Move Beyond Compliance
Security From Ground to Cloud
KLASH makes compliance easy. Automatic security checks, encrypted data, and custom key generation give you security way beyond the recommended requirements.
We host the KLASH platform on Amazon AWS and Microsoft Azure, which provide multi-layered security across physical data centers, infrastructure, and operations. Microsoft alone invests $1 billion yearly into protecting the Azure infrastructure and has thousands of security experts who actively monitor the safety of your content.
Automatic encryption and prevention of DDoS attacks, hardware and firmware protection by constantly re-evaluating code, and failure prediction enabled by machine learning are just a few of the means to keep your content safe.
Lock It in a Vault and Re-Generate the Key
KLASH supplies customer managed keys for encryption of data besides the default encryption done in Microsoft Azure Storage. Customer managed keys puts you in complete control of the key generation, either create your own and store them in a key vault or use the Azure Key Vault APIs to generate them.
You can run KLASH with your own Azure blob storage or AWS S3 bucket in the cloud. KLASH roadmap 2024 is moreover going storage agnostic - making it possible to connect any storage unit to the platform. This can be an on-prem server or a local hard drive, but also your own cloud service. Stay tuned.
The Trusted Partner Network (TPN) Best Practices
KLASH is a proud member of the Trusted Partner Network, powered by the Motion Picture Association (MPA), and committed to building and supporting a strong community network dedicated to keeping content safe. The Motion Picture Association consists of Disney, Netflix, Paramount, Sony Pictures, Universal, Sony Pictures, and Warner Bros. Entertainment. The TPN's best practices and guidelines prevent leaks, breaches, and hacks of pre-released, high-value media content.
Still Not Convinced?
If you want a full review of how we work with security, reach out to us and we’ll send you a copy of our Information Security Management System (ISMS). The ISMS includes:
- The business’s incident management process regarding detection, handling and traceability
- An example of how we would handle a major security-related incident The information classification model
- How we evaluate personnel and consultants that work with your account
- You can moreover find KLASH in the TPN database of approved vendors https://plus.ttpn.org/
How does KLASH ensure data is unreadable by cloud service providers?
KLASH uses Amazon AWS and Microsoft Azure as our cloud service providers. AWS and Azure encrypt all data stored at rest - protecting against malicious intent. By default, AWS and Azure encrypt data with AWS and Microsoft-managed keys.
How do you manage application security risks?
KLASH handles application security risks by rigorously adhering to the Trusted Partner Network guidelines created by the Motion Picture Association (MPA) and the Content Delivery and Security Association (CDSA).
How do you test for security vulnerabilities?
We do regular security tests on the platform, where we check installed dependencies for security vulnerabilities and security issues in the code. We also use two-factor authentication technology - which has built-in vulnerability testing.
Are you ISO 27001/20000 certified?
No. But we’ve built our information and IT-security standards on the concept of ISO 27001/20000 and ISO 27001/20000 certified auditors have implemented these standards.
Do you have a vulnerability management process?
Yes. We use tracking tools from Amazon AWS, Microsoft Azure, and Sentry for error reporting, management, and tracing. The servers are on virtual networks and allow minimal external access.
Are Amazon AWS and Microsoft Azure safe?
Absolutely. Microsoft alone invests $1 billion yearly into security, which includes protecting the Azure infrastructure. With over 3,500 cybersecurity experts, of which hundreds are specifically tracking weaknesses daily, we can definitely vouch for the safety of the storage solution.
Do you process data outside of the EU/EEA?
Not if you don’t want us to. You can decide which geographical region you want for your storage on KLASH.
What Multi-Factor Authentication (MFA) methods do you support?
KLASH supports Microsoft ADFS, SAML, Okta, and Google SSO.
What are the recommended steps to keep your account and content as secure as possible on KLASH?
Enable 2FA on sign-in, restrict the possibility to share public links, for example using 2FA with mobile phone number, add dynamic watermarking on your files, disable the possibity for reviewers to download files, and set time windows for your share links on KLASH.
Also, make sure to set the right roles and permissions for your subcontractors. While you might be working with secure vendors, there is the risk of secure vendors contracting non-secure vendors.
What is the most secure way to collaborate?
While production files need to be uploaded and transferred over the internet from time to time, KLASH real-time live streaming can be a valuable and secure alternative. Since no files are rendered or transferred, the risk for files traveling someplace they shouldn’t is minimal.
Why does it say “Remember to anonymize images and other sensitive information” when uploading content on KLASH?
The call to anonymize data was an extra layer of security requested by national broadcasters on KLASH. In theory, if you put data on servers within the European Union, which is a requirement by many of our customers, and there is a criminal investigation in the US related to the stored files, the US government could require the American cloud service provider that owns and operates the servers (the market is dominated by cloud service providers Amazon AWS, Microsoft Azure, and Google Cloud, which are all American) to hand over data even if the server is based in the EU. However unlikely it may be, this is what a national broadcaster working with highly confidential material might want to prevent. If you work with say investigative journalism, there can be risks to people's lives if the wrong material ends up in the wrong hands. So from a security and TPN perspective, KLASH takes security even more seriously than they require us to. Of course, it's totally up to you if you want to anonymize your video footage or not.