory security requirements, FilmTrack also partners with trusted third-party security providers to conduct annual penetration testing for our web applications and the cloud infrastructure surrounding those applications. 

During these penetration testing or “ethical hacking” exercises, a team of security experts simulate a hack on our systems in order to evaluate our software for potential flaws or vulnerabilities.     

Any flaws identified during this process are logged in our ticketing system and sent up the chain for follow-up by our internal security team, which then attempts to resolve them quickly before they become more serious.    

Code reviews and penetration testing are just a few of the commonly used system security features FilmTrack includes with its rights management software.

Additional Security Features

Multi-Factor Authentication (MFA)

MFA uses authentication factors to confirm an individual’s identity when logging into an application using a username and password combination.

These factors can be:

• Something the individual knows, e.g., a password or passphrase
• Something the individual possesses, e.g., a key or random number token
• Something unique about the individual, e.g., fingerprints

One of the most common types of MFA is two-factor authentication (2FA), which provides access to an application or system only after an individual verifies their identity via one of the above secondary authentication factors.

2FA—and, more generally, MFA—works by creating an additional layer of security that effectively hinders criminals from successfully logging into systems by unauthorized means.

FilmTrack’s rights management software contains built-in security features managed by an identity provider who helps control clients’ access to our applications. Similar to the random token features offered by Microsoft Authenticator, Google Authenticator, or Duo Security, with this 2FA system, a user types in a one-time code from a cellphone app to confirm their login to a website or application.

When using FilmTrack’s rights management software, a media company that uses Azure, Okta, or Ping, for example, to manage its internal single sign-on (SSO) process can still use those systems to control access to FilmTrack’s software. 

Here, the 2FA authentication process occurs between FilmTrack’s rights management system and your company’s network, meaning you still have control of factors like the users and the MFA access control system. 

This built-in MFA capability extends your company’s system and simplifies system security. 

Cybersecurity Protection

Security threats are less likely to impact a rights management system equipped with cybersecurity controls. The most appropriate cybersecurity features for your rights management software should be capable of detecting threats quickly, preventing data loss, and streamlining regulatory compliance.

Here’s how FilmTrack secures its rights management software:

• FilmTrack interacts with a cybersecurity operations center (CSOC) within City National Bank’s (CNB) system to oversee and coordinate cybersecurity threat management.
• FilmTrack also uses a security information and events management (SIEM) solution to correlate logs, analyze alerts, and anticipate cybersecurity threats to its systems and applications.
• Data classification processes help FilmTrack categorize sensitive data for internal, confidential, or public use.
• By using Transport Layer Security (TLS) 1.2/1.3 and HTTPS, customer data at FilmTrack is encrypted using only industry-accepted tools and standards for data handling and security.
• As part of its data loss prevention (DLP) strategy, FilmTrack automatically monitors any removal of confidential information (e.g., intellectual property (IP) and personally identifiable information (PII)) from its systems and blocks these events.
• Compliance with the Center for Internet Security (CIS) benchmarks helps FilmTrack to strengthen its IT security hardening configurations.
• FilmTrack also conducts ongoing security audits to comply with widely-recognized security guidelines like the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF).

Role-Based Security (RBAC)

Role-based security helps differentiate the user access privileges in any IT system. Role-based access control (RBAC) simplifies data categorization so only specific users can access sensitive data environments. 

For instance, only admin accounts—and not regular user accounts—should be able to edit or delete certain information from the system.

With FilmTrack’s software, media companies can parse data such that only authorized users access secured data environments. Clients can also configure data segregation to limit data reading or writing privileges to certain groups of people in their companies. When users submit data queries, they can only see the data they have access to.

Investing in a secure rights management software provides peace of mind for your company, even as you increase the volume of digital media you sell or distribute.

What You Need to Know About Security 

Companies are searching for robust software security in today’s evolving and competitive entertainment landscape. Our new ebook, The Critical Role of Security in Entertainment Rights Management, offers insights into the security-related components companies of all sizes must look for in a rights management system.

Our ebook dives into:

• Product security - What developers should be doing to ensure a secure system with multi-factor authentication, cybersecurity protections, and role-based access control.
  
  
• Application security - The architecture, hardware, and hosting required to protect access to information, offer access to data, and improve the application’s security.  

• Organizational security - The steps organizations take to protect priority information from data breaches, unauthorized access, cyberattacks, and other disruptive data security threats.

Download the ebook to discover what you need to look for in a truly secure system.

FilmTrack is an RBC Company and subsidiary of City National Bank Member FDIC. City National Bank is a subsidiary of Royal Bank of Canada.