Many of our clients are required to comply with MPAA security standards in their day to day digital workflow. Wiredrive has numerous security features that aid in this process which can be read about on our security overview below.
This article is intended to give a more streamlined overview of how Wiredrive addresses the Digital Security requirements recommended by the MPAA. This is just one section of the MPAA Site Security Program, which is a good read if you are interested in what it takes to be MPAA compliant. Keep in mind that this is not a full list, rather this just touches upon the areas that apply to Wiredrive in the content transfer portion of the program.
Transfer Tools
- MPAA recommends that companies use transfer tools that have access controls, at least AES 128-bit encryption and strong authentication. Wiredrive offers AES 256 bit encryption by default with fall back to 128-bit.
Transfer Device Methodologies
- Remove content from transfer devices immediately after receipt. Wiredrive users can delete content with a single click.
- Use receipt notifications to verify successful transfer of content. Wiredrive offers "Presentation has been viewed" receipts as well as view detailed analytics.
- Remove client access to transfer tool immediately after the successful transfer. Wiredrive allows four levels of access for users. Access can be revoked by administrators immediately.
Client Portal
- Assign unique credentials (username + password) to individual portal users. Send credentials via secure email. Require a minimum password length of 10 characters. Wiredrive requires a minimum password length of 8 characters in line with OWASP best practices.
- Ensure that user only has access to their digital assets and not those of other clients + users. Implement a process to review permissions and ensure that access is limited only to those who need it. Wiredrive allows controls that limit user's access to specific projects + assets.
- Use HTTPS and enforce the use of a strong cipher suite for the internal/ external web portal. All Wiredrive traffic uses SSL with AES 256 bit and 128-bit ciphers.
- Do not use persistent cookies or cookies that store credentials in plaintext. Cookies are destroyed at the end of a session. All passwords are encrypted and stored in the Wiredrive database using modern cryptography.
- Set access to content on both internal and external portals to automatically expire at set intervals. Wiredrive offers both automatic and manual expiration of Presentations and Presentation assets.
- Test for web application vulnerabilities (using industry accepted testing guidelines) annually and correct any validated issues. Wiredrive performs continuous automated testing using a top tier web security organization.