Solutions

ELEMENTS and TPN compliance

What are TPN security best practices and how can your company implement them?

Information and content security are paramount considerations for companies participating in complex media production, workflows, and distribution ecosystem. The evolution of new production tools, hybrid storage environments, and increased global collaboration has given rise to new security mandates and standards across the Media and Entertainment industry. Security audit compliance is standardized with certification for protocols such as SOC II Type 2, ISO 27002, NIST Security Framework, and the Motion Picture Association’s „TPN“ – Trusted Partner Network. These industry-wide initiatives on security are implemented across feature films, television series, and productions for OTT providers like Netflix and Amazon. 

We strongly support the industry’s security initiatives and have therefore developed our systems following these requirements. We have also often helped our customers to implement workflows that conform with these policies and procedures. Our experience in consulting on security standards and the use of the powerful toolset offered by ELEMENTS systems allows us to build a perfect environment for your project and company needs that fulfils the industry-leading security requirements. 

ELEMENTS-25Gb-Fibre
Best in class TLS / SSL encryption

Geared for security and easy to use

Your environment may require limiting access to the internet through a DMZ-node or „safe listing“ specific URLs through the internal network (LAN). The ELEMENTS system supports these requirements and provides optimum encryption for enhanced security. ELEMENTS systems accomplish this by enforcing TLS 1.2 protocol or higher and utilizing a limited set of trusted cryptographic ciphers with maximum complexity key strengths / DH Parameters and HTTP header configuration. Furthermore, if needed, ELEMENTS systems support complete data at rest and data in transit encryption.

User permission management

Benefit from a role-based environment

ELEMENTS solutions have a feature-rich, easy-to-use management interface that enables system administrators to easily configure user permissions and allow single users or groups of users access to individual storage areas. Furthermore, access permissions are determined for each component of the ELEMENTS environment. Users can be authorized to create new user accounts and workspaces and access the Media Library or ELEMENTS Satellite. The integration of Active Directory and LDAP allow for efficient centralization of the user account management.

Enabling Single Sign-On (via an app or dongle) on your ELEMENTS environment further simplifies secure user management and reduces the possibility of unauthorized access to your media. 

Advanced Automation Engine

Reliably execute efficient security measures

Every ELEMENTS system comes complete with our powerful Automation Engine. This feature enables users to design simple or complex workflow tasks, schedule them, or execute from the Media Library or via the context menu of macOS Finder or Windows Explorer. Moving and managing your data, syncing with the cloud, securely sharing assets, sending notifications, even running custom Python scripts – these are just some of the tasks that are included in the Automation Engine. Furthermore, automation jobs are used for scheduling backups of your system data and sending relevant system notifications to all users. The Automation Engine also allows you to bridge security zones between otherwise separate systems and perform segregation of duties – a process in which one user has to perform a specific action before others can access the data.

Logging and Auditing

Remain in control and maintain the chain of accountability

ELEMENTS systems keep a detailed log of all administrative actions on the system as well as user authentications and activity, both successful and unsuccessful. Need more logging features? The ELEMENTS internal logging agent can fan-out log and metric events to most standard SIEM and data analytics solutions. Additionally, ELEMENTS systems support Event hooks, which automatically start a preconfigured set of tasks after a specific action has occurred. Just about any activity on the system, such as a user log-in, mounting workspaces, or detected system alerts, can be used to trigger a custom Automation job.

ELEMENTS helped us both expand our storage capacities and boost our network security to comply with Netflix’s requirements.

Rick Nowak, Chief Operating Officer, New Wave Entertainment

Feature Specs

Encryption

TLS 1.2 protocol, optional metadata encryption

User account management

Active Directory support, expire users after set date, Single Sign On providers (SSO) support using the SAML 2.0 protocol, two-factor authentication via App or Dongle

User role management

Grant access permissions for individual ELEMENTS features and tools through group or user permissions

Automation tasks

Filesystem operations: Rsync, Repair workspace permissions, Workspace shadow copy, Resequence files, Copy, Move, Delete files / Media Library tasks (requires Media Library module) including: Media scan, Proxy regeneration, Remove proxies without original files, Set metadata, Merge metadata / General tasks: Transcode, Backup system settings and data, Generate system status report, Time synchronization, Finder/Explorer refresh / Python and Shell scripting / AWS integration: S3 copy, S3 sync, S3 delete  / AI tasks (requires ELEMENTS AI module) / Notifications

Event hooks

Automations can be triggered by a number of actions in the following categories: Authentication, Media Library, configuration, user and group management, alert, storage management and Satellite.

Notification options

Via e-mail to any address or existing user / Slack message / Via an ELEMENTS Client notification

FAQ

Security standards such as TPN establish security best practices for all processes that form a part of the video production workflow. These include processes such as: company organization and management, physical security and much more. Therefore, no one storage system could possibly cover all requirements. ELEMENTS systems however provide the necessary features required from the storage, and then some more.

To ensure confidentiality and integrity, it’s very important to follow a “least privilege principle”, and only allow users access to files and assets that they are assigned by the data owner. ELEMENTS can operate with a local user base, bind to Active Directory or LDAP and connect to standard Single Sign On providers (SSO) using the SAML 2.0 protocol (Like Azure / Microsoft 365). User permissions can be configured granularly for individual storage areas and individual components of the system such as the Media Library, Workspace creation, User management, Automation and much more. Tools such as the Media Library and ELEMENTS Satellite offer the possibility to further define user permissions to allow or exclude access to individual features or whole Media Roots.

Every ELEMENTS system comes equipped with an advanced Automation Engine. It allows you to execute a number of actions with a single click, actions such as data management, notifications, transcoding, Python scripts and many more. The Automation Engine can help you move your data between separate systems and bridge security zones.

Users can only see and mount workspaces that they have access permissions for. To verify user’s identity, two-factor authentication can be enabled. In order to log into the ELEMENTS Client or the ELEMENTS WebUI, the user will be asked to enter a code displayed on their smartphone or use a hardware dongle. Every storage access is logged in the ELEMENTS log and even automations can be triggered after a certain user has logged in – sending an e-mail or even a Slack notification for instance.

Read about ELEMENTS in high-security environments

Glossar

COBIT

COBIT ist ein international anerkanntes Rahmenwerk für das Management und die Governance von Informationstechnologie. Es bietet ein umfassendes Regelwerk von Prinzipien, Praktiken und analytischen Instrumenten und Modellen zur Steuerung der unternehmensweiten IT.